diff --git a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md index 7f6adeea4ce4..cc080ef4b753 100644 --- a/sdk/securityinsight/arm-securityinsight/CHANGELOG.md +++ b/sdk/securityinsight/arm-securityinsight/CHANGELOG.md @@ -1,451 +1,5 @@ # Release History -## 1.0.0-beta.4 (2022-07-11) - -**Features** - - - Added operation group SecurityMLAnalyticsSettings - - Added Interface AADCheckRequirements - - Added Interface AADCheckRequirementsProperties - - Added Interface AADDataConnector - - Added Interface AADDataConnectorProperties - - Added Interface AatpCheckRequirements - - Added Interface AatpCheckRequirementsProperties - - Added Interface AatpDataConnector - - Added Interface AatpDataConnectorProperties - - Added Interface AccountEntity - - Added Interface AccountEntityProperties - - Added Interface ActionRequest - - Added Interface ActionRequestProperties - - Added Interface ActionResponse - - Added Interface ActionResponseProperties - - Added Interface ActivityCustomEntityQuery - - Added Interface ActivityEntityQuery - - Added Interface ActivityEntityQueryTemplate - - Added Interface ActivityTimelineItem - - Added Interface AlertRule - - Added Interface AlertRuleTemplate - - Added Interface AlertRuleTemplateWithMitreProperties - - Added Interface Anomalies - - Added Interface AnomalySecurityMLAnalyticsSettings - - Added Interface AnomalyTimelineItem - - Added Interface ASCCheckRequirements - - Added Interface ASCDataConnector - - Added Interface ASCDataConnectorProperties - - Added Interface AutomationRule - - Added Interface AutomationRuleModifyPropertiesAction - - Added Interface AutomationRulePropertyArrayChangedValuesCondition - - Added Interface AutomationRulePropertyValuesChangedCondition - - Added Interface AutomationRuleRunPlaybookAction - - Added Interface AwsCloudTrailCheckRequirements - - Added Interface AwsCloudTrailDataConnector - - Added Interface AwsCloudTrailDataConnectorDataTypesLogs - - Added Interface AwsS3CheckRequirements - - Added Interface AwsS3DataConnector - - Added Interface AwsS3DataConnectorDataTypesLogs - - Added Interface AzureResourceEntity - - Added Interface AzureResourceEntityProperties - - Added Interface Bookmark - - Added Interface BookmarkTimelineItem - - Added Interface CloudApplicationEntity - - Added Interface CloudApplicationEntityProperties - - Added Interface CodelessApiPollingDataConnector - - Added Interface CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem - - Added Interface CodelessUiConnectorConfigPropertiesDataTypesItem - - Added Interface CodelessUiConnectorConfigPropertiesGraphQueriesItem - - Added Interface CodelessUiConnectorConfigPropertiesInstructionStepsItem - - Added Interface CodelessUiConnectorConfigPropertiesSampleQueriesItem - - Added Interface CodelessUiDataConnector - - Added Interface CustomEntityQuery - - Added Interface Customs - - Added Interface DataConnector - - Added Interface DnsEntity - - Added Interface DnsEntityProperties - - Added Interface Dynamics365CheckRequirements - - Added Interface Dynamics365CheckRequirementsProperties - - Added Interface Dynamics365DataConnector - - Added Interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities - - Added Interface Dynamics365DataConnectorProperties - - Added Interface Entity - - Added Interface EntityAnalytics - - Added Interface EntityQuery - - Added Interface EntityQueryTemplate - - Added Interface ExpansionEntityQuery - - Added Interface EyesOn - - Added Interface FileEntity - - Added Interface FileEntityProperties - - Added Interface FileHashEntity - - Added Interface FileHashEntityProperties - - Added Interface FusionAlertRule - - Added Interface FusionAlertRuleTemplate - - Added Interface GetInsightsErrorKind - - Added Interface HostEntity - - Added Interface HostEntityProperties - - Added Interface HuntingBookmark - - Added Interface HuntingBookmarkProperties - - Added Interface Incident - - Added Interface IncidentComment - - Added Interface InsightQueryItem - - Added Interface InsightQueryItemProperties - - Added Interface InstructionStepsInstructionsItem - - Added Interface IoTCheckRequirements - - Added Interface IoTDataConnector - - Added Interface IoTDataConnectorProperties - - Added Interface IoTDeviceEntity - - Added Interface IoTDeviceEntityProperties - - Added Interface IpEntity - - Added Interface IpEntityProperties - - Added Interface MailboxEntity - - Added Interface MailboxEntityProperties - - Added Interface MailClusterEntity - - Added Interface MailClusterEntityProperties - - Added Interface MailMessageEntity - - Added Interface MailMessageEntityProperties - - Added Interface MalwareEntity - - Added Interface MalwareEntityProperties - - Added Interface McasCheckRequirements - - Added Interface McasCheckRequirementsProperties - - Added Interface McasDataConnector - - Added Interface McasDataConnectorDataTypes - - Added Interface McasDataConnectorProperties - - Added Interface MdatpCheckRequirements - - Added Interface MdatpCheckRequirementsProperties - - Added Interface MdatpDataConnector - - Added Interface MdatpDataConnectorProperties - - Added Interface MetadataModel - - Added Interface MetadataPatch - - Added Interface MicrosoftSecurityIncidentCreationAlertRule - - Added Interface MicrosoftSecurityIncidentCreationAlertRuleProperties - - Added Interface MicrosoftSecurityIncidentCreationAlertRuleTemplate - - Added Interface MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - - Added Interface MLBehaviorAnalyticsAlertRule - - Added Interface MLBehaviorAnalyticsAlertRuleTemplate - - Added Interface MLBehaviorAnalyticsAlertRuleTemplateProperties - - Added Interface MstiCheckRequirements - - Added Interface MstiCheckRequirementsProperties - - Added Interface MstiDataConnector - - Added Interface MstiDataConnectorDataTypesBingSafetyPhishingURL - - Added Interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed - - Added Interface MstiDataConnectorProperties - - Added Interface MtpCheckRequirements - - Added Interface MTPCheckRequirementsProperties - - Added Interface MTPDataConnector - - Added Interface MTPDataConnectorDataTypesIncidents - - Added Interface MTPDataConnectorProperties - - Added Interface NicEntity - - Added Interface NicEntityProperties - - Added Interface NrtAlertRule - - Added Interface NrtAlertRuleTemplate - - Added Interface NrtAlertRuleTemplateProperties - - Added Interface Office365ProjectCheckRequirements - - Added Interface Office365ProjectCheckRequirementsProperties - - Added Interface Office365ProjectConnectorDataTypesLogs - - Added Interface Office365ProjectDataConnector - - Added Interface Office365ProjectDataConnectorProperties - - Added Interface OfficeATPCheckRequirements - - Added Interface OfficeATPCheckRequirementsProperties - - Added Interface OfficeATPDataConnector - - Added Interface OfficeATPDataConnectorProperties - - Added Interface OfficeConsent - - Added Interface OfficeDataConnector - - Added Interface OfficeDataConnectorDataTypesExchange - - Added Interface OfficeDataConnectorDataTypesSharePoint - - Added Interface OfficeDataConnectorDataTypesTeams - - Added Interface OfficeDataConnectorProperties - - Added Interface OfficeIRMCheckRequirements - - Added Interface OfficeIRMCheckRequirementsProperties - - Added Interface OfficeIRMDataConnector - - Added Interface OfficeIRMDataConnectorProperties - - Added Interface OfficePowerBICheckRequirements - - Added Interface OfficePowerBICheckRequirementsProperties - - Added Interface OfficePowerBIConnectorDataTypesLogs - - Added Interface OfficePowerBIDataConnector - - Added Interface OfficePowerBIDataConnectorProperties - - Added Interface PermissionsCustomsItem - - Added Interface PermissionsResourceProviderItem - - Added Interface ProcessEntity - - Added Interface ProcessEntityProperties - - Added Interface PropertyArrayChangedConditionProperties - - Added Interface PropertyChangedConditionProperties - - Added Interface PropertyConditionProperties - - Added Interface RegistryKeyEntity - - Added Interface RegistryKeyEntityProperties - - Added Interface RegistryValueEntity - - Added Interface RegistryValueEntityProperties - - Added Interface Relation - - Added Interface ResourceWithEtag - - Added Interface ScheduledAlertRule - - Added Interface ScheduledAlertRuleProperties - - Added Interface ScheduledAlertRuleTemplate - - Added Interface SecurityAlert - - Added Interface SecurityAlertProperties - - Added Interface SecurityAlertTimelineItem - - Added Interface SecurityGroupEntity - - Added Interface SecurityGroupEntityProperties - - Added Interface SecurityMLAnalyticsSetting - - Added Interface SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams - - Added Interface SecurityMLAnalyticsSettingsDataSource - - Added Interface SecurityMLAnalyticsSettingsDeleteOptionalParams - - Added Interface SecurityMLAnalyticsSettingsGetOptionalParams - - Added Interface SecurityMLAnalyticsSettingsList - - Added Interface SecurityMLAnalyticsSettingsListNextOptionalParams - - Added Interface SecurityMLAnalyticsSettingsListOptionalParams - - Added Interface SentinelOnboardingState - - Added Interface Settings - - Added Interface SourceControl - - Added Interface SubmissionMailEntity - - Added Interface SubmissionMailEntityProperties - - Added Interface ThreatIntelligenceAlertRule - - Added Interface ThreatIntelligenceAlertRuleTemplate - - Added Interface ThreatIntelligenceAlertRuleTemplateProperties - - Added Interface ThreatIntelligenceIndicatorModel - - Added Interface ThreatIntelligenceIndicatorProperties - - Added Interface ThreatIntelligenceInformation - - Added Interface TICheckRequirements - - Added Interface TICheckRequirementsProperties - - Added Interface TIDataConnector - - Added Interface TIDataConnectorDataTypesIndicators - - Added Interface TIDataConnectorProperties - - Added Interface TiTaxiiCheckRequirements - - Added Interface TiTaxiiCheckRequirementsProperties - - Added Interface TiTaxiiDataConnector - - Added Interface TiTaxiiDataConnectorDataTypesTaxiiClient - - Added Interface TiTaxiiDataConnectorProperties - - Added Interface Ueba - - Added Interface UrlEntity - - Added Interface UrlEntityProperties - - Added Interface Watchlist - - Added Interface WatchlistItem - - Added Type Alias AutomationRulePropertyArrayChangedConditionSupportedArrayType - - Added Type Alias AutomationRulePropertyArrayChangedConditionSupportedChangeType - - Added Type Alias AutomationRulePropertyChangedConditionSupportedChangedType - - Added Type Alias AutomationRulePropertyChangedConditionSupportedPropertyType - - Added Type Alias DeviceImportance - - Added Type Alias EntityProviders - - Added Type Alias Enum13 - - Added Type Alias GetInsightsError - - Added Type Alias SecurityMLAnalyticsSettingsCreateOrUpdateResponse - - Added Type Alias SecurityMLAnalyticsSettingsGetResponse - - Added Type Alias SecurityMLAnalyticsSettingsKind - - Added Type Alias SecurityMLAnalyticsSettingsListNextResponse - - Added Type Alias SecurityMLAnalyticsSettingsListResponse - - Added Type Alias SecurityMLAnalyticsSettingUnion - - Added Type Alias SettingsStatus - - Interface DataConnectorConnectBody has a new optional parameter dataCollectionEndpoint - - Interface DataConnectorConnectBody has a new optional parameter dataCollectionRuleImmutableId - - Interface DataConnectorConnectBody has a new optional parameter outputStream - - Class SecurityInsights has a new parameter securityMLAnalyticsSettings - - Added Enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType - - Added Enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType - - Added Enum KnownAutomationRulePropertyChangedConditionSupportedChangedType - - Added Enum KnownAutomationRulePropertyChangedConditionSupportedPropertyType - - Added Enum KnownDeviceImportance - - Added Enum KnownEntityProviders - - Added Enum KnownEnum13 - - Added Enum KnownGetInsightsError - - Added Enum KnownSecurityMLAnalyticsSettingsKind - - Added Enum KnownSettingsStatus - - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value AlertAnalyticRuleIds - - Enum KnownConditionType has a new value PropertyArrayChanged - - Enum KnownConditionType has a new value PropertyChanged - - Enum KnownEntityKind has a new value Nic - - Enum KnownEntityTimelineKind has a new value Anomaly - - Enum KnownEntityType has a new value Nic - - Enum KnownTriggersOn has a new value Alerts - - Enum KnownTriggersWhen has a new value Updated - -**Breaking Changes** - - - Removed Enum KnownEnum12 - - Removed Enum KnownProvisioningState - - Removed Enum KnownSkuKind - - -## 1.0.0-beta.3 (2022-05-16) - -**Features** - - - Added Type Alias ProvisioningState - - Type Alias Watchlist has a new parameter sasUri - - Type Alias Watchlist has a new parameter provisioningState - - Added Enum KnownProvisioningState - -**Breaking Changes** - - - Type Alias WatchlistItem no longer has parameter itemsKeyValue - - Type Alias WatchlistItem no longer has parameter entityMapping - - -## 1.0.0-beta.2 (2022-03-17) - -**Features** - - - Added operation Incidents.runPlaybook - - Added Interface AutomationRulePropertyValuesCondition - - Added Interface AzureDevOpsResourceInfo - - Added Interface BookmarkEntityMappings - - Added Interface Deployment - - Added Interface DeploymentInfo - - Added Interface EntityFieldMapping - - Added Interface FusionScenarioExclusionPattern - - Added Interface FusionSourceSettings - - Added Interface FusionSourceSubTypeSetting - - Added Interface FusionSubTypeSeverityFilter - - Added Interface FusionSubTypeSeverityFiltersItem - - Added Interface FusionTemplateSourceSetting - - Added Interface FusionTemplateSourceSubType - - Added Interface FusionTemplateSubTypeSeverityFilter - - Added Interface GitHubResourceInfo - - Added Interface IncidentPropertiesAction - - Added Interface IncidentsRunPlaybookOptionalParams - - Added Interface ManualTriggerRequestBody - - Added Interface Office365ProjectConnectorDataTypes - - Added Interface OfficePowerBIConnectorDataTypes - - Added Interface PlaybookActionProperties - - Added Interface RepositoryResourceInfo - - Added Interface WatchlistsCreateOrUpdateHeaders - - Added Interface WatchlistsDeleteHeaders - - Added Interface Webhook - - Added Type Alias ActionType - - Added Type Alias AlertRuleTemplateWithMitreProperties - - Added Type Alias AutomationRulesDeleteResponse - - Added Type Alias ConditionType - - Added Type Alias DeploymentFetchStatus - - Added Type Alias DeploymentResult - - Added Type Alias DeploymentState - - Added Type Alias Enum12 - - Added Type Alias IncidentsRunPlaybookResponse - - Added Type Alias IoTCheckRequirements - - Added Type Alias IoTDataConnector - - Added Type Alias IoTDataConnectorProperties - - Added Type Alias Office365ProjectCheckRequirements - - Added Type Alias Office365ProjectCheckRequirementsProperties - - Added Type Alias Office365ProjectConnectorDataTypesLogs - - Added Type Alias Office365ProjectDataConnector - - Added Type Alias Office365ProjectDataConnectorProperties - - Added Type Alias OfficePowerBICheckRequirements - - Added Type Alias OfficePowerBICheckRequirementsProperties - - Added Type Alias OfficePowerBIConnectorDataTypesLogs - - Added Type Alias OfficePowerBIDataConnector - - Added Type Alias OfficePowerBIDataConnectorProperties - - Added Type Alias PropertyConditionProperties - - Added Type Alias SourceType - - Added Type Alias Version - - Added Type Alias WatchlistsDeleteResponse - - Interface AutomationRulesCreateOrUpdateOptionalParams has a new optional parameter automationRuleToUpsert - - Interface IncidentAdditionalData has a new optional parameter providerIncidentUrl - - Interface IncidentAdditionalData has a new optional parameter techniques - - Interface ScheduledAlertRuleCommonProperties has a new optional parameter alertDetailsOverride - - Interface ScheduledAlertRuleCommonProperties has a new optional parameter customDetails - - Interface ScheduledAlertRuleCommonProperties has a new optional parameter entityMappings - - Interface ScheduledAlertRuleCommonProperties has a new optional parameter query - - Interface ScheduledAlertRuleCommonProperties has a new optional parameter severity - - Interface WatchlistItemsListNextOptionalParams has a new optional parameter skipToken - - Interface WatchlistItemsListOptionalParams has a new optional parameter skipToken - - Interface WatchlistsListNextOptionalParams has a new optional parameter skipToken - - Interface WatchlistsListOptionalParams has a new optional parameter skipToken - - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties - - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias NrtAlertRuleTemplateProperties - - Add parameters of AlertRuleTemplateWithMitreProperties to TypeAlias ThreatIntelligenceAlertRuleTemplateProperties - - Type Alias Bookmark has a new parameter entityMappings - - Type Alias Bookmark has a new parameter tactics - - Type Alias Bookmark has a new parameter techniques - - Type Alias FusionAlertRule has a new parameter sourceSettings - - Type Alias FusionAlertRule has a new parameter scenarioExclusionPatterns - - Type Alias FusionAlertRule has a new parameter techniques - - Type Alias FusionAlertRuleTemplate has a new parameter techniques - - Type Alias FusionAlertRuleTemplate has a new parameter sourceSettings - - Type Alias MetadataModel has a new parameter customVersion - - Type Alias MetadataModel has a new parameter contentSchemaVersion - - Type Alias MetadataModel has a new parameter icon - - Type Alias MetadataModel has a new parameter threatAnalysisTactics - - Type Alias MetadataModel has a new parameter threatAnalysisTechniques - - Type Alias MetadataModel has a new parameter previewImages - - Type Alias MetadataModel has a new parameter previewImagesDark - - Type Alias MetadataPatch has a new parameter customVersion - - Type Alias MetadataPatch has a new parameter contentSchemaVersion - - Type Alias MetadataPatch has a new parameter icon - - Type Alias MetadataPatch has a new parameter threatAnalysisTactics - - Type Alias MetadataPatch has a new parameter threatAnalysisTechniques - - Type Alias MetadataPatch has a new parameter previewImages - - Type Alias MetadataPatch has a new parameter previewImagesDark - - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesFilter - - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter displayNamesExcludeFilter - - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter productFilter - - Type Alias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties has a new parameter severitiesFilter - - Type Alias MLBehaviorAnalyticsAlertRule has a new parameter techniques - - Type Alias MLBehaviorAnalyticsAlertRuleTemplate has a new parameter techniques - - Type Alias NrtAlertRule has a new parameter techniques - - Type Alias NrtAlertRuleTemplate has a new parameter techniques - - Type Alias ScheduledAlertRule has a new parameter techniques - - Type Alias ScheduledAlertRuleProperties has a new parameter alertRuleTemplateName - - Type Alias ScheduledAlertRuleProperties has a new parameter templateVersion - - Type Alias ScheduledAlertRuleProperties has a new parameter description - - Type Alias ScheduledAlertRuleProperties has a new parameter lastModifiedUtc - - Type Alias ScheduledAlertRuleProperties has a new parameter tactics - - Type Alias ScheduledAlertRuleProperties has a new parameter techniques - - Type Alias ScheduledAlertRuleProperties has a new parameter incidentConfiguration - - Type Alias ScheduledAlertRuleTemplate has a new parameter techniques - - Type Alias SourceControl has a new parameter version - - Type Alias SourceControl has a new parameter repositoryResourceInfo - - Type Alias SourceControl has a new parameter lastDeploymentInfo - - Type Alias ThreatIntelligenceAlertRule has a new parameter techniques - - Type Alias ThreatIntelligenceAlertRuleTemplate has a new parameter techniques - - Type Alias Watchlist has a new parameter sourceType - - Added Enum KnownActionType - - Added Enum KnownConditionType - - Added Enum KnownDeploymentFetchStatus - - Added Enum KnownDeploymentResult - - Added Enum KnownDeploymentState - - Added Enum KnownEnum12 - - Added Enum KnownSourceType - - Added Enum KnownVersion - - Enum KnownAttackTactic has a new value ImpairProcessControl - - Enum KnownAttackTactic has a new value InhibitResponseFunction - - Enum KnownAttackTactic has a new value Reconnaissance - - Enum KnownAttackTactic has a new value ResourceDevelopment - - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value AlertProductNames - - Enum KnownAutomationRulePropertyConditionSupportedProperty has a new value IncidentLabel - - Enum KnownDataConnectorKind has a new value IOT - - Enum KnownDataConnectorKind has a new value Office365Project - - Enum KnownDataConnectorKind has a new value OfficePowerBI - - Enum KnownIncidentLabelType has a new value AutoAssigned - - Enum KnownKind has a new value AutomationRule - - Enum KnownKind has a new value AzureFunction - - Enum KnownKind has a new value LogicAppsCustomConnector - -**Breaking Changes** - - - Operation AutomationRules.createOrUpdate has a new signature - - Operation ThreatIntelligenceIndicator.create has a new signature - - Operation ThreatIntelligenceIndicator.createIndicator has a new signature - - Operation ThreatIntelligenceIndicator.replaceTags has a new signature - - Interface QueryBasedAlertRuleTemplateProperties no longer has parameter tactics - - Delete parameters of MicrosoftSecurityIncidentCreationAlertRuleCommonProperties in TypeAlias MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias MLBehaviorAnalyticsAlertRuleTemplateProperties - - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias NrtAlertRuleTemplateProperties - - Delete parameters of QueryBasedAlertRuleProperties in TypeAlias ScheduledAlertRuleProperties - - Delete parameters of AlertRuleTemplatePropertiesBase in TypeAlias ThreatIntelligenceAlertRuleTemplateProperties - - Delete parameters of ThreatIntelligenceResourceKind in TypeAlias ThreatIntelligenceInformation - - Type Alias MLBehaviorAnalyticsAlertRuleTemplateProperties no longer has parameter tactics - - Type Alias ThreatIntelligenceAlertRuleTemplateProperties no longer has parameter tactics - - Type Alias Watchlist no longer has parameter watchlistItemsCount - - Type Alias ScheduledAlertRuleProperties has a new parameter displayName - - Type Alias ScheduledAlertRuleProperties has a new parameter enabled - - Type Alias ScheduledAlertRuleProperties has a new parameter suppressionDuration - - Type Alias ScheduledAlertRuleProperties has a new parameter suppressionEnabled - - Type Alias ThreatIntelligenceInformation has a new parameter kind - - Parameter displayName of Type Alias AutomationRule is now required - - Parameter order of Type Alias AutomationRule is now required - - Parameter triggeringLogic of Type Alias AutomationRule is now required - - Parameter actions of Type Alias AutomationRule is now required - - Removed Enum KnownAutomationRuleActionType - - Removed Enum KnownAutomationRuleConditionType - - Removed Enum KnownEnum8 - - Removed Enum KnownSource - - Enum KnownIncidentLabelType no longer has value System - - -## 1.0.0-beta.1 (2022-01-19) +## 1.0.0 (2022-07-25) The package of @azure/arm-securityinsight is using our next generation design principles. To learn more, please refer to our documentation [Quick Start](https://aka.ms/js-track2-quickstart). diff --git a/sdk/securityinsight/arm-securityinsight/README.md b/sdk/securityinsight/arm-securityinsight/README.md index 7181392099b1..d108f4fd14d2 100644 --- a/sdk/securityinsight/arm-securityinsight/README.md +++ b/sdk/securityinsight/arm-securityinsight/README.md @@ -1,12 +1,12 @@ -# Azure SecurityInsights client library for JavaScript +# Azure Service client library for JavaScript -This package contains an isomorphic SDK (runs both in Node.js and in browsers) for Azure SecurityInsights client. +This package contains an isomorphic SDK (runs both in Node.js and in browsers) for Azure Service client. API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider [Source code](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/securityinsight/arm-securityinsight) | [Package (NPM)](https://www.npmjs.com/package/@azure/arm-securityinsight) | -[API reference documentation](https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight?view=azure-node-preview) | +[API reference documentation](https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight) | [Samples](https://github.com/Azure-Samples/azure-samples-js-management) ## Getting started @@ -24,7 +24,7 @@ See our [support policy](https://github.com/Azure/azure-sdk-for-js/blob/main/SUP ### Install the `@azure/arm-securityinsight` package -Install the Azure SecurityInsights client library for JavaScript with `npm`: +Install the Azure Service client library for JavaScript with `npm`: ```bash npm install @azure/arm-securityinsight @@ -32,8 +32,8 @@ npm install @azure/arm-securityinsight ### Create and authenticate a `SecurityInsights` -To create a client object to access the Azure SecurityInsights API, you will need the `endpoint` of your Azure SecurityInsights resource and a `credential`. The Azure SecurityInsights client can use Azure Active Directory credentials to authenticate. -You can find the endpoint for your Azure SecurityInsights resource in the [Azure Portal][azure_portal]. +To create a client object to access the Azure Service API, you will need the `endpoint` of your Azure Service resource and a `credential`. The Azure Service client can use Azure Active Directory credentials to authenticate. +You can find the endpoint for your Azure Service resource in the [Azure Portal][azure_portal]. You can authenticate with Azure Active Directory using a credential from the [@azure/identity][azure_identity] library or [an existing AAD Token](https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/samples/AzureIdentityExamples.md#authenticating-with-a-pre-fetched-access-token). @@ -43,7 +43,7 @@ To use the [DefaultAzureCredential][defaultazurecredential] provider shown below npm install @azure/identity ``` -You will also need to **register a new AAD application and grant access to Azure SecurityInsights** by assigning the suitable role to your service principal (note: roles such as `"Owner"` will not grant the necessary permissions). +You will also need to **register a new AAD application and grant access to Azure Service** by assigning the suitable role to your service principal (note: roles such as `"Owner"` will not grant the necessary permissions). Set the values of the client ID, tenant ID, and client secret of the AAD application as environment variables: `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`. For more information about how to create an Azure AD Application check out [this guide](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal). @@ -72,7 +72,7 @@ To use this client library in the browser, first you need to use a bundler. For ### SecurityInsights -`SecurityInsights` is the primary interface for developers using the Azure SecurityInsights client library. Explore the methods on this client object to understand the different features of the Azure SecurityInsights service that you can access. +`SecurityInsights` is the primary interface for developers using the Azure Service client library. Explore the methods on this client object to understand the different features of the Azure Service service that you can access. ## Troubleshooting diff --git a/sdk/securityinsight/arm-securityinsight/_meta.json b/sdk/securityinsight/arm-securityinsight/_meta.json index 3a1a3722b6bc..e871a1689ac5 100644 --- a/sdk/securityinsight/arm-securityinsight/_meta.json +++ b/sdk/securityinsight/arm-securityinsight/_meta.json @@ -1,8 +1,8 @@ { - "commit": "64496bd64b0376dc4b45e3193a39f7bcdd4b28da", + "commit": "66a0bc41372eadefc35b8985dafe84bfdf064a68", "readme": "specification/securityinsights/resource-manager/readme.md", - "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --azure-arm --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=D:\\Git\\azure-sdk-for-js ..\\azure-rest-api-specs\\specification\\securityinsights\\resource-manager\\readme.md --use=@autorest/typescript@6.0.0-rc.1.20220707.1 --generate-sample=true", + "autorest_command": "autorest --version=3.7.3 --typescript --modelerfour.lenient-model-deduplication --azure-arm --head-as-boolean=true --license-header=MICROSOFT_MIT_NO_VERSION --generate-test --typescript-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-js ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md --use=@autorest/typescript@6.0.0-alpha.19.20220425.1", "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", "release_tool": "@azure-tools/js-sdk-release-tools@2.4.0", - "use": "@autorest/typescript@6.0.0-rc.1.20220707.1" + "use": "@autorest/typescript@6.0.0-alpha.19.20220425.1" } \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/package.json b/sdk/securityinsight/arm-securityinsight/package.json index 65eef11c5416..901fe0f8737f 100644 --- a/sdk/securityinsight/arm-securityinsight/package.json +++ b/sdk/securityinsight/arm-securityinsight/package.json @@ -3,7 +3,7 @@ "sdk-type": "mgmt", "author": "Microsoft Corporation", "description": "A generated SDK for SecurityInsights.", - "version": "1.0.0-beta.4", + "version": "1.0.0", "engines": { "node": ">=12.0.0" }, @@ -41,8 +41,6 @@ "@azure-tools/test-recorder": "^2.0.0", "@azure-tools/test-credential": "^1.0.0", "mocha": "^7.1.1", - "@types/chai": "^4.2.8", - "chai": "^4.2.0", "cross-env": "^7.0.2", "@azure/dev-tool": "^1.0.0" }, @@ -96,7 +94,8 @@ "unit-test:browser": "echo skipped", "integration-test": "npm run integration-test:node && npm run integration-test:browser", "integration-test:node": "dev-tool run test:node-ts-input -- --timeout 1200000 'test/*.ts'", - "integration-test:browser": "echo skipped" + "integration-test:browser": "echo skipped", + "docs": "echo skipped" }, "sideEffects": false, "//metadata": { @@ -107,13 +106,5 @@ } ] }, - "autoPublish": true, - "//sampleConfiguration": { - "productName": "", - "productSlugs": [ - "azure" - ], - "disableDocsMs": true, - "apiRefLink": "https://docs.microsoft.com/javascript/api/@azure/arm-securityinsight?view=azure-node-preview" - } + "autoPublish": true } \ No newline at end of file diff --git a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md index 0fc0b87afde0..e1efd5775f7f 100644 --- a/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md +++ b/sdk/securityinsight/arm-securityinsight/review/arm-securityinsight.api.md @@ -9,56 +9,27 @@ import * as coreClient from '@azure/core-client'; import { PagedAsyncIterableIterator } from '@azure/core-paging'; // @public -export interface AADCheckRequirements extends DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory"; +export type AADDataConnector = DataConnector & { tenantId?: string; -} - -// @public -export interface AADCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface AADDataConnector extends DataConnector { dataTypes?: AlertsDataTypeOfDataConnector; - tenantId?: string; -} +}; // @public -export interface AADDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties { -} - -// @public -export interface AatpCheckRequirements extends DataConnectorsCheckRequirements { - kind: "AzureAdvancedThreatProtection"; +export type AatpDataConnector = DataConnector & { tenantId?: string; -} - -// @public -export interface AatpCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface AatpDataConnector extends DataConnector { dataTypes?: AlertsDataTypeOfDataConnector; - tenantId?: string; -} - -// @public -export interface AatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties { -} +}; // @public -export interface AccountEntity extends Entity { - readonly aadTenantId?: string; - readonly aadUserId?: string; - readonly accountName?: string; +export type AccountEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; - readonly displayName?: string; - readonly dnsDomain?: string; readonly friendlyName?: string; + readonly aadTenantId?: string; + readonly aadUserId?: string; + readonly accountName?: string; + readonly displayName?: string; readonly hostEntityId?: string; readonly isDomainJoined?: boolean; readonly ntDomain?: string; @@ -66,15 +37,15 @@ export interface AccountEntity extends Entity { readonly puid?: string; readonly sid?: string; readonly upnSuffix?: string; -} + readonly dnsDomain?: string; +}; // @public -export interface AccountEntityProperties extends EntityCommonProperties { +export type AccountEntityProperties = EntityCommonProperties & { readonly aadTenantId?: string; readonly aadUserId?: string; readonly accountName?: string; readonly displayName?: string; - readonly dnsDomain?: string; readonly hostEntityId?: string; readonly isDomainJoined?: boolean; readonly ntDomain?: string; @@ -82,7 +53,8 @@ export interface AccountEntityProperties extends EntityCommonProperties { readonly puid?: string; readonly sid?: string; readonly upnSuffix?: string; -} + readonly dnsDomain?: string; +}; // @public export interface ActionPropertiesBase { @@ -90,26 +62,27 @@ export interface ActionPropertiesBase { } // @public -export interface ActionRequest extends ResourceWithEtag { +export type ActionRequest = ResourceWithEtag & { logicAppResourceId?: string; triggerUri?: string; -} +}; // @public -export interface ActionRequestProperties extends ActionPropertiesBase { +export type ActionRequestProperties = ActionPropertiesBase & { triggerUri: string; -} +}; // @public -export interface ActionResponse extends ResourceWithEtag { +export type ActionResponse = Resource & { + etag?: string; logicAppResourceId?: string; workflowId?: string; -} +}; // @public -export interface ActionResponseProperties extends ActionPropertiesBase { +export type ActionResponseProperties = ActionPropertiesBase & { workflowId?: string; -} +}; // @public export interface Actions { @@ -160,77 +133,6 @@ export type ActionsListByAlertRuleResponse = ActionsList; // @public export type ActionType = string; -// @public -export interface ActivityCustomEntityQuery extends CustomEntityQuery { - content?: string; - readonly createdTimeUtc?: Date; - description?: string; - enabled?: boolean; - entitiesFilter?: { - [propertyName: string]: string[]; - }; - inputEntityType?: EntityType; - readonly lastModifiedTimeUtc?: Date; - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - requiredInputFieldsSets?: string[][]; - templateName?: string; - title?: string; -} - -// @public -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - query?: string; -} - -// @public -export interface ActivityEntityQuery extends EntityQuery { - content?: string; - readonly createdTimeUtc?: Date; - description?: string; - enabled?: boolean; - entitiesFilter?: { - [propertyName: string]: string[]; - }; - inputEntityType?: EntityType; - readonly lastModifiedTimeUtc?: Date; - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - requiredInputFieldsSets?: string[][]; - templateName?: string; - title?: string; -} - -// @public -export interface ActivityEntityQueryTemplate extends EntityQueryTemplate { - content?: string; - dataTypes?: DataTypeDefinitions[]; - description?: string; - entitiesFilter?: { - [propertyName: string]: string[]; - }; - inputEntityType?: EntityType; - queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; - requiredInputFieldsSets?: string[][]; - title?: string; -} - -// @public -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - query?: string; - summarizeBy?: string; -} - -// @public -export interface ActivityTimelineItem extends EntityTimelineItem { - bucketEndTimeUTC: Date; - bucketStartTimeUTC: Date; - content: string; - firstActivityTimeUTC: Date; - kind: "Activity"; - lastActivityTimeUTC: Date; - queryId: string; - title: string; -} - // @public export type AlertDetail = string; @@ -243,9 +145,9 @@ export interface AlertDetailsOverride { } // @public -export interface AlertRule extends ResourceWithEtag { +export type AlertRule = ResourceWithEtag & { kind: AlertRuleKind; -} +}; // @public export type AlertRuleKind = string; @@ -297,9 +199,9 @@ export interface AlertRulesListOptionalParams extends coreClient.OperationOption export type AlertRulesListResponse = AlertRulesList; // @public -export interface AlertRuleTemplate extends Resource { +export type AlertRuleTemplate = Resource & { kind: AlertRuleKind; -} +}; // @public export interface AlertRuleTemplateDataSource { @@ -307,17 +209,6 @@ export interface AlertRuleTemplateDataSource { dataTypes?: string[]; } -// @public -export interface AlertRuleTemplatePropertiesBase { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - readonly lastUpdatedDateUTC?: Date; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - status?: TemplateStatus; -} - // @public export interface AlertRuleTemplates { get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: AlertRuleTemplatesGetOptionalParams): Promise; @@ -352,20 +243,14 @@ export interface AlertRuleTemplatesListOptionalParams extends coreClient.Operati export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList; // @public (undocumented) -export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate; - -// @public -export interface AlertRuleTemplateWithMitreProperties extends AlertRuleTemplatePropertiesBase { - tactics?: AttackTactic[]; - techniques?: string[]; -} +export type AlertRuleTemplateUnion = AlertRuleTemplate | FusionAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate; // @public (undocumented) -export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule; +export type AlertRuleUnion = AlertRule | FusionAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule; // @public export interface AlertsDataTypeOfDataConnector { - alerts: DataConnectorDataTypeCommon; + alerts?: DataConnectorDataTypeCommon; } // @public @@ -374,79 +259,34 @@ export type AlertSeverity = string; // @public export type AlertStatus = string; -// @public -export interface Anomalies extends Settings { - readonly isEnabled?: boolean; -} - -// @public -export interface AnomalySecurityMLAnalyticsSettings extends SecurityMLAnalyticsSetting { - anomalySettingsVersion?: number; - anomalyVersion?: string; - customizableObservations?: Record; - description?: string; - displayName?: string; - enabled?: boolean; - frequency?: string; - isDefaultSettings?: boolean; - readonly lastModifiedUtc?: Date; - requiredDataConnectors?: SecurityMLAnalyticsSettingsDataSource[]; - settingsDefinitionId?: string; - settingsStatus?: SettingsStatus; - tactics?: AttackTactic[]; - techniques?: string[]; -} - -// @public -export interface AnomalyTimelineItem extends EntityTimelineItem { - azureResourceId: string; - description?: string; - displayName: string; - endTimeUtc: Date; - intent?: string; - kind: "Anomaly"; - productName?: string; - reasons?: string[]; - startTimeUtc: Date; - techniques?: string[]; - timeGenerated: Date; - vendor?: string; -} - // @public export type AntispamMailDirection = string; // @public -export interface ASCCheckRequirements extends DataConnectorsCheckRequirements { - kind: "AzureSecurityCenter"; - subscriptionId?: string; -} - -// @public -export interface ASCDataConnector extends DataConnector { +export type ASCDataConnector = DataConnector & { dataTypes?: AlertsDataTypeOfDataConnector; subscriptionId?: string; -} +}; // @public -export interface ASCDataConnectorProperties extends DataConnectorWithAlertsProperties { +export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { subscriptionId?: string; -} +}; // @public export type AttackTactic = string; // @public (undocumented) -export interface AutomationRule extends ResourceWithEtag { - actions: AutomationRuleActionUnion[]; - readonly createdBy?: ClientInfo; - readonly createdTimeUtc?: Date; +export type AutomationRule = ResourceWithEtag & { displayName: string; - readonly lastModifiedBy?: ClientInfo; - readonly lastModifiedTimeUtc?: Date; order: number; triggeringLogic: AutomationRuleTriggeringLogic; -} + actions: AutomationRuleActionUnion[]; + readonly lastModifiedTimeUtc?: Date; + readonly createdTimeUtc?: Date; + readonly lastModifiedBy?: ClientInfo; + readonly createdBy?: ClientInfo; +}; // @public export interface AutomationRuleAction { @@ -460,38 +300,17 @@ export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleMod // @public export interface AutomationRuleCondition { - conditionType: "PropertyArrayChanged" | "PropertyChanged" | "Property"; + conditionType: "Property"; } // @public (undocumented) -export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties; +export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties; // @public -export interface AutomationRuleModifyPropertiesAction extends AutomationRuleAction { - // (undocumented) - actionConfiguration?: IncidentPropertiesAction; +export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { actionType: "ModifyProperties"; -} - -// @public -export type AutomationRulePropertyArrayChangedConditionSupportedArrayType = string; - -// @public -export type AutomationRulePropertyArrayChangedConditionSupportedChangeType = string; - -// @public (undocumented) -export interface AutomationRulePropertyArrayChangedValuesCondition { - // (undocumented) - arrayType?: AutomationRulePropertyArrayChangedConditionSupportedArrayType; - // (undocumented) - changeType?: AutomationRulePropertyArrayChangedConditionSupportedChangeType; -} - -// @public -export type AutomationRulePropertyChangedConditionSupportedChangedType = string; - -// @public -export type AutomationRulePropertyChangedConditionSupportedPropertyType = string; + actionConfiguration?: IncidentPropertiesAction; +}; // @public export type AutomationRulePropertyConditionSupportedOperator = string; @@ -499,18 +318,6 @@ export type AutomationRulePropertyConditionSupportedOperator = string; // @public export type AutomationRulePropertyConditionSupportedProperty = string; -// @public (undocumented) -export interface AutomationRulePropertyValuesChangedCondition { - // (undocumented) - changeType?: AutomationRulePropertyChangedConditionSupportedChangedType; - // (undocumented) - operator?: AutomationRulePropertyConditionSupportedOperator; - // (undocumented) - propertyName?: AutomationRulePropertyChangedConditionSupportedPropertyType; - // (undocumented) - propertyValues?: string[]; -} - // @public (undocumented) export interface AutomationRulePropertyValuesCondition { // (undocumented) @@ -521,11 +328,10 @@ export interface AutomationRulePropertyValuesCondition { } // @public -export interface AutomationRuleRunPlaybookAction extends AutomationRuleAction { - // (undocumented) - actionConfiguration?: PlaybookActionProperties; +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { actionType: "RunPlaybook"; -} + actionConfiguration?: PlaybookActionProperties; +}; // @public export interface AutomationRules { @@ -591,126 +397,51 @@ export interface AutomationRuleTriggeringLogic { } // @public -export interface Availability { - isPreview?: boolean; - status?: 1; -} - -// @public -export interface AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequirements { - kind: "AmazonWebServicesCloudTrail"; -} - -// @public -export interface AwsCloudTrailDataConnector extends DataConnector { +export type AwsCloudTrailDataConnector = DataConnector & { awsRoleArn?: string; dataTypes?: AwsCloudTrailDataConnectorDataTypes; -} +}; // @public export interface AwsCloudTrailDataConnectorDataTypes { - logs: AwsCloudTrailDataConnectorDataTypesLogs; -} - -// @public -export interface AwsCloudTrailDataConnectorDataTypesLogs extends DataConnectorDataTypeCommon { -} - -// @public -export interface AwsS3CheckRequirements extends DataConnectorsCheckRequirements { - kind: "AmazonWebServicesS3"; -} - -// @public -export interface AwsS3DataConnector extends DataConnector { - dataTypes?: AwsS3DataConnectorDataTypes; - destinationTable?: string; - roleArn?: string; - sqsUrls?: string[]; -} - -// @public -export interface AwsS3DataConnectorDataTypes { - logs: AwsS3DataConnectorDataTypesLogs; -} - -// @public -export interface AwsS3DataConnectorDataTypesLogs extends DataConnectorDataTypeCommon { + logs?: AwsCloudTrailDataConnectorDataTypesLogs; } // @public -export interface AzureDevOpsResourceInfo { - pipelineId?: string; - serviceConnectionId?: string; -} +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; // @public -export interface AzureResourceEntity extends Entity { +export type AzureResourceEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; readonly friendlyName?: string; readonly resourceId?: string; readonly subscriptionId?: string; -} +}; // @public -export interface AzureResourceEntityProperties extends EntityCommonProperties { +export type AzureResourceEntityProperties = EntityCommonProperties & { readonly resourceId?: string; readonly subscriptionId?: string; -} +}; // @public -export interface Bookmark extends ResourceWithEtag { +export type Bookmark = ResourceWithEtag & { created?: Date; createdBy?: UserInfo; displayName?: string; - entityMappings?: BookmarkEntityMappings[]; - eventTime?: Date; - incidentInfo?: IncidentInfo; labels?: string[]; notes?: string; query?: string; - queryEndTime?: Date; queryResult?: string; - queryStartTime?: Date; - tactics?: AttackTactic[]; - techniques?: string[]; updated?: Date; updatedBy?: UserInfo; -} - -// @public -export interface BookmarkEntityMappings { - entityType?: string; - fieldMappings?: EntityFieldMapping[]; -} - -// @public -export type BookmarkExpandOperationResponse = BookmarkExpandResponse; - -// @public -export interface BookmarkExpandOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface BookmarkExpandParameters { - endTime?: Date; - expansionId?: string; - startTime?: Date; -} - -// @public -export interface BookmarkExpandResponse { - metaData?: ExpansionResultsMetadata; - value?: BookmarkExpandResponseValue; -} - -// @public -export interface BookmarkExpandResponseValue { - edges?: ConnectedEntity[]; - entities?: EntityUnion[]; -} + eventTime?: Date; + queryStartTime?: Date; + queryEndTime?: Date; + incidentInfo?: IncidentInfo; +}; // @public export interface BookmarkList { @@ -718,59 +449,6 @@ export interface BookmarkList { value: Bookmark[]; } -// @public -export interface BookmarkOperations { - expand(resourceGroupName: string, workspaceName: string, bookmarkId: string, parameters: BookmarkExpandParameters, options?: BookmarkExpandOptionalParams): Promise; -} - -// @public -export interface BookmarkRelations { - createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, relation: Relation, options?: BookmarkRelationsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarkRelationsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface BookmarkRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarkRelationsCreateOrUpdateResponse = Relation; - -// @public -export interface BookmarkRelationsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface BookmarkRelationsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type BookmarkRelationsGetResponse = Relation; - -// @public -export interface BookmarkRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type BookmarkRelationsListNextResponse = RelationList; - -// @public -export interface BookmarkRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type BookmarkRelationsListResponse = RelationList; - // @public export interface Bookmarks { createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, bookmark: Bookmark, options?: BookmarksCreateOrUpdateOptionalParams): Promise; @@ -811,19 +489,6 @@ export interface BookmarksListOptionalParams extends coreClient.OperationOptions // @public export type BookmarksListResponse = BookmarkList; -// @public -export interface BookmarkTimelineItem extends EntityTimelineItem { - azureResourceId: string; - createdBy?: UserInfo; - displayName?: string; - endTimeUtc?: Date; - eventTime?: Date; - kind: "Bookmark"; - labels?: string[]; - notes?: string; - startTimeUtc?: Date; -} - // @public export interface ClientInfo { email?: string; @@ -833,22 +498,22 @@ export interface ClientInfo { } // @public -export interface CloudApplicationEntity extends Entity { +export type CloudApplicationEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; + readonly friendlyName?: string; readonly appId?: number; readonly appName?: string; - readonly friendlyName?: string; readonly instanceName?: string; -} +}; // @public -export interface CloudApplicationEntityProperties extends EntityCommonProperties { +export type CloudApplicationEntityProperties = EntityCommonProperties & { readonly appId?: number; readonly appName?: string; readonly instanceName?: string; -} +}; // @public export interface CloudError { @@ -861,116 +526,6 @@ export interface CloudErrorBody { readonly message?: string; } -// @public -export interface CodelessApiPollingDataConnector extends DataConnector { - connectorUiConfig?: CodelessUiConnectorConfigProperties; - pollingConfig?: CodelessConnectorPollingConfigProperties; -} - -// @public -export interface CodelessConnectorPollingAuthProperties { - apiKeyIdentifier?: string; - apiKeyName?: string; - authorizationEndpoint?: string; - authorizationEndpointQueryParameters?: Record; - authType: string; - flowName?: string; - isApiKeyInPostPayload?: string; - isClientSecretInHeader?: boolean; - redirectionEndpoint?: string; - scope?: string; - tokenEndpoint?: string; - tokenEndpointHeaders?: Record; - tokenEndpointQueryParameters?: Record; -} - -// @public -export interface CodelessConnectorPollingConfigProperties { - auth: CodelessConnectorPollingAuthProperties; - isActive?: boolean; - paging?: CodelessConnectorPollingPagingProperties; - request: CodelessConnectorPollingRequestProperties; - response?: CodelessConnectorPollingResponseProperties; -} - -// @public -export interface CodelessConnectorPollingPagingProperties { - nextPageParaName?: string; - nextPageTokenJsonPath?: string; - pageCountAttributePath?: string; - pageSize?: number; - pageSizeParaName?: string; - pageTimeStampAttributePath?: string; - pageTotalCountAttributePath?: string; - pagingType: string; - searchTheLatestTimeStampFromEventsList?: string; -} - -// @public -export interface CodelessConnectorPollingRequestProperties { - apiEndpoint: string; - endTimeAttributeName?: string; - headers?: Record; - httpMethod: string; - queryParameters?: Record; - queryParametersTemplate?: string; - queryTimeFormat: string; - queryWindowInMin: number; - rateLimitQps?: number; - retryCount?: number; - startTimeAttributeName?: string; - timeoutInSeconds?: number; -} - -// @public -export interface CodelessConnectorPollingResponseProperties { - eventsJsonPaths: string[]; - isGzipCompressed?: boolean; - successStatusJsonPath?: string; - successStatusValue?: string; -} - -// @public -export interface CodelessUiConnectorConfigProperties { - availability: Availability; - connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; - customImage?: string; - dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; - descriptionMarkdown: string; - graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; - graphQueriesTableName: string; - instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; - permissions: Permissions_2; - publisher: string; - sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; - title: string; -} - -// @public (undocumented) -export interface CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem extends ConnectivityCriteria { -} - -// @public (undocumented) -export interface CodelessUiConnectorConfigPropertiesDataTypesItem extends LastDataReceivedDataType { -} - -// @public (undocumented) -export interface CodelessUiConnectorConfigPropertiesGraphQueriesItem extends GraphQueries { -} - -// @public (undocumented) -export interface CodelessUiConnectorConfigPropertiesInstructionStepsItem extends InstructionSteps { -} - -// @public (undocumented) -export interface CodelessUiConnectorConfigPropertiesSampleQueriesItem extends SampleQueries { -} - -// @public -export interface CodelessUiDataConnector extends DataConnector { - connectorUiConfig?: CodelessUiConnectorConfigProperties; -} - // @public export type ConditionType = string; @@ -980,144 +535,36 @@ export type ConfidenceLevel = string; // @public export type ConfidenceScoreStatus = string; -// @public -export type ConnectAuthKind = string; - -// @public -export interface ConnectedEntity { - additionalData?: Record; - targetEntityId?: string; -} - -// @public -export interface ConnectivityCriteria { - type?: ConnectivityType; - value?: string[]; -} - -// @public -export type ConnectivityType = string; - -// @public -export interface ConnectorInstructionModelBase { - parameters?: Record; - type: SettingType; -} - -// @public -export interface ContentPathMap { - contentType?: ContentType; - path?: string; -} - -// @public -export type ContentType = string; - // @public export type CreatedByType = string; // @public -export interface CustomEntityQuery extends ResourceWithEtag { - kind: CustomEntityQueryKind; -} - -// @public -export type CustomEntityQueryKind = string; - -// @public (undocumented) -export type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery; - -// @public -export interface Customs extends CustomsPermission { -} - -// @public -export interface CustomsPermission { - description?: string; - name?: string; -} - -// @public -export interface DataConnector extends ResourceWithEtag { +export type DataConnector = ResourceWithEtag & { kind: DataConnectorKind; -} - -// @public -export type DataConnectorAuthorizationState = string; - -// @public -export interface DataConnectorConnectBody { - apiKey?: string; - authorizationCode?: string; - clientId?: string; - clientSecret?: string; - dataCollectionEndpoint?: string; - dataCollectionRuleImmutableId?: string; - kind?: ConnectAuthKind; - outputStream?: string; - password?: string; - // (undocumented) - requestConfigUserInputValues?: Record[]; - userName?: string; -} +}; // @public export interface DataConnectorDataTypeCommon { - state: DataTypeState; + state?: DataTypeState; } // @public export type DataConnectorKind = string; -// @public -export type DataConnectorLicenseState = string; - // @public export interface DataConnectorList { readonly nextLink?: string; value: DataConnectorUnion[]; } -// @public -export interface DataConnectorRequirementsState { - authorizationState?: DataConnectorAuthorizationState; - licenseState?: DataConnectorLicenseState; -} - // @public export interface DataConnectors { - connect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, connectBody: DataConnectorConnectBody, options?: DataConnectorsConnectOptionalParams): Promise; createOrUpdate(resourceGroupName: string, workspaceName: string, dataConnectorId: string, dataConnector: DataConnectorUnion, options?: DataConnectorsCreateOrUpdateOptionalParams): Promise; delete(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams): Promise; - disconnect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDisconnectOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: DataConnectorsListOptionalParams): PagedAsyncIterableIterator; } -// @public -export interface DataConnectorsCheckRequirements { - kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "Office365Project" | "OfficePowerBI" | "ThreatIntelligence" | "ThreatIntelligenceTaxii" | "IOT"; -} - -// @public -export interface DataConnectorsCheckRequirementsOperations { - post(resourceGroupName: string, workspaceName: string, dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, options?: DataConnectorsCheckRequirementsPostOptionalParams): Promise; -} - -// @public -export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - -// @public (undocumented) -export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements | IoTCheckRequirements; - -// @public -export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions { -} - // @public export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } @@ -1129,10 +576,6 @@ export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions { } -// @public -export interface DataConnectorsDisconnectOptionalParams extends coreClient.OperationOptions { -} - // @public export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions { } @@ -1156,22 +599,17 @@ export type DataConnectorsListResponse = DataConnectorList; // @public export interface DataConnectorTenantId { - tenantId: string; + tenantId?: string; } // @public (undocumented) -export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | IoTDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector; +export type DataConnectorUnion = DataConnector | AADDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | McasDataConnector | MdatpDataConnector | TIDataConnector | OfficeDataConnector; // @public export interface DataConnectorWithAlertsProperties { dataTypes?: AlertsDataTypeOfDataConnector; } -// @public -export interface DataTypeDefinitions { - dataType?: string; -} - // @public export type DataTypeState = string; @@ -1182,2770 +620,1244 @@ export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Bloc export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded"; // @public -export interface Deployment { - deploymentId?: string; - deploymentLogsUrl?: string; - deploymentResult?: DeploymentResult; - deploymentState?: DeploymentState; - deploymentTime?: Date; -} - -// @public -export type DeploymentFetchStatus = string; - -// @public -export interface DeploymentInfo { - deployment?: Deployment; - deploymentFetchStatus?: DeploymentFetchStatus; - message?: string; -} - -// @public -export type DeploymentResult = string; - -// @public -export type DeploymentState = string; - -// @public -export type DeviceImportance = string; - -// @public -export interface DnsEntity extends Entity { +export type DnsEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; + readonly friendlyName?: string; readonly dnsServerIpEntityId?: string; readonly domainName?: string; - readonly friendlyName?: string; readonly hostIpAddressEntityId?: string; readonly ipAddressEntityIds?: string[]; -} +}; // @public -export interface DnsEntityProperties extends EntityCommonProperties { +export type DnsEntityProperties = EntityCommonProperties & { readonly dnsServerIpEntityId?: string; readonly domainName?: string; readonly hostIpAddressEntityId?: string; readonly ipAddressEntityIds?: string[]; -} - -// @public -export interface DomainWhois { - get(resourceGroupName: string, domain: string, options?: DomainWhoisGetOptionalParams): Promise; -} +}; // @public -export interface DomainWhoisGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type DomainWhoisGetResponse = EnrichmentDomainWhois; +export type ElevationToken = "Default" | "Full" | "Limited"; // @public -export interface Dynamics365CheckRequirements extends DataConnectorsCheckRequirements { - kind: "Dynamics365"; - tenantId?: string; -} +export type Entity = Resource & { + kind: EntityKindEnum; +}; // @public -export interface Dynamics365CheckRequirementsProperties extends DataConnectorTenantId { +export interface EntityCommonProperties { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; } // @public -export interface Dynamics365DataConnector extends DataConnector { - dataTypes?: Dynamics365DataConnectorDataTypes; - tenantId?: string; -} +export type EntityKindEnum = string; // @public -export interface Dynamics365DataConnectorDataTypes { - dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; +export interface EntityMapping { + entityType?: EntityMappingType; + fieldMappings?: FieldMapping[]; } // @public -export interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities extends DataConnectorDataTypeCommon { -} +export type EntityMappingType = string; -// @public -export interface Dynamics365DataConnectorProperties extends DataConnectorTenantId { - dataTypes: Dynamics365DataConnectorDataTypes; -} +// @public (undocumented) +export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity; // @public -export type ElevationToken = "Default" | "Full" | "Limited"; +export type EventGroupingAggregationKind = string; // @public -export interface EnrichmentDomainWhois { - created?: Date; - domain?: string; - expires?: Date; - parsedWhois?: EnrichmentDomainWhoisDetails; - server?: string; - updated?: Date; +export interface EventGroupingSettings { + aggregationKind?: EventGroupingAggregationKind; } // @public -export interface EnrichmentDomainWhoisContact { - city?: string; - country?: string; - email?: string; - fax?: string; - name?: string; - org?: string; - phone?: string; - postal?: string; - state?: string; - street?: string[]; +export interface FieldMapping { + columnName?: string; + identifier?: string; } // @public -export interface EnrichmentDomainWhoisContacts { - admin?: EnrichmentDomainWhoisContact; - billing?: EnrichmentDomainWhoisContact; - registrant?: EnrichmentDomainWhoisContact; - tech?: EnrichmentDomainWhoisContact; -} +export type FileEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly directory?: string; + readonly fileHashEntityIds?: string[]; + readonly fileName?: string; + readonly hostEntityId?: string; +}; // @public -export interface EnrichmentDomainWhoisDetails { - contacts?: EnrichmentDomainWhoisContacts; - nameServers?: string[]; - registrar?: EnrichmentDomainWhoisRegistrarDetails; - statuses?: string[]; -} +export type FileEntityProperties = EntityCommonProperties & { + readonly directory?: string; + readonly fileHashEntityIds?: string[]; + readonly fileName?: string; + readonly hostEntityId?: string; +}; // @public -export interface EnrichmentDomainWhoisRegistrarDetails { - abuseContactEmail?: string; - abuseContactPhone?: string; - ianaId?: string; - name?: string; - url?: string; - whoisServer?: string; -} +export type FileHashAlgorithm = string; // @public -export interface EnrichmentIpGeodata { - asn?: string; - carrier?: string; - city?: string; - cityCf?: number; - continent?: string; - country?: string; - countryCf?: number; - ipAddr?: string; - ipRoutingType?: string; - latitude?: string; - longitude?: string; - organization?: string; - organizationType?: string; - region?: string; - state?: string; - stateCf?: number; - stateCode?: string; -} +export type FileHashEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly algorithm?: FileHashAlgorithm; + readonly hashValue?: string; +}; // @public -export interface Entities { - expand(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityExpandParameters, options?: EntitiesExpandOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesGetOptionalParams): Promise; - getInsights(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityGetInsightsParameters, options?: EntitiesGetInsightsOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntitiesListOptionalParams): PagedAsyncIterableIterator; - queries(resourceGroupName: string, workspaceName: string, entityId: string, kind: EntityItemQueryKind, options?: EntitiesQueriesOptionalParams): Promise; -} +export type FileHashEntityProperties = EntityCommonProperties & { + readonly algorithm?: FileHashAlgorithm; + readonly hashValue?: string; +}; // @public -export interface EntitiesExpandOptionalParams extends coreClient.OperationOptions { -} +export type FusionAlertRule = AlertRule & { + alertRuleTemplateName?: string; + readonly description?: string; + readonly displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; + readonly severity?: AlertSeverity; + readonly tactics?: AttackTactic[]; + techniques?: string[]; +}; // @public -export type EntitiesExpandResponse = EntityExpandResponse; +export type FusionAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + severity?: AlertSeverity; + tactics?: AttackTactic[]; + techniques?: string[]; +}; // @public -export interface EntitiesGetInsightsOptionalParams extends coreClient.OperationOptions { +export interface GeoLocation { + readonly asn?: number; + readonly city?: string; + readonly countryCode?: string; + readonly countryName?: string; + readonly latitude?: number; + readonly longitude?: number; + readonly state?: string; } // @public -export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; - -// @public -export interface EntitiesGetOptionalParams extends coreClient.OperationOptions { +export interface GroupingConfiguration { + enabled: boolean; + groupByAlertDetails?: AlertDetail[]; + groupByCustomDetails?: string[]; + groupByEntities?: EntityMappingType[]; + lookbackDuration: string; + matchingMethod: MatchingMethod; + reopenClosedIncident: boolean; } // @public -export type EntitiesGetResponse = EntityUnion; +export type HostEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly azureID?: string; + readonly dnsDomain?: string; + readonly hostName?: string; + readonly isDomainJoined?: boolean; + readonly netBiosName?: string; + readonly ntDomain?: string; + readonly omsAgentID?: string; + osFamily?: OSFamily; + readonly osVersion?: string; +}; // @public -export interface EntitiesGetTimeline { - list(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityTimelineParameters, options?: EntitiesGetTimelineListOptionalParams): Promise; -} +export type HostEntityProperties = EntityCommonProperties & { + readonly azureID?: string; + readonly dnsDomain?: string; + readonly hostName?: string; + readonly isDomainJoined?: boolean; + readonly netBiosName?: string; + readonly ntDomain?: string; + readonly omsAgentID?: string; + osFamily?: OSFamily; + readonly osVersion?: string; +}; // @public -export interface EntitiesGetTimelineListOptionalParams extends coreClient.OperationOptions { -} +export type HuntingBookmark = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + created?: Date; + createdBy?: UserInfo; + displayName?: string; + eventTime?: Date; + labels?: string[]; + notes?: string; + query?: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + incidentInfo?: IncidentInfo; +}; // @public -export type EntitiesGetTimelineListResponse = EntityTimelineResponse; +export type HuntingBookmarkProperties = EntityCommonProperties & { + created?: Date; + createdBy?: UserInfo; + displayName: string; + eventTime?: Date; + labels?: string[]; + notes?: string; + query: string; + queryResult?: string; + updated?: Date; + updatedBy?: UserInfo; + incidentInfo?: IncidentInfo; +}; // @public -export interface EntitiesListNextOptionalParams extends coreClient.OperationOptions { -} +export type Incident = ResourceWithEtag & { + readonly additionalData?: IncidentAdditionalData; + classification?: IncidentClassification; + classificationComment?: string; + classificationReason?: IncidentClassificationReason; + readonly createdTimeUtc?: Date; + description?: string; + firstActivityTimeUtc?: Date; + readonly incidentUrl?: string; + readonly incidentNumber?: number; + labels?: IncidentLabel[]; + lastActivityTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; + owner?: IncidentOwnerInfo; + readonly relatedAnalyticRuleIds?: string[]; + severity?: IncidentSeverity; + status?: IncidentStatus; + title?: string; +}; // @public -export type EntitiesListNextResponse = EntityList; +export interface IncidentAdditionalData { + readonly alertProductNames?: string[]; + readonly alertsCount?: number; + readonly bookmarksCount?: number; + readonly commentsCount?: number; + readonly tactics?: AttackTactic[]; +} // @public -export interface EntitiesListOptionalParams extends coreClient.OperationOptions { +export interface IncidentAlertList { + value: SecurityAlert[]; } // @public -export type EntitiesListResponse = EntityList; +export interface IncidentBookmarkList { + value: HuntingBookmark[]; +} // @public -export interface EntitiesQueriesOptionalParams extends coreClient.OperationOptions { -} +export type IncidentClassification = string; // @public -export type EntitiesQueriesResponse = GetQueriesResponse; +export type IncidentClassificationReason = string; // @public -export interface EntitiesRelations { - list(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesRelationsListOptionalParams): PagedAsyncIterableIterator; -} +export type IncidentComment = ResourceWithEtag & { + readonly createdTimeUtc?: Date; + readonly lastModifiedTimeUtc?: Date; + message?: string; + readonly author?: ClientInfo; +}; // @public -export interface EntitiesRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; +export interface IncidentCommentList { + readonly nextLink?: string; + value: IncidentComment[]; } // @public -export type EntitiesRelationsListNextResponse = RelationList; +export interface IncidentComments { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListOptionalParams): PagedAsyncIterableIterator; +} // @public -export interface EntitiesRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; +export interface IncidentCommentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } // @public -export type EntitiesRelationsListResponse = RelationList; +export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; // @public -export interface Entity extends Resource { - kind: EntityKind; +export interface IncidentCommentsDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export interface EntityAnalytics extends Settings { - entityProviders?: EntityProviders[]; +export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions { } // @public -export interface EntityCommonProperties { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; -} +export type IncidentCommentsGetResponse = IncidentComment; // @public -export interface EntityEdges { - additionalData?: { - [propertyName: string]: Record; - }; - targetEntityId?: string; +export interface IncidentCommentsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export interface EntityExpandParameters { - endTime?: Date; - expansionId?: string; - startTime?: Date; -} +export type IncidentCommentsListNextResponse = IncidentCommentList; // @public -export interface EntityExpandResponse { - metaData?: ExpansionResultsMetadata; - value?: EntityExpandResponseValue; +export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export interface EntityExpandResponseValue { - edges?: EntityEdges[]; - entities?: EntityUnion[]; -} +export type IncidentCommentsListResponse = IncidentCommentList; // @public -export interface EntityFieldMapping { - identifier?: string; - value?: string; +export interface IncidentConfiguration { + createIncident: boolean; + groupingConfiguration?: GroupingConfiguration; } // @public -export interface EntityGetInsightsParameters { - addDefaultExtendedTimeRange?: boolean; - endTime: Date; - insightQueryIds?: string[]; - startTime: Date; +export interface IncidentEntitiesResponse { + entities?: EntityUnion[]; + metaData?: IncidentEntitiesResultsMetadata[]; } // @public -export interface EntityGetInsightsResponse { - metaData?: GetInsightsResultsMetadata; - value?: EntityInsightItem[]; +export interface IncidentEntitiesResultsMetadata { + count: number; + entityKind: EntityKindEnum; } // @public -export interface EntityInsightItem { - chartQueryResults?: InsightsTableResult[]; - queryId?: string; - queryTimeInterval?: EntityInsightItemQueryTimeInterval; - tableQueryResults?: InsightsTableResult; +export interface IncidentInfo { + incidentId?: string; + relationName?: string; + severity?: IncidentSeverity; + title?: string; } // @public -export interface EntityInsightItemQueryTimeInterval { - endTime?: Date; - startTime?: Date; +export interface IncidentLabel { + labelName: string; + readonly labelType?: IncidentLabelType; } // @public -export type EntityItemQueryKind = string; - -// @public -export type EntityKind = string; +export type IncidentLabelType = string; // @public -export interface EntityList { +export interface IncidentList { readonly nextLink?: string; - value: EntityUnion[]; -} - -// @public -export interface EntityMapping { - entityType?: EntityMappingType; - fieldMappings?: FieldMapping[]; + value: Incident[]; } // @public -export type EntityMappingType = string; - -// @public -export type EntityProviders = string; - -// @public -export interface EntityQueries { - createOrUpdate(resourceGroupName: string, workspaceName: string, entityQueryId: string, entityQuery: CustomEntityQueryUnion, options?: EntityQueriesCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntityQueriesListOptionalParams): PagedAsyncIterableIterator; +export interface IncidentOwnerInfo { + assignedTo?: string; + email?: string; + objectId?: string; + ownerType?: OwnerType; + userPrincipalName?: string; } -// @public -export interface EntityQueriesCreateOrUpdateOptionalParams extends coreClient.OperationOptions { +// @public (undocumented) +export interface IncidentPropertiesAction { + classification?: IncidentClassification; + classificationComment?: string; + classificationReason?: IncidentClassificationReason; + labels?: IncidentLabel[]; + owner?: IncidentOwnerInfo; + severity?: IncidentSeverity; + status?: IncidentStatus; } // @public -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; - -// @public -export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationOptions { +export interface IncidentRelations { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentRelationsListOptionalParams): PagedAsyncIterableIterator; } // @public -export interface EntityQueriesGetOptionalParams extends coreClient.OperationOptions { +export interface IncidentRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueriesGetResponse = EntityQueryUnion; +export type IncidentRelationsCreateOrUpdateResponse = Relation; // @public -export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions { - kind?: Enum13; +export interface IncidentRelationsDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueriesListNextResponse = EntityQueryList; - -// @public -export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions { - kind?: Enum13; +export interface IncidentRelationsGetOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueriesListResponse = EntityQueryList; +export type IncidentRelationsGetResponse = Relation; // @public -export interface EntityQuery extends ResourceWithEtag { - kind: EntityQueryKind; +export interface IncidentRelationsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export interface EntityQueryItem { - readonly id?: string; - kind: "Insight"; - name?: string; - type?: string; -} +export type IncidentRelationsListNextResponse = RelationList; // @public -export interface EntityQueryItemProperties { - dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; - entitiesFilter?: Record; - inputEntityType?: EntityType; - requiredInputFieldsSets?: string[][]; -} - -// @public (undocumented) -export interface EntityQueryItemPropertiesDataTypesItem { - dataType?: string; +export interface IncidentRelationsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } -// @public (undocumented) -export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; - // @public -export type EntityQueryKind = string; +export type IncidentRelationsListResponse = RelationList; // @public -export interface EntityQueryList { - readonly nextLink?: string; - value: EntityQueryUnion[]; +export interface Incidents { + createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; + get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; + list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; + listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise; + listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise; + listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise; } // @public -export interface EntityQueryTemplate extends Resource { - kind: EntityQueryTemplateKind; +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueryTemplateKind = string; +export type IncidentsCreateOrUpdateResponse = Incident; // @public -export interface EntityQueryTemplateList { - readonly nextLink?: string; - value: EntityQueryTemplateUnion[]; +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions { } // @public -export interface EntityQueryTemplates { - get(resourceGroupName: string, workspaceName: string, entityQueryTemplateId: string, options?: EntityQueryTemplatesGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: EntityQueryTemplatesListOptionalParams): PagedAsyncIterableIterator; -} +export type IncidentSeverity = string; // @public -export interface EntityQueryTemplatesGetOptionalParams extends coreClient.OperationOptions { +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +export type IncidentsGetResponse = Incident; // @public -export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.OperationOptions { +export interface IncidentsListAlertsOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +export type IncidentsListAlertsResponse = IncidentAlertList; // @public -export interface EntityQueryTemplatesListOptionalParams extends coreClient.OperationOptions { +export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; - -// @public (undocumented) -export type EntityQueryTemplateUnion = EntityQueryTemplate | ActivityEntityQueryTemplate; - -// @public (undocumented) -export type EntityQueryUnion = EntityQuery | ExpansionEntityQuery | ActivityEntityQuery; - -// @public -export interface EntityRelations { - getRelation(resourceGroupName: string, workspaceName: string, entityId: string, relationName: string, options?: EntityRelationsGetRelationOptionalParams): Promise; -} +export type IncidentsListBookmarksResponse = IncidentBookmarkList; // @public -export interface EntityRelationsGetRelationOptionalParams extends coreClient.OperationOptions { +export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions { } // @public -export type EntityRelationsGetRelationResponse = Relation; +export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; // @public -export interface EntityTimelineItem { - kind: "Activity" | "Bookmark" | "Anomaly" | "SecurityAlert"; +export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } -// @public (undocumented) -export type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | AnomalyTimelineItem | SecurityAlertTimelineItem; - -// @public -export type EntityTimelineKind = string; - // @public -export interface EntityTimelineParameters { - endTime: Date; - kinds?: EntityTimelineKind[]; - numberOfBucket?: number; - startTime: Date; -} +export type IncidentsListNextResponse = IncidentList; // @public -export interface EntityTimelineResponse { - metaData?: TimelineResultsMetadata; - value?: EntityTimelineItemUnion[]; +export interface IncidentsListOptionalParams extends coreClient.OperationOptions { + filter?: string; + orderby?: string; + skipToken?: string; + top?: number; } // @public -export type EntityType = string; - -// @public (undocumented) -export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity | NicEntity; - -// @public -export type Enum13 = string; - -// @public -export type EventGroupingAggregationKind = string; - -// @public -export interface EventGroupingSettings { - aggregationKind?: EventGroupingAggregationKind; -} +export type IncidentsListResponse = IncidentList; // @public -export interface ExpansionEntityQuery extends EntityQuery { - dataSources?: string[]; - displayName?: string; - inputEntityType?: EntityType; - inputFields?: string[]; - outputEntityTypes?: EntityType[]; - queryTemplate?: string; -} +export type IncidentStatus = string; // @public -export interface ExpansionResultAggregation { - aggregationType?: string; - count: number; - displayName?: string; - entityKind: EntityKind; -} - -// @public -export interface ExpansionResultsMetadata { - aggregations?: ExpansionResultAggregation[]; -} - -// @public -export interface EyesOn extends Settings { - readonly isEnabled?: boolean; -} - -// @public -export interface FieldMapping { - columnName?: string; - identifier?: string; -} - -// @public -export interface FileEntity extends Entity { +export type IoTDeviceEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; - readonly directory?: string; - readonly fileHashEntityIds?: string[]; - readonly fileName?: string; readonly friendlyName?: string; + readonly deviceId?: string; + readonly deviceName?: string; + readonly source?: string; + readonly iotSecurityAgentId?: string; + readonly deviceType?: string; + readonly vendor?: string; + readonly edgeId?: string; + readonly macAddress?: string; + readonly model?: string; + readonly serialNumber?: string; + readonly firmwareVersion?: string; + readonly operatingSystem?: string; + readonly iotHubEntityId?: string; readonly hostEntityId?: string; -} + readonly ipAddressEntityId?: string; + readonly threatIntelligence?: ThreatIntelligence[]; + readonly protocols?: string[]; +}; // @public -export interface FileEntityProperties extends EntityCommonProperties { - readonly directory?: string; - readonly fileHashEntityIds?: string[]; - readonly fileName?: string; +export type IoTDeviceEntityProperties = EntityCommonProperties & { + readonly deviceId?: string; + readonly deviceName?: string; + readonly source?: string; + readonly iotSecurityAgentId?: string; + readonly deviceType?: string; + readonly vendor?: string; + readonly edgeId?: string; + readonly macAddress?: string; + readonly model?: string; + readonly serialNumber?: string; + readonly firmwareVersion?: string; + readonly operatingSystem?: string; + readonly iotHubEntityId?: string; readonly hostEntityId?: string; -} - -// @public -export type FileHashAlgorithm = string; + readonly ipAddressEntityId?: string; + readonly threatIntelligence?: ThreatIntelligence[]; + readonly protocols?: string[]; +}; // @public -export interface FileHashEntity extends Entity { +export type IpEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; - readonly algorithm?: FileHashAlgorithm; readonly friendlyName?: string; - readonly hashValue?: string; -} - -// @public -export interface FileHashEntityProperties extends EntityCommonProperties { - readonly algorithm?: FileHashAlgorithm; - readonly hashValue?: string; -} - -// @public -export interface FusionAlertRule extends AlertRule { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; - readonly severity?: AlertSeverity; - sourceSettings?: FusionSourceSettings[]; - readonly tactics?: AttackTactic[]; - readonly techniques?: string[]; -} - -// @public -export interface FusionAlertRuleTemplate extends AlertRuleTemplate { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - readonly lastUpdatedDateUTC?: Date; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - severity?: AlertSeverity; - sourceSettings?: FusionTemplateSourceSetting[]; - status?: TemplateStatus; - tactics?: AttackTactic[]; - techniques?: string[]; -} - -// @public -export interface FusionScenarioExclusionPattern { - dateAddedInUTC: string; - exclusionPattern: string; -} - -// @public -export interface FusionSourceSettings { - enabled: boolean; - sourceName: string; - sourceSubTypes?: FusionSourceSubTypeSetting[]; -} - -// @public -export interface FusionSourceSubTypeSetting { - enabled: boolean; - severityFilters: FusionSubTypeSeverityFilter; - readonly sourceSubTypeDisplayName?: string; - sourceSubTypeName: string; -} - -// @public -export interface FusionSubTypeSeverityFilter { - filters?: FusionSubTypeSeverityFiltersItem[]; - readonly isSupported?: boolean; -} - -// @public -export interface FusionSubTypeSeverityFiltersItem { - enabled: boolean; - severity: AlertSeverity; -} - -// @public -export interface FusionTemplateSourceSetting { - sourceName: string; - sourceSubTypes?: FusionTemplateSourceSubType[]; -} - -// @public -export interface FusionTemplateSourceSubType { - severityFilter: FusionTemplateSubTypeSeverityFilter; - readonly sourceSubTypeDisplayName?: string; - sourceSubTypeName: string; -} - -// @public -export interface FusionTemplateSubTypeSeverityFilter { - isSupported: boolean; - severityFilters?: AlertSeverity[]; -} - -// @public -export interface GeoLocation { - readonly asn?: number; - readonly city?: string; - readonly countryCode?: string; - readonly countryName?: string; - readonly latitude?: number; - readonly longitude?: number; - readonly state?: string; -} + readonly address?: string; + readonly location?: GeoLocation; + readonly threatIntelligence?: ThreatIntelligence[]; +}; // @public -export type GetInsightsError = string; +export type IpEntityProperties = EntityCommonProperties & { + readonly address?: string; + readonly location?: GeoLocation; + readonly threatIntelligence?: ThreatIntelligence[]; +}; // @public -export interface GetInsightsErrorKind { - errorMessage: string; - kind: GetInsightsError; - queryId?: string; -} +export type KillChainIntent = string; // @public -export interface GetInsightsResultsMetadata { - errors?: GetInsightsErrorKind[]; - totalCount: number; +export enum KnownActionType { + ModifyProperties = "ModifyProperties", + RunPlaybook = "RunPlaybook" } // @public -export interface GetQueriesResponse { - value?: EntityQueryItemUnion[]; +export enum KnownAlertDetail { + DisplayName = "DisplayName", + Severity = "Severity" } // @public -export interface GitHubResourceInfo { - appInstallationId?: string; +export enum KnownAlertRuleKind { + // (undocumented) + Fusion = "Fusion", + // (undocumented) + MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", + // (undocumented) + Scheduled = "Scheduled" } // @public -export interface GraphQueries { - baseQuery?: string; - legend?: string; - metricName?: string; +export enum KnownAlertSeverity { + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" } // @public -export interface GroupingConfiguration { - enabled: boolean; - groupByAlertDetails?: AlertDetail[]; - groupByCustomDetails?: string[]; - groupByEntities?: EntityMappingType[]; - lookbackDuration: string; - matchingMethod: MatchingMethod; - reopenClosedIncident: boolean; +export enum KnownAlertStatus { + Dismissed = "Dismissed", + InProgress = "InProgress", + New = "New", + Resolved = "Resolved", + Unknown = "Unknown" } // @public -export interface HostEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly azureID?: string; - readonly dnsDomain?: string; - readonly friendlyName?: string; - readonly hostName?: string; - readonly isDomainJoined?: boolean; - readonly netBiosName?: string; - readonly ntDomain?: string; - readonly omsAgentID?: string; - osFamily?: OSFamily; - readonly osVersion?: string; +export enum KnownAntispamMailDirection { + Inbound = "Inbound", + Intraorg = "Intraorg", + Outbound = "Outbound", + Unknown = "Unknown" } // @public -export interface HostEntityProperties extends EntityCommonProperties { - readonly azureID?: string; - readonly dnsDomain?: string; - readonly hostName?: string; - readonly isDomainJoined?: boolean; - readonly netBiosName?: string; - readonly ntDomain?: string; - readonly omsAgentID?: string; - osFamily?: OSFamily; - readonly osVersion?: string; +export enum KnownAttackTactic { + // (undocumented) + Collection = "Collection", + // (undocumented) + CommandAndControl = "CommandAndControl", + // (undocumented) + CredentialAccess = "CredentialAccess", + // (undocumented) + DefenseEvasion = "DefenseEvasion", + // (undocumented) + Discovery = "Discovery", + // (undocumented) + Execution = "Execution", + // (undocumented) + Exfiltration = "Exfiltration", + // (undocumented) + Impact = "Impact", + // (undocumented) + ImpairProcessControl = "ImpairProcessControl", + // (undocumented) + InhibitResponseFunction = "InhibitResponseFunction", + // (undocumented) + InitialAccess = "InitialAccess", + // (undocumented) + LateralMovement = "LateralMovement", + // (undocumented) + Persistence = "Persistence", + // (undocumented) + PreAttack = "PreAttack", + // (undocumented) + PrivilegeEscalation = "PrivilegeEscalation", + // (undocumented) + Reconnaissance = "Reconnaissance", + // (undocumented) + ResourceDevelopment = "ResourceDevelopment" } // @public -export interface HuntingBookmark extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - created?: Date; - createdBy?: UserInfo; - displayName?: string; - eventTime?: Date; - readonly friendlyName?: string; - incidentInfo?: IncidentInfo; - labels?: string[]; - notes?: string; - query?: string; - queryResult?: string; - updated?: Date; - updatedBy?: UserInfo; +export enum KnownAutomationRulePropertyConditionSupportedOperator { + Contains = "Contains", + EndsWith = "EndsWith", + Equals = "Equals", + NotContains = "NotContains", + NotEndsWith = "NotEndsWith", + NotEquals = "NotEquals", + NotStartsWith = "NotStartsWith", + StartsWith = "StartsWith" } // @public -export interface HuntingBookmarkProperties extends EntityCommonProperties { - created?: Date; - createdBy?: UserInfo; - displayName: string; - eventTime?: Date; - incidentInfo?: IncidentInfo; - labels?: string[]; - notes?: string; - query: string; - queryResult?: string; - updated?: Date; - updatedBy?: UserInfo; -} - -// @public -export interface Incident extends ResourceWithEtag { - readonly additionalData?: IncidentAdditionalData; - classification?: IncidentClassification; - classificationComment?: string; - classificationReason?: IncidentClassificationReason; - readonly createdTimeUtc?: Date; - description?: string; - firstActivityTimeUtc?: Date; - readonly incidentNumber?: number; - readonly incidentUrl?: string; - labels?: IncidentLabel[]; - lastActivityTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; - owner?: IncidentOwnerInfo; - providerIncidentId?: string; - providerName?: string; - readonly relatedAnalyticRuleIds?: string[]; - severity?: IncidentSeverity; - status?: IncidentStatus; - teamInformation?: TeamInformation; - title?: string; -} - -// @public -export interface IncidentAdditionalData { - readonly alertProductNames?: string[]; - readonly alertsCount?: number; - readonly bookmarksCount?: number; - readonly commentsCount?: number; - readonly providerIncidentUrl?: string; - readonly tactics?: AttackTactic[]; - readonly techniques?: string[]; -} - -// @public -export interface IncidentAlertList { - value: SecurityAlert[]; -} - -// @public -export interface IncidentBookmarkList { - value: HuntingBookmark[]; -} - -// @public -export type IncidentClassification = string; - -// @public -export type IncidentClassificationReason = string; - -// @public -export interface IncidentComment extends ResourceWithEtag { - readonly author?: ClientInfo; - readonly createdTimeUtc?: Date; - readonly lastModifiedTimeUtc?: Date; - message?: string; -} - -// @public -export interface IncidentCommentList { - readonly nextLink?: string; - value: IncidentComment[]; -} - -// @public -export interface IncidentComments { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface IncidentCommentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentCommentsCreateOrUpdateResponse = IncidentComment; - -// @public -export interface IncidentCommentsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentCommentsGetResponse = IncidentComment; - -// @public -export interface IncidentCommentsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentCommentsListNextResponse = IncidentCommentList; - -// @public -export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentCommentsListResponse = IncidentCommentList; - -// @public -export interface IncidentConfiguration { - createIncident: boolean; - groupingConfiguration?: GroupingConfiguration; -} - -// @public -export interface IncidentEntitiesResponse { - entities?: EntityUnion[]; - metaData?: IncidentEntitiesResultsMetadata[]; -} - -// @public -export interface IncidentEntitiesResultsMetadata { - count: number; - entityKind: EntityKind; -} - -// @public -export interface IncidentInfo { - incidentId?: string; - relationName?: string; - severity?: IncidentSeverity; - title?: string; -} - -// @public -export interface IncidentLabel { - labelName: string; - readonly labelType?: IncidentLabelType; -} - -// @public -export type IncidentLabelType = string; - -// @public -export interface IncidentList { - readonly nextLink?: string; - value: Incident[]; -} - -// @public -export interface IncidentOwnerInfo { - assignedTo?: string; - email?: string; - objectId?: string; - ownerType?: OwnerType; - userPrincipalName?: string; -} - -// @public (undocumented) -export interface IncidentPropertiesAction { - classification?: IncidentClassification; - classificationComment?: string; - classificationReason?: IncidentClassificationReason; - labels?: IncidentLabel[]; - owner?: IncidentOwnerInfo; - severity?: IncidentSeverity; - status?: IncidentStatus; -} - -// @public -export interface IncidentRelations { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentRelationsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface IncidentRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentRelationsCreateOrUpdateResponse = Relation; - -// @public -export interface IncidentRelationsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface IncidentRelationsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentRelationsGetResponse = Relation; - -// @public -export interface IncidentRelationsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentRelationsListNextResponse = RelationList; - -// @public -export interface IncidentRelationsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentRelationsListResponse = RelationList; - -// @public -export interface Incidents { - createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise; - createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamProperties, options?: IncidentsCreateTeamOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator; - listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise; - listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise; - listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise; - runPlaybook(resourceGroupName: string, workspaceName: string, incidentIdentifier: string, options?: IncidentsRunPlaybookOptionalParams): Promise; -} - -// @public -export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsCreateOrUpdateResponse = Incident; - -// @public -export interface IncidentsCreateTeamOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsCreateTeamResponse = TeamInformation; - -// @public -export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentSeverity = string; - -// @public -export interface IncidentsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsGetResponse = Incident; - -// @public -export interface IncidentsListAlertsOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListAlertsResponse = IncidentAlertList; - -// @public -export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListBookmarksResponse = IncidentBookmarkList; - -// @public -export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; - -// @public -export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentsListNextResponse = IncidentList; - -// @public -export interface IncidentsListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skipToken?: string; - top?: number; -} - -// @public -export type IncidentsListResponse = IncidentList; - -// @public -export interface IncidentsRunPlaybookOptionalParams extends coreClient.OperationOptions { - // (undocumented) - requestBody?: ManualTriggerRequestBody; -} - -// @public -export type IncidentsRunPlaybookResponse = Record; - -// @public -export type IncidentStatus = string; - -// @public -export interface InsightQueryItem extends EntityQueryItem { - kind: "Insight"; - properties?: InsightQueryItemProperties; -} - -// @public -export interface InsightQueryItemProperties extends EntityQueryItemProperties { - additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; - baseQuery?: string; - chartQuery?: Record; - defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; - description?: string; - displayName?: string; - referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; - tableQuery?: InsightQueryItemPropertiesTableQuery; -} - -// @public -export interface InsightQueryItemPropertiesAdditionalQuery { - query?: string; - text?: string; -} - -// @public -export interface InsightQueryItemPropertiesDefaultTimeRange { - afterRange?: string; - beforeRange?: string; -} - -// @public -export interface InsightQueryItemPropertiesReferenceTimeRange { - beforeRange?: string; -} - -// @public -export interface InsightQueryItemPropertiesTableQuery { - columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; - queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { - header?: string; - outputType?: OutputType; - supportDeepLink?: boolean; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { - filter?: string; - linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; - project?: string; - summarize?: string; -} - -// @public (undocumented) -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { - projectedName?: string; - query?: string; -} - -// @public -export interface InsightsTableResult { - columns?: InsightsTableResultColumnsItem[]; - rows?: string[][]; -} - -// @public (undocumented) -export interface InsightsTableResultColumnsItem { - name?: string; - type?: string; -} - -// @public -export interface InstructionSteps { - description?: string; - instructions?: InstructionStepsInstructionsItem[]; - title?: string; -} - -// @public (undocumented) -export interface InstructionStepsInstructionsItem extends ConnectorInstructionModelBase { -} - -// @public -export interface IoTCheckRequirements extends DataConnectorsCheckRequirements { - kind: "IOT"; - subscriptionId?: string; -} - -// @public -export interface IoTDataConnector extends DataConnector { - dataTypes?: AlertsDataTypeOfDataConnector; - subscriptionId?: string; -} - -// @public -export interface IoTDataConnectorProperties extends DataConnectorWithAlertsProperties { - subscriptionId?: string; -} - -// @public -export interface IoTDeviceEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly deviceId?: string; - readonly deviceName?: string; - readonly deviceSubType?: string; - readonly deviceType?: string; - readonly edgeId?: string; - readonly firmwareVersion?: string; - readonly friendlyName?: string; - readonly hostEntityId?: string; - importance?: DeviceImportance; - readonly iotHubEntityId?: string; - readonly iotSecurityAgentId?: string; - readonly ipAddressEntityId?: string; - readonly isAuthorized?: boolean; - readonly isProgramming?: boolean; - readonly isScanner?: boolean; - readonly macAddress?: string; - readonly model?: string; - readonly nicEntityIds?: string[]; - readonly operatingSystem?: string; - readonly owners?: string[]; - readonly protocols?: string[]; - readonly purdueLayer?: string; - readonly sensor?: string; - readonly serialNumber?: string; - readonly site?: string; - readonly source?: string; - readonly threatIntelligence?: ThreatIntelligence[]; - readonly vendor?: string; - readonly zone?: string; -} - -// @public -export interface IoTDeviceEntityProperties extends EntityCommonProperties { - readonly deviceId?: string; - readonly deviceName?: string; - readonly deviceSubType?: string; - readonly deviceType?: string; - readonly edgeId?: string; - readonly firmwareVersion?: string; - readonly hostEntityId?: string; - importance?: DeviceImportance; - readonly iotHubEntityId?: string; - readonly iotSecurityAgentId?: string; - readonly ipAddressEntityId?: string; - readonly isAuthorized?: boolean; - readonly isProgramming?: boolean; - readonly isScanner?: boolean; - readonly macAddress?: string; - readonly model?: string; - readonly nicEntityIds?: string[]; - readonly operatingSystem?: string; - readonly owners?: string[]; - readonly protocols?: string[]; - readonly purdueLayer?: string; - readonly sensor?: string; - readonly serialNumber?: string; - readonly site?: string; - readonly source?: string; - readonly threatIntelligence?: ThreatIntelligence[]; - readonly vendor?: string; - readonly zone?: string; -} - -// @public -export interface IpEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly address?: string; - readonly friendlyName?: string; - readonly location?: GeoLocation; - readonly threatIntelligence?: ThreatIntelligence[]; -} - -// @public -export interface IpEntityProperties extends EntityCommonProperties { - readonly address?: string; - readonly location?: GeoLocation; - readonly threatIntelligence?: ThreatIntelligence[]; -} - -// @public -export interface IPGeodata { - get(resourceGroupName: string, ipAddress: string, options?: IPGeodataGetOptionalParams): Promise; -} - -// @public -export interface IPGeodataGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type IPGeodataGetResponse = EnrichmentIpGeodata; - -// @public -export type KillChainIntent = string; - -// @public -export type Kind = string; - -// @public -export enum KnownActionType { - ModifyProperties = "ModifyProperties", - RunPlaybook = "RunPlaybook" -} - -// @public -export enum KnownAlertDetail { - DisplayName = "DisplayName", - Severity = "Severity" -} - -// @public -export enum KnownAlertRuleKind { - Fusion = "Fusion", - MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", - MLBehaviorAnalytics = "MLBehaviorAnalytics", - NRT = "NRT", - Scheduled = "Scheduled", - ThreatIntelligence = "ThreatIntelligence" -} - -// @public -export enum KnownAlertSeverity { - High = "High", - Informational = "Informational", - Low = "Low", - Medium = "Medium" -} - -// @public -export enum KnownAlertStatus { - Dismissed = "Dismissed", - InProgress = "InProgress", - New = "New", - Resolved = "Resolved", - Unknown = "Unknown" -} - -// @public -export enum KnownAntispamMailDirection { - Inbound = "Inbound", - Intraorg = "Intraorg", - Outbound = "Outbound", - Unknown = "Unknown" -} - -// @public -export enum KnownAttackTactic { - Collection = "Collection", - CommandAndControl = "CommandAndControl", - CredentialAccess = "CredentialAccess", - DefenseEvasion = "DefenseEvasion", - Discovery = "Discovery", - Execution = "Execution", - Exfiltration = "Exfiltration", - Impact = "Impact", - ImpairProcessControl = "ImpairProcessControl", - InhibitResponseFunction = "InhibitResponseFunction", - InitialAccess = "InitialAccess", - LateralMovement = "LateralMovement", - Persistence = "Persistence", - PreAttack = "PreAttack", - PrivilegeEscalation = "PrivilegeEscalation", - Reconnaissance = "Reconnaissance", - ResourceDevelopment = "ResourceDevelopment" -} - -// @public -export enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType { - Alerts = "Alerts", - Comments = "Comments", - Labels = "Labels", - Tactics = "Tactics" -} - -// @public -export enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType { - Added = "Added" -} - -// @public -export enum KnownAutomationRulePropertyChangedConditionSupportedChangedType { - ChangedFrom = "ChangedFrom", - ChangedTo = "ChangedTo" -} - -// @public -export enum KnownAutomationRulePropertyChangedConditionSupportedPropertyType { - IncidentOwner = "IncidentOwner", - IncidentSeverity = "IncidentSeverity", - IncidentStatus = "IncidentStatus" -} - -// @public -export enum KnownAutomationRulePropertyConditionSupportedOperator { - Contains = "Contains", - EndsWith = "EndsWith", - Equals = "Equals", - NotContains = "NotContains", - NotEndsWith = "NotEndsWith", - NotEquals = "NotEquals", - NotStartsWith = "NotStartsWith", - StartsWith = "StartsWith" -} - -// @public -export enum KnownAutomationRulePropertyConditionSupportedProperty { - AccountAadTenantId = "AccountAadTenantId", - AccountAadUserId = "AccountAadUserId", - AccountName = "AccountName", - AccountNTDomain = "AccountNTDomain", - AccountObjectGuid = "AccountObjectGuid", - AccountPuid = "AccountPUID", - AccountSid = "AccountSid", - AccountUPNSuffix = "AccountUPNSuffix", - AlertAnalyticRuleIds = "AlertAnalyticRuleIds", - AlertProductNames = "AlertProductNames", - AzureResourceResourceId = "AzureResourceResourceId", - AzureResourceSubscriptionId = "AzureResourceSubscriptionId", - CloudApplicationAppId = "CloudApplicationAppId", - CloudApplicationAppName = "CloudApplicationAppName", - DNSDomainName = "DNSDomainName", - FileDirectory = "FileDirectory", - FileHashValue = "FileHashValue", - FileName = "FileName", - HostAzureID = "HostAzureID", - HostName = "HostName", - HostNetBiosName = "HostNetBiosName", - HostNTDomain = "HostNTDomain", - HostOSVersion = "HostOSVersion", - IncidentDescription = "IncidentDescription", - IncidentLabel = "IncidentLabel", - IncidentProviderName = "IncidentProviderName", - IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", - IncidentSeverity = "IncidentSeverity", - IncidentStatus = "IncidentStatus", - IncidentTactics = "IncidentTactics", - IncidentTitle = "IncidentTitle", - IoTDeviceId = "IoTDeviceId", - IoTDeviceModel = "IoTDeviceModel", - IoTDeviceName = "IoTDeviceName", - IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", - IoTDeviceType = "IoTDeviceType", - IoTDeviceVendor = "IoTDeviceVendor", - IPAddress = "IPAddress", - MailboxDisplayName = "MailboxDisplayName", - MailboxPrimaryAddress = "MailboxPrimaryAddress", - MailboxUPN = "MailboxUPN", - MailMessageDeliveryAction = "MailMessageDeliveryAction", - MailMessageDeliveryLocation = "MailMessageDeliveryLocation", - MailMessageP1Sender = "MailMessageP1Sender", - MailMessageP2Sender = "MailMessageP2Sender", - MailMessageRecipient = "MailMessageRecipient", - MailMessageSenderIP = "MailMessageSenderIP", - MailMessageSubject = "MailMessageSubject", - MalwareCategory = "MalwareCategory", - MalwareName = "MalwareName", - ProcessCommandLine = "ProcessCommandLine", - ProcessId = "ProcessId", - RegistryKey = "RegistryKey", - RegistryValueData = "RegistryValueData", - Url = "Url" -} - -// @public -export enum KnownConditionType { - Property = "Property", - PropertyArrayChanged = "PropertyArrayChanged", - PropertyChanged = "PropertyChanged" -} - -// @public -export enum KnownConfidenceLevel { - High = "High", - Low = "Low", - Unknown = "Unknown" -} - -// @public -export enum KnownConfidenceScoreStatus { - Final = "Final", - InProcess = "InProcess", - NotApplicable = "NotApplicable", - NotFinal = "NotFinal" -} - -// @public -export enum KnownConnectAuthKind { - APIKey = "APIKey", - Basic = "Basic", - OAuth2 = "OAuth2" -} - -// @public -export enum KnownConnectivityType { - IsConnectedQuery = "IsConnectedQuery" -} - -// @public -export enum KnownContentType { - AnalyticRule = "AnalyticRule", - Workbook = "Workbook" -} - -// @public -export enum KnownCreatedByType { - Application = "Application", - Key = "Key", - ManagedIdentity = "ManagedIdentity", - User = "User" -} - -// @public -export enum KnownCustomEntityQueryKind { - Activity = "Activity" -} - -// @public -export enum KnownDataConnectorAuthorizationState { - Invalid = "Invalid", - Valid = "Valid" -} - -// @public -export enum KnownDataConnectorKind { - AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", - AmazonWebServicesS3 = "AmazonWebServicesS3", - APIPolling = "APIPolling", - AzureActiveDirectory = "AzureActiveDirectory", - AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", - AzureSecurityCenter = "AzureSecurityCenter", - Dynamics365 = "Dynamics365", - GenericUI = "GenericUI", - IOT = "IOT", - MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", - MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", - MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", - MicrosoftThreatProtection = "MicrosoftThreatProtection", - Office365 = "Office365", - Office365Project = "Office365Project", - OfficeATP = "OfficeATP", - OfficeIRM = "OfficeIRM", - OfficePowerBI = "OfficePowerBI", - ThreatIntelligence = "ThreatIntelligence", - ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii" -} - -// @public -export enum KnownDataConnectorLicenseState { - Invalid = "Invalid", - Unknown = "Unknown", - Valid = "Valid" -} - -// @public -export enum KnownDataTypeState { - Disabled = "Disabled", - Enabled = "Enabled" -} - -// @public -export enum KnownDeploymentFetchStatus { - NotFound = "NotFound", - Success = "Success", - Unauthorized = "Unauthorized" -} - -// @public -export enum KnownDeploymentResult { - Canceled = "Canceled", - Failed = "Failed", - Success = "Success" -} - -// @public -export enum KnownDeploymentState { - Canceling = "Canceling", - Completed = "Completed", - InProgress = "In_Progress", - Queued = "Queued" -} - -// @public -export enum KnownDeviceImportance { - High = "High", - Low = "Low", - Normal = "Normal", - Unknown = "Unknown" -} - -// @public -export enum KnownEntityItemQueryKind { - Insight = "Insight" -} - -// @public -export enum KnownEntityKind { - Account = "Account", - AzureResource = "AzureResource", - Bookmark = "Bookmark", - CloudApplication = "CloudApplication", - DnsResolution = "DnsResolution", - File = "File", - FileHash = "FileHash", - Host = "Host", - IoTDevice = "IoTDevice", - Ip = "Ip", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Nic = "Nic", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityAlert = "SecurityAlert", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - Url = "Url" -} - -// @public -export enum KnownEntityMappingType { - Account = "Account", - AzureResource = "AzureResource", - CloudApplication = "CloudApplication", - DNS = "DNS", - File = "File", - FileHash = "FileHash", - Host = "Host", - IP = "IP", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - URL = "URL" -} - -// @public -export enum KnownEntityProviders { - ActiveDirectory = "ActiveDirectory", - AzureActiveDirectory = "AzureActiveDirectory" -} - -// @public -export enum KnownEntityQueryKind { - Activity = "Activity", - Expansion = "Expansion", - Insight = "Insight" -} - -// @public -export enum KnownEntityQueryTemplateKind { - Activity = "Activity" -} - -// @public -export enum KnownEntityTimelineKind { - Activity = "Activity", - Anomaly = "Anomaly", - Bookmark = "Bookmark", - SecurityAlert = "SecurityAlert" -} - -// @public -export enum KnownEntityType { - Account = "Account", - AzureResource = "AzureResource", - CloudApplication = "CloudApplication", - DNS = "DNS", - File = "File", - FileHash = "FileHash", - Host = "Host", - HuntingBookmark = "HuntingBookmark", - IoTDevice = "IoTDevice", - IP = "IP", - Mailbox = "Mailbox", - MailCluster = "MailCluster", - MailMessage = "MailMessage", - Malware = "Malware", - Nic = "Nic", - Process = "Process", - RegistryKey = "RegistryKey", - RegistryValue = "RegistryValue", - SecurityAlert = "SecurityAlert", - SecurityGroup = "SecurityGroup", - SubmissionMail = "SubmissionMail", - URL = "URL" -} - -// @public -export enum KnownEnum13 { - Activity = "Activity", - Expansion = "Expansion" -} - -// @public -export enum KnownEventGroupingAggregationKind { - AlertPerResult = "AlertPerResult", - SingleAlert = "SingleAlert" -} - -// @public -export enum KnownFileHashAlgorithm { - MD5 = "MD5", - SHA1 = "SHA1", - SHA256 = "SHA256", - SHA256AC = "SHA256AC", - Unknown = "Unknown" -} - -// @public -export enum KnownGetInsightsError { - Insight = "Insight" -} - -// @public -export enum KnownIncidentClassification { - BenignPositive = "BenignPositive", - FalsePositive = "FalsePositive", - TruePositive = "TruePositive", - Undetermined = "Undetermined" -} - -// @public -export enum KnownIncidentClassificationReason { - InaccurateData = "InaccurateData", - IncorrectAlertLogic = "IncorrectAlertLogic", - SuspiciousActivity = "SuspiciousActivity", - SuspiciousButExpected = "SuspiciousButExpected" -} - -// @public -export enum KnownIncidentLabelType { - AutoAssigned = "AutoAssigned", - User = "User" -} - -// @public -export enum KnownIncidentSeverity { - High = "High", - Informational = "Informational", - Low = "Low", - Medium = "Medium" -} - -// @public -export enum KnownIncidentStatus { - Active = "Active", - Closed = "Closed", - New = "New" -} - -// @public -export enum KnownKillChainIntent { - Collection = "Collection", - CommandAndControl = "CommandAndControl", - CredentialAccess = "CredentialAccess", - DefenseEvasion = "DefenseEvasion", - Discovery = "Discovery", - Execution = "Execution", - Exfiltration = "Exfiltration", - Exploitation = "Exploitation", - Impact = "Impact", - LateralMovement = "LateralMovement", - Persistence = "Persistence", - PrivilegeEscalation = "PrivilegeEscalation", - Probing = "Probing", - Unknown = "Unknown" -} - -// @public -export enum KnownKind { - AnalyticsRule = "AnalyticsRule", - AnalyticsRuleTemplate = "AnalyticsRuleTemplate", - AutomationRule = "AutomationRule", - AzureFunction = "AzureFunction", - DataConnector = "DataConnector", - DataType = "DataType", - HuntingQuery = "HuntingQuery", - InvestigationQuery = "InvestigationQuery", - LogicAppsCustomConnector = "LogicAppsCustomConnector", - Parser = "Parser", - Playbook = "Playbook", - PlaybookTemplate = "PlaybookTemplate", - Solution = "Solution", - Watchlist = "Watchlist", - WatchlistTemplate = "WatchlistTemplate", - Workbook = "Workbook", - WorkbookTemplate = "WorkbookTemplate" -} - -// @public -export enum KnownMatchingMethod { - AllEntities = "AllEntities", - AnyAlert = "AnyAlert", - Selected = "Selected" -} - -// @public -export enum KnownMicrosoftSecurityProductName { - AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", - AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", - AzureSecurityCenter = "Azure Security Center", - AzureSecurityCenterForIoT = "Azure Security Center for IoT", - MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", - MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection", - Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection" -} - -// @public -export enum KnownOperator { - AND = "AND", - OR = "OR" -} - -// @public -export enum KnownOutputType { - Date = "Date", - Entity = "Entity", - Number = "Number", - String = "String" -} - -// @public -export enum KnownOwnerType { - Group = "Group", - Unknown = "Unknown", - User = "User" -} - -// @public -export enum KnownPermissionProviderScope { - ResourceGroup = "ResourceGroup", - Subscription = "Subscription", - Workspace = "Workspace" -} - -// @public -export enum KnownPollingFrequency { - OnceADay = "OnceADay", - OnceAMinute = "OnceAMinute", - OnceAnHour = "OnceAnHour" -} - -// @public -export enum KnownProviderName { - MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", - MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments", - MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", - MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", - MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", - MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys" -} - -// @public -export enum KnownRegistryHive { - HkeyA = "HKEY_A", - HkeyClassesRoot = "HKEY_CLASSES_ROOT", - HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", - HkeyCurrentUser = "HKEY_CURRENT_USER", - HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", - HkeyLocalMachine = "HKEY_LOCAL_MACHINE", - HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", - HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", - HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", - HkeyUsers = "HKEY_USERS" -} - -// @public -export enum KnownRegistryValueKind { - Binary = "Binary", - DWord = "DWord", - ExpandString = "ExpandString", - MultiString = "MultiString", - None = "None", - QWord = "QWord", - String = "String", - Unknown = "Unknown" -} - -// @public -export enum KnownRepoType { - DevOps = "DevOps", - Github = "Github" -} - -// @public -export enum KnownSecurityMLAnalyticsSettingsKind { - Anomaly = "Anomaly" -} - -// @public -export enum KnownSettingKind { - Anomalies = "Anomalies", - EntityAnalytics = "EntityAnalytics", - EyesOn = "EyesOn", - Ueba = "Ueba" -} - -// @public -export enum KnownSettingsStatus { - Flighting = "Flighting", - Production = "Production" -} - -// @public -export enum KnownSettingType { - CopyableLabel = "CopyableLabel", - InfoMessage = "InfoMessage", - InstructionStepsGroup = "InstructionStepsGroup" -} - -// @public -export enum KnownSourceKind { - Community = "Community", - LocalWorkspace = "LocalWorkspace", - Solution = "Solution", - SourceRepository = "SourceRepository" -} - -// @public -export enum KnownSourceType { - LocalFile = "Local file", - RemoteStorage = "Remote storage" -} - -// @public -export enum KnownSupportTier { - Community = "Community", - Microsoft = "Microsoft", - Partner = "Partner" -} - -// @public -export enum KnownTemplateStatus { - Available = "Available", - Installed = "Installed", - NotAvailable = "NotAvailable" -} - -// @public -export enum KnownThreatIntelligenceResourceKindEnum { - Indicator = "indicator" -} - -// @public -export enum KnownThreatIntelligenceSortingCriteriaEnum { - Ascending = "ascending", - Descending = "descending", - Unsorted = "unsorted" -} - -// @public -export enum KnownTriggersOn { - Alerts = "Alerts", - Incidents = "Incidents" -} - -// @public -export enum KnownTriggersWhen { - Created = "Created", - Updated = "Updated" -} - -// @public -export enum KnownUebaDataSources { - AuditLogs = "AuditLogs", - AzureActivity = "AzureActivity", - SecurityEvent = "SecurityEvent", - SigninLogs = "SigninLogs" -} - -// @public -export enum KnownVersion { - V1 = "V1", - V2 = "V2" -} - -// @public -export interface LastDataReceivedDataType { - lastDataReceivedQuery?: string; - name?: string; -} - -// @public -export interface MailboxEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly displayName?: string; - readonly externalDirectoryObjectId?: string; - readonly friendlyName?: string; - readonly mailboxPrimaryAddress?: string; - readonly upn?: string; -} - -// @public -export interface MailboxEntityProperties extends EntityCommonProperties { - readonly displayName?: string; - readonly externalDirectoryObjectId?: string; - readonly mailboxPrimaryAddress?: string; - readonly upn?: string; -} - -// @public -export interface MailClusterEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly clusterGroup?: string; - readonly clusterQueryEndTime?: Date; - readonly clusterQueryStartTime?: Date; - readonly clusterSourceIdentifier?: string; - readonly clusterSourceType?: string; - readonly countByDeliveryStatus?: Record; - readonly countByProtectionStatus?: Record; - readonly countByThreatType?: Record; - readonly friendlyName?: string; - readonly isVolumeAnomaly?: boolean; - readonly mailCount?: number; - readonly networkMessageIds?: string[]; - readonly query?: string; - readonly queryTime?: Date; - readonly source?: string; - readonly threats?: string[]; -} - -// @public -export interface MailClusterEntityProperties extends EntityCommonProperties { - readonly clusterGroup?: string; - readonly clusterQueryEndTime?: Date; - readonly clusterQueryStartTime?: Date; - readonly clusterSourceIdentifier?: string; - readonly clusterSourceType?: string; - readonly countByDeliveryStatus?: Record; - readonly countByProtectionStatus?: Record; - readonly countByThreatType?: Record; - readonly isVolumeAnomaly?: boolean; - readonly mailCount?: number; - readonly networkMessageIds?: string[]; - readonly query?: string; - readonly queryTime?: Date; - readonly source?: string; - readonly threats?: string[]; -} - -// @public -export interface MailMessageEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - antispamDirection?: AntispamMailDirection; - bodyFingerprintBin1?: number; - bodyFingerprintBin2?: number; - bodyFingerprintBin3?: number; - bodyFingerprintBin4?: number; - bodyFingerprintBin5?: number; - deliveryAction?: DeliveryAction; - deliveryLocation?: DeliveryLocation; - readonly fileEntityIds?: string[]; - readonly friendlyName?: string; - readonly internetMessageId?: string; - readonly language?: string; - readonly networkMessageId?: string; - readonly p1Sender?: string; - readonly p1SenderDisplayName?: string; - readonly p1SenderDomain?: string; - readonly p2Sender?: string; - readonly p2SenderDisplayName?: string; - readonly p2SenderDomain?: string; - readonly receiveDate?: Date; - readonly recipient?: string; - readonly senderIP?: string; - readonly subject?: string; - readonly threatDetectionMethods?: string[]; - readonly threats?: string[]; - readonly urls?: string[]; -} - -// @public -export interface MailMessageEntityProperties extends EntityCommonProperties { - antispamDirection?: AntispamMailDirection; - bodyFingerprintBin1?: number; - bodyFingerprintBin2?: number; - bodyFingerprintBin3?: number; - bodyFingerprintBin4?: number; - bodyFingerprintBin5?: number; - deliveryAction?: DeliveryAction; - deliveryLocation?: DeliveryLocation; - readonly fileEntityIds?: string[]; - readonly internetMessageId?: string; - readonly language?: string; - readonly networkMessageId?: string; - readonly p1Sender?: string; - readonly p1SenderDisplayName?: string; - readonly p1SenderDomain?: string; - readonly p2Sender?: string; - readonly p2SenderDisplayName?: string; - readonly p2SenderDomain?: string; - readonly receiveDate?: Date; - readonly recipient?: string; - readonly senderIP?: string; - readonly subject?: string; - readonly threatDetectionMethods?: string[]; - readonly threats?: string[]; - readonly urls?: string[]; -} - -// @public -export interface MalwareEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly category?: string; - readonly fileEntityIds?: string[]; - readonly friendlyName?: string; - readonly malwareName?: string; - readonly processEntityIds?: string[]; -} - -// @public -export interface MalwareEntityProperties extends EntityCommonProperties { - readonly category?: string; - readonly fileEntityIds?: string[]; - readonly malwareName?: string; - readonly processEntityIds?: string[]; -} - -// @public (undocumented) -export interface ManualTriggerRequestBody { - // (undocumented) - logicAppsResourceId?: string; - // (undocumented) - tenantId?: string; -} - -// @public -export type MatchingMethod = string; - -// @public -export interface McasCheckRequirements extends DataConnectorsCheckRequirements { - kind: "MicrosoftCloudAppSecurity"; - tenantId?: string; -} - -// @public -export interface McasCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface McasDataConnector extends DataConnector { - dataTypes?: McasDataConnectorDataTypes; - tenantId?: string; -} - -// @public -export interface McasDataConnectorDataTypes extends AlertsDataTypeOfDataConnector { - discoveryLogs?: DataConnectorDataTypeCommon; -} - -// @public -export interface McasDataConnectorProperties extends DataConnectorTenantId { - dataTypes: McasDataConnectorDataTypes; -} - -// @public -export interface MdatpCheckRequirements extends DataConnectorsCheckRequirements { - kind: "MicrosoftDefenderAdvancedThreatProtection"; - tenantId?: string; -} - -// @public -export interface MdatpCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface MdatpDataConnector extends DataConnector { - dataTypes?: AlertsDataTypeOfDataConnector; - tenantId?: string; -} - -// @public -export interface MdatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties { -} - -// @public -export interface Metadata { - create(resourceGroupName: string, workspaceName: string, metadataName: string, metadata: MetadataModel, options?: MetadataCreateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: MetadataListOptionalParams): PagedAsyncIterableIterator; - update(resourceGroupName: string, workspaceName: string, metadataName: string, metadataPatch: MetadataPatch, options?: MetadataUpdateOptionalParams): Promise; -} - -// @public -export interface MetadataAuthor { - email?: string; - link?: string; - name?: string; -} - -// @public -export interface MetadataCategories { - domains?: string[]; - verticals?: string[]; -} - -// @public -export interface MetadataCreateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataCreateResponse = MetadataModel; - -// @public -export interface MetadataDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface MetadataDependencies { - contentId?: string; - criteria?: MetadataDependencies[]; - kind?: Kind; - name?: string; - operator?: Operator; - version?: string; -} - -// @public -export interface MetadataGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataGetResponse = MetadataModel; - -// @public -export interface MetadataList { - readonly nextLink?: string; - value: MetadataModel[]; -} - -// @public -export interface MetadataListNextOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skip?: number; - top?: number; -} - -// @public -export type MetadataListNextResponse = MetadataList; - -// @public -export interface MetadataListOptionalParams extends coreClient.OperationOptions { - filter?: string; - orderby?: string; - skip?: number; - top?: number; -} - -// @public -export type MetadataListResponse = MetadataList; - -// @public -export interface MetadataModel extends ResourceWithEtag { - author?: MetadataAuthor; - categories?: MetadataCategories; - contentId?: string; - contentSchemaVersion?: string; - customVersion?: string; - dependencies?: MetadataDependencies; - firstPublishDate?: Date; - icon?: string; - kind?: Kind; - lastPublishDate?: Date; - parentId?: string; - previewImages?: string[]; - previewImagesDark?: string[]; - providers?: string[]; - source?: MetadataSource; - support?: MetadataSupport; - threatAnalysisTactics?: string[]; - threatAnalysisTechniques?: string[]; - version?: string; -} - -// @public -export interface MetadataPatch extends ResourceWithEtag { - author?: MetadataAuthor; - categories?: MetadataCategories; - contentId?: string; - contentSchemaVersion?: string; - customVersion?: string; - dependencies?: MetadataDependencies; - firstPublishDate?: Date; - icon?: string; - kind?: Kind; - lastPublishDate?: Date; - parentId?: string; - previewImages?: string[]; - previewImagesDark?: string[]; - providers?: string[]; - source?: MetadataSource; - support?: MetadataSupport; - threatAnalysisTactics?: string[]; - threatAnalysisTechniques?: string[]; - version?: string; -} - -// @public -export interface MetadataSource { - kind: SourceKind; - name?: string; - sourceId?: string; -} - -// @public -export interface MetadataSupport { - email?: string; - link?: string; - name?: string; - tier: SupportTier; -} - -// @public -export interface MetadataUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type MetadataUpdateResponse = MetadataModel; - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule { - alertRuleTemplateName?: string; - description?: string; - displayName?: string; - displayNamesExcludeFilter?: string[]; - displayNamesFilter?: string[]; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - productFilter?: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; -} - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { - displayNamesExcludeFilter?: string[]; - displayNamesFilter?: string[]; - productFilter: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; -} - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRuleProperties extends MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { - alertRuleTemplateName?: string; - description?: string; - displayName: string; - enabled: boolean; - readonly lastModifiedUtc?: Date; -} - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate extends AlertRuleTemplate { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - displayNamesExcludeFilter?: string[]; - displayNamesFilter?: string[]; - readonly lastUpdatedDateUTC?: Date; - productFilter?: MicrosoftSecurityProductName; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - severitiesFilter?: AlertSeverity[]; - status?: TemplateStatus; -} - -// @public -export interface MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties extends AlertRuleTemplatePropertiesBase { - displayNamesExcludeFilter?: string[]; - displayNamesFilter?: string[]; - productFilter?: MicrosoftSecurityProductName; - severitiesFilter?: AlertSeverity[]; -} - -// @public -export type MicrosoftSecurityProductName = string; - -// @public -export interface MLBehaviorAnalyticsAlertRule extends AlertRule { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - readonly severity?: AlertSeverity; - readonly tactics?: AttackTactic[]; - readonly techniques?: string[]; -} - -// @public -export interface MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - readonly lastUpdatedDateUTC?: Date; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - severity?: AlertSeverity; - status?: TemplateStatus; - tactics?: AttackTactic[]; - techniques?: string[]; -} - -// @public -export interface MLBehaviorAnalyticsAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties { - severity: AlertSeverity; -} - -// @public -export interface MstiCheckRequirements extends DataConnectorsCheckRequirements { - kind: "MicrosoftThreatIntelligence"; - tenantId?: string; -} - -// @public -export interface MstiCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface MstiDataConnector extends DataConnector { - dataTypes?: MstiDataConnectorDataTypes; - tenantId?: string; -} - -// @public -export interface MstiDataConnectorDataTypes { - bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; - microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; -} - -// @public -export interface MstiDataConnectorDataTypesBingSafetyPhishingURL extends DataConnectorDataTypeCommon { - lookbackPeriod: string; +export enum KnownAutomationRulePropertyConditionSupportedProperty { + AccountAadTenantId = "AccountAadTenantId", + AccountAadUserId = "AccountAadUserId", + AccountName = "AccountName", + AccountNTDomain = "AccountNTDomain", + AccountObjectGuid = "AccountObjectGuid", + AccountPuid = "AccountPUID", + AccountSid = "AccountSid", + AccountUPNSuffix = "AccountUPNSuffix", + AlertProductNames = "AlertProductNames", + AzureResourceResourceId = "AzureResourceResourceId", + AzureResourceSubscriptionId = "AzureResourceSubscriptionId", + CloudApplicationAppId = "CloudApplicationAppId", + CloudApplicationAppName = "CloudApplicationAppName", + DNSDomainName = "DNSDomainName", + FileDirectory = "FileDirectory", + FileHashValue = "FileHashValue", + FileName = "FileName", + HostAzureID = "HostAzureID", + HostName = "HostName", + HostNetBiosName = "HostNetBiosName", + HostNTDomain = "HostNTDomain", + HostOSVersion = "HostOSVersion", + IncidentDescription = "IncidentDescription", + IncidentLabel = "IncidentLabel", + IncidentProviderName = "IncidentProviderName", + IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds", + IncidentSeverity = "IncidentSeverity", + IncidentStatus = "IncidentStatus", + IncidentTactics = "IncidentTactics", + IncidentTitle = "IncidentTitle", + IoTDeviceId = "IoTDeviceId", + IoTDeviceModel = "IoTDeviceModel", + IoTDeviceName = "IoTDeviceName", + IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem", + IoTDeviceType = "IoTDeviceType", + IoTDeviceVendor = "IoTDeviceVendor", + IPAddress = "IPAddress", + MailboxDisplayName = "MailboxDisplayName", + MailboxPrimaryAddress = "MailboxPrimaryAddress", + MailboxUPN = "MailboxUPN", + MailMessageDeliveryAction = "MailMessageDeliveryAction", + MailMessageDeliveryLocation = "MailMessageDeliveryLocation", + MailMessageP1Sender = "MailMessageP1Sender", + MailMessageP2Sender = "MailMessageP2Sender", + MailMessageRecipient = "MailMessageRecipient", + MailMessageSenderIP = "MailMessageSenderIP", + MailMessageSubject = "MailMessageSubject", + MalwareCategory = "MalwareCategory", + MalwareName = "MalwareName", + ProcessCommandLine = "ProcessCommandLine", + ProcessId = "ProcessId", + RegistryKey = "RegistryKey", + RegistryValueData = "RegistryValueData", + Url = "Url" } // @public -export interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed extends DataConnectorDataTypeCommon { - lookbackPeriod: string; +export enum KnownConditionType { + Property = "Property" } // @public -export interface MstiDataConnectorProperties extends DataConnectorTenantId { - dataTypes: MstiDataConnectorDataTypes; +export enum KnownConfidenceLevel { + High = "High", + Low = "Low", + Unknown = "Unknown" } // @public -export interface MtpCheckRequirements extends DataConnectorsCheckRequirements { - kind: "MicrosoftThreatProtection"; - tenantId?: string; +export enum KnownConfidenceScoreStatus { + Final = "Final", + InProcess = "InProcess", + NotApplicable = "NotApplicable", + NotFinal = "NotFinal" } // @public -export interface MTPCheckRequirementsProperties extends DataConnectorTenantId { +export enum KnownCreatedByType { + // (undocumented) + Application = "Application", + // (undocumented) + Key = "Key", + // (undocumented) + ManagedIdentity = "ManagedIdentity", + // (undocumented) + User = "User" } // @public -export interface MTPDataConnector extends DataConnector { - dataTypes?: MTPDataConnectorDataTypes; - tenantId?: string; +export enum KnownDataConnectorKind { + // (undocumented) + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + // (undocumented) + AzureActiveDirectory = "AzureActiveDirectory", + // (undocumented) + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + // (undocumented) + AzureSecurityCenter = "AzureSecurityCenter", + // (undocumented) + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + // (undocumented) + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", + // (undocumented) + Office365 = "Office365", + // (undocumented) + ThreatIntelligence = "ThreatIntelligence" } // @public -export interface MTPDataConnectorDataTypes { - incidents: MTPDataConnectorDataTypesIncidents; +export enum KnownDataTypeState { + // (undocumented) + Disabled = "Disabled", + // (undocumented) + Enabled = "Enabled" } // @public -export interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon { +export enum KnownEntityKindEnum { + Account = "Account", + AzureResource = "AzureResource", + Bookmark = "Bookmark", + CloudApplication = "CloudApplication", + DnsResolution = "DnsResolution", + File = "File", + FileHash = "FileHash", + Host = "Host", + IoTDevice = "IoTDevice", + Ip = "Ip", + Mailbox = "Mailbox", + MailCluster = "MailCluster", + MailMessage = "MailMessage", + Malware = "Malware", + Process = "Process", + RegistryKey = "RegistryKey", + RegistryValue = "RegistryValue", + SecurityAlert = "SecurityAlert", + SecurityGroup = "SecurityGroup", + SubmissionMail = "SubmissionMail", + Url = "Url" } // @public -export interface MTPDataConnectorProperties extends DataConnectorTenantId { - dataTypes: MTPDataConnectorDataTypes; +export enum KnownEntityMappingType { + Account = "Account", + AzureResource = "AzureResource", + CloudApplication = "CloudApplication", + DNS = "DNS", + File = "File", + FileHash = "FileHash", + Host = "Host", + IP = "IP", + Mailbox = "Mailbox", + MailCluster = "MailCluster", + MailMessage = "MailMessage", + Malware = "Malware", + Process = "Process", + RegistryKey = "RegistryKey", + RegistryValue = "RegistryValue", + SecurityGroup = "SecurityGroup", + SubmissionMail = "SubmissionMail", + URL = "URL" } // @public -export interface NicEntity extends Entity { - readonly additionalData?: { - [propertyName: string]: Record; - }; - readonly friendlyName?: string; - readonly ipAddressEntityId?: string; - readonly macAddress?: string; - readonly vlans?: string[]; +export enum KnownEventGroupingAggregationKind { + // (undocumented) + AlertPerResult = "AlertPerResult", + // (undocumented) + SingleAlert = "SingleAlert" } // @public -export interface NicEntityProperties extends EntityCommonProperties { - readonly ipAddressEntityId?: string; - readonly macAddress?: string; - readonly vlans?: string[]; +export enum KnownFileHashAlgorithm { + MD5 = "MD5", + SHA1 = "SHA1", + SHA256 = "SHA256", + SHA256AC = "SHA256AC", + Unknown = "Unknown" } // @public -export interface NrtAlertRule extends AlertRule { - alertDetailsOverride?: AlertDetailsOverride; - alertRuleTemplateName?: string; - customDetails?: { - [propertyName: string]: string; - }; - description?: string; - displayName?: string; - enabled?: boolean; - entityMappings?: EntityMapping[]; - incidentConfiguration?: IncidentConfiguration; - readonly lastModifiedUtc?: Date; - query?: string; - severity?: AlertSeverity; - suppressionDuration?: string; - suppressionEnabled?: boolean; - tactics?: AttackTactic[]; - techniques?: string[]; - templateVersion?: string; +export enum KnownIncidentClassification { + BenignPositive = "BenignPositive", + FalsePositive = "FalsePositive", + TruePositive = "TruePositive", + Undetermined = "Undetermined" } // @public -export interface NrtAlertRuleTemplate extends AlertRuleTemplate { - alertDetailsOverride?: AlertDetailsOverride; - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - customDetails?: { - [propertyName: string]: string; - }; - description?: string; - displayName?: string; - entityMappings?: EntityMapping[]; - readonly lastUpdatedDateUTC?: Date; - query?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - severity?: AlertSeverity; - status?: TemplateStatus; - tactics?: AttackTactic[]; - techniques?: string[]; - version?: string; +export enum KnownIncidentClassificationReason { + InaccurateData = "InaccurateData", + IncorrectAlertLogic = "IncorrectAlertLogic", + SuspiciousActivity = "SuspiciousActivity", + SuspiciousButExpected = "SuspiciousButExpected" } // @public -export interface NrtAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties { +export enum KnownIncidentLabelType { + AutoAssigned = "AutoAssigned", + User = "User" } // @public -export interface Office365ProjectCheckRequirements extends DataConnectorsCheckRequirements { - kind: "Office365Project"; - tenantId?: string; +export enum KnownIncidentSeverity { + High = "High", + Informational = "Informational", + Low = "Low", + Medium = "Medium" } // @public -export interface Office365ProjectCheckRequirementsProperties extends DataConnectorTenantId { +export enum KnownIncidentStatus { + Active = "Active", + Closed = "Closed", + New = "New" } // @public -export interface Office365ProjectConnectorDataTypes { - logs: Office365ProjectConnectorDataTypesLogs; +export enum KnownKillChainIntent { + Collection = "Collection", + CommandAndControl = "CommandAndControl", + CredentialAccess = "CredentialAccess", + DefenseEvasion = "DefenseEvasion", + Discovery = "Discovery", + Execution = "Execution", + Exfiltration = "Exfiltration", + Exploitation = "Exploitation", + Impact = "Impact", + LateralMovement = "LateralMovement", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + Probing = "Probing", + Unknown = "Unknown" } // @public -export interface Office365ProjectConnectorDataTypesLogs extends DataConnectorDataTypeCommon { +export enum KnownMatchingMethod { + AllEntities = "AllEntities", + AnyAlert = "AnyAlert", + Selected = "Selected" } // @public -export interface Office365ProjectDataConnector extends DataConnector { - dataTypes?: Office365ProjectConnectorDataTypes; - tenantId?: string; +export enum KnownMicrosoftSecurityProductName { + // (undocumented) + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + // (undocumented) + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + // (undocumented) + AzureSecurityCenter = "Azure Security Center", + // (undocumented) + AzureSecurityCenterForIoT = "Azure Security Center for IoT", + // (undocumented) + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security" } // @public -export interface Office365ProjectDataConnectorProperties extends DataConnectorTenantId { - dataTypes: Office365ProjectConnectorDataTypes; +export enum KnownOwnerType { + Group = "Group", + Unknown = "Unknown", + User = "User" } // @public -export interface OfficeATPCheckRequirements extends DataConnectorsCheckRequirements { - kind: "OfficeATP"; - tenantId?: string; +export enum KnownRegistryHive { + HkeyA = "HKEY_A", + HkeyClassesRoot = "HKEY_CLASSES_ROOT", + HkeyCurrentConfig = "HKEY_CURRENT_CONFIG", + HkeyCurrentUser = "HKEY_CURRENT_USER", + HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS", + HkeyLocalMachine = "HKEY_LOCAL_MACHINE", + HkeyPerformanceData = "HKEY_PERFORMANCE_DATA", + HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT", + HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT", + HkeyUsers = "HKEY_USERS" } // @public -export interface OfficeATPCheckRequirementsProperties extends DataConnectorTenantId { +export enum KnownRegistryValueKind { + Binary = "Binary", + DWord = "DWord", + ExpandString = "ExpandString", + MultiString = "MultiString", + None = "None", + QWord = "QWord", + String = "String", + Unknown = "Unknown" } // @public -export interface OfficeATPDataConnector extends DataConnector { - dataTypes?: AlertsDataTypeOfDataConnector; - tenantId?: string; +export enum KnownSource { + // (undocumented) + LocalFile = "Local file", + // (undocumented) + RemoteStorage = "Remote storage" } // @public -export interface OfficeATPDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties { +export enum KnownTemplateStatus { + Available = "Available", + Installed = "Installed", + NotAvailable = "NotAvailable" } // @public -export interface OfficeConsent extends Resource { - consentId?: string; - tenantId?: string; +export enum KnownThreatIntelligenceResourceInnerKind { + Indicator = "indicator" } // @public -export interface OfficeConsentList { - readonly nextLink?: string; - value: OfficeConsent[]; +export enum KnownThreatIntelligenceSortingOrder { + // (undocumented) + Ascending = "ascending", + // (undocumented) + Descending = "descending", + // (undocumented) + Unsorted = "unsorted" } // @public -export interface OfficeConsents { - delete(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: OfficeConsentsListOptionalParams): PagedAsyncIterableIterator; +export enum KnownTriggersOn { + Incidents = "Incidents" } // @public -export interface OfficeConsentsDeleteOptionalParams extends coreClient.OperationOptions { +export enum KnownTriggersWhen { + Created = "Created" } // @public -export interface OfficeConsentsGetOptionalParams extends coreClient.OperationOptions { -} +export type MailboxEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly mailboxPrimaryAddress?: string; + readonly displayName?: string; + readonly upn?: string; + readonly externalDirectoryObjectId?: string; +}; // @public -export type OfficeConsentsGetResponse = OfficeConsent; +export type MailboxEntityProperties = EntityCommonProperties & { + readonly mailboxPrimaryAddress?: string; + readonly displayName?: string; + readonly upn?: string; + readonly externalDirectoryObjectId?: string; +}; // @public -export interface OfficeConsentsListNextOptionalParams extends coreClient.OperationOptions { -} +export type MailClusterEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly networkMessageIds?: string[]; + readonly countByDeliveryStatus?: Record; + readonly countByThreatType?: Record; + readonly countByProtectionStatus?: Record; + readonly threats?: string[]; + readonly query?: string; + readonly queryTime?: Date; + readonly mailCount?: number; + readonly isVolumeAnomaly?: boolean; + readonly source?: string; + readonly clusterSourceIdentifier?: string; + readonly clusterSourceType?: string; + readonly clusterQueryStartTime?: Date; + readonly clusterQueryEndTime?: Date; + readonly clusterGroup?: string; +}; // @public -export type OfficeConsentsListNextResponse = OfficeConsentList; +export type MailClusterEntityProperties = EntityCommonProperties & { + readonly networkMessageIds?: string[]; + readonly countByDeliveryStatus?: Record; + readonly countByThreatType?: Record; + readonly countByProtectionStatus?: Record; + readonly threats?: string[]; + readonly query?: string; + readonly queryTime?: Date; + readonly mailCount?: number; + readonly isVolumeAnomaly?: boolean; + readonly source?: string; + readonly clusterSourceIdentifier?: string; + readonly clusterSourceType?: string; + readonly clusterQueryStartTime?: Date; + readonly clusterQueryEndTime?: Date; + readonly clusterGroup?: string; +}; // @public -export interface OfficeConsentsListOptionalParams extends coreClient.OperationOptions { -} +export type MailMessageEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly fileEntityIds?: string[]; + readonly recipient?: string; + readonly urls?: string[]; + readonly threats?: string[]; + readonly p1Sender?: string; + readonly p1SenderDisplayName?: string; + readonly p1SenderDomain?: string; + readonly senderIP?: string; + readonly p2Sender?: string; + readonly p2SenderDisplayName?: string; + readonly p2SenderDomain?: string; + readonly receiveDate?: Date; + readonly networkMessageId?: string; + readonly internetMessageId?: string; + readonly subject?: string; + readonly language?: string; + readonly threatDetectionMethods?: string[]; + bodyFingerprintBin1?: number; + bodyFingerprintBin2?: number; + bodyFingerprintBin3?: number; + bodyFingerprintBin4?: number; + bodyFingerprintBin5?: number; + antispamDirection?: AntispamMailDirection; + deliveryAction?: DeliveryAction; + deliveryLocation?: DeliveryLocation; +}; // @public -export type OfficeConsentsListResponse = OfficeConsentList; +export type MailMessageEntityProperties = EntityCommonProperties & { + readonly fileEntityIds?: string[]; + readonly recipient?: string; + readonly urls?: string[]; + readonly threats?: string[]; + readonly p1Sender?: string; + readonly p1SenderDisplayName?: string; + readonly p1SenderDomain?: string; + readonly senderIP?: string; + readonly p2Sender?: string; + readonly p2SenderDisplayName?: string; + readonly p2SenderDomain?: string; + readonly receiveDate?: Date; + readonly networkMessageId?: string; + readonly internetMessageId?: string; + readonly subject?: string; + readonly language?: string; + readonly threatDetectionMethods?: string[]; + bodyFingerprintBin1?: number; + bodyFingerprintBin2?: number; + bodyFingerprintBin3?: number; + bodyFingerprintBin4?: number; + bodyFingerprintBin5?: number; + antispamDirection?: AntispamMailDirection; + deliveryAction?: DeliveryAction; + deliveryLocation?: DeliveryLocation; +}; // @public -export interface OfficeDataConnector extends DataConnector { - dataTypes?: OfficeDataConnectorDataTypes; - tenantId?: string; -} +export type MalwareEntity = Entity & { + readonly additionalData?: { + [propertyName: string]: Record; + }; + readonly friendlyName?: string; + readonly category?: string; + readonly fileEntityIds?: string[]; + readonly malwareName?: string; + readonly processEntityIds?: string[]; +}; // @public -export interface OfficeDataConnectorDataTypes { - exchange: OfficeDataConnectorDataTypesExchange; - sharePoint: OfficeDataConnectorDataTypesSharePoint; - teams: OfficeDataConnectorDataTypesTeams; -} +export type MalwareEntityProperties = EntityCommonProperties & { + readonly category?: string; + readonly fileEntityIds?: string[]; + readonly malwareName?: string; + readonly processEntityIds?: string[]; +}; // @public -export interface OfficeDataConnectorDataTypesExchange extends DataConnectorDataTypeCommon { -} +export type MatchingMethod = string; // @public -export interface OfficeDataConnectorDataTypesSharePoint extends DataConnectorDataTypeCommon { -} +export type McasDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: McasDataConnectorDataTypes; +}; // @public -export interface OfficeDataConnectorDataTypesTeams extends DataConnectorDataTypeCommon { -} +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { + discoveryLogs?: DataConnectorDataTypeCommon; +}; // @public -export interface OfficeDataConnectorProperties extends DataConnectorTenantId { - dataTypes: OfficeDataConnectorDataTypes; -} +export type MdatpDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: AlertsDataTypeOfDataConnector; +}; // @public -export interface OfficeIRMCheckRequirements extends DataConnectorsCheckRequirements { - kind: "OfficeIRM"; - tenantId?: string; -} +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; + alertRuleTemplateName?: string; + description?: string; + displayName?: string; + enabled?: boolean; + readonly lastModifiedUtc?: Date; +}; // @public -export interface OfficeIRMCheckRequirementsProperties extends DataConnectorTenantId { +export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { + displayNamesExcludeFilter?: string[]; + displayNamesFilter?: string[]; + productFilter: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; } // @public -export interface OfficeIRMDataConnector extends DataConnector { - dataTypes?: AlertsDataTypeOfDataConnector; - tenantId?: string; -} +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { + alertRuleTemplateName?: string; + description?: string; + displayName: string; + enabled: boolean; + readonly lastModifiedUtc?: Date; +}; // @public -export interface OfficeIRMDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties { -} +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { + alertRulesCreatedByTemplateCount?: number; + readonly createdDateUTC?: Date; + readonly lastUpdatedDateUTC?: Date; + description?: string; + displayName?: string; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; + displayNamesFilter?: string[]; + displayNamesExcludeFilter?: string[]; + productFilter?: MicrosoftSecurityProductName; + severitiesFilter?: AlertSeverity[]; +}; // @public -export interface OfficePowerBICheckRequirements extends DataConnectorsCheckRequirements { - kind: "OfficePowerBI"; - tenantId?: string; -} +export type MicrosoftSecurityProductName = string; // @public -export interface OfficePowerBICheckRequirementsProperties extends DataConnectorTenantId { -} +export type OfficeDataConnector = DataConnector & { + tenantId?: string; + dataTypes?: OfficeDataConnectorDataTypes; +}; // @public -export interface OfficePowerBIConnectorDataTypes { - logs: OfficePowerBIConnectorDataTypesLogs; +export interface OfficeDataConnectorDataTypes { + exchange?: OfficeDataConnectorDataTypesExchange; + sharePoint?: OfficeDataConnectorDataTypesSharePoint; + teams?: OfficeDataConnectorDataTypesTeams; } // @public -export interface OfficePowerBIConnectorDataTypesLogs extends DataConnectorDataTypeCommon { -} +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; // @public -export interface OfficePowerBIDataConnector extends DataConnector { - dataTypes?: OfficePowerBIConnectorDataTypes; - tenantId?: string; -} +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; // @public -export interface OfficePowerBIDataConnectorProperties extends DataConnectorTenantId { - dataTypes: OfficePowerBIConnectorDataTypes; -} +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; // @public export interface Operation { @@ -3988,64 +1900,37 @@ export interface OperationsListOptionalParams extends coreClient.OperationOption // @public export type OperationsListResponse = OperationsList; -// @public -export type Operator = string; - // @public export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown"; -// @public -export type OutputType = string; - // @public export type OwnerType = string; -// @public -export type PermissionProviderScope = string; - -// @public -interface Permissions_2 { - customs?: PermissionsCustomsItem[]; - resourceProvider?: PermissionsResourceProviderItem[]; -} -export { Permissions_2 as Permissions } - -// @public (undocumented) -export interface PermissionsCustomsItem extends Customs { -} - -// @public (undocumented) -export interface PermissionsResourceProviderItem extends ResourceProvider { -} - // @public (undocumented) export interface PlaybookActionProperties { - logicAppResourceId?: string; + logicAppResourceId: string; tenantId?: string; } // @public -export type PollingFrequency = string; - -// @public -export interface ProcessEntity extends Entity { - readonly accountEntityId?: string; +export type ProcessEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; + readonly friendlyName?: string; + readonly accountEntityId?: string; readonly commandLine?: string; readonly creationTimeUtc?: Date; elevationToken?: ElevationToken; - readonly friendlyName?: string; readonly hostEntityId?: string; readonly hostLogonSessionEntityId?: string; readonly imageFileEntityId?: string; readonly parentProcessEntityId?: string; readonly processId?: string; -} +}; // @public -export interface ProcessEntityProperties extends EntityCommonProperties { +export type ProcessEntityProperties = EntityCommonProperties & { readonly accountEntityId?: string; readonly commandLine?: string; readonly creationTimeUtc?: Date; @@ -4055,98 +1940,35 @@ export interface ProcessEntityProperties extends EntityCommonProperties { readonly imageFileEntityId?: string; readonly parentProcessEntityId?: string; readonly processId?: string; -} - -// @public -export interface ProductSettings { - delete(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: ProductSettingsListOptionalParams): Promise; - update(resourceGroupName: string, workspaceName: string, settingsName: string, settings: SettingsUnion, options?: ProductSettingsUpdateOptionalParams): Promise; -} - -// @public -export interface ProductSettingsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface ProductSettingsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsGetResponse = SettingsUnion; - -// @public -export interface ProductSettingsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsListResponse = SettingList; - -// @public -export interface ProductSettingsUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type ProductSettingsUpdateResponse = SettingsUnion; - -// @public -export interface PropertyArrayChangedConditionProperties extends AutomationRuleCondition { - // (undocumented) - conditionProperties?: AutomationRulePropertyArrayChangedValuesCondition; - conditionType: "PropertyArrayChanged"; -} - -// @public -export interface PropertyChangedConditionProperties extends AutomationRuleCondition { - // (undocumented) - conditionProperties?: AutomationRulePropertyValuesChangedCondition; - conditionType: "PropertyChanged"; -} - -// @public -export interface PropertyConditionProperties extends AutomationRuleCondition { - // (undocumented) - conditionProperties?: AutomationRulePropertyValuesCondition; - conditionType: "Property"; -} - -// @public -export type ProviderName = string; +}; // @public -export interface QueryBasedAlertRuleTemplateProperties { - alertDetailsOverride?: AlertDetailsOverride; - customDetails?: { - [propertyName: string]: string; - }; - entityMappings?: EntityMapping[]; - query?: string; - severity?: AlertSeverity; - version?: string; -} +export type PropertyConditionProperties = AutomationRuleCondition & { + conditionType: "Property"; + conditionProperties?: AutomationRulePropertyValuesCondition; +}; // @public export type RegistryHive = string; // @public -export interface RegistryKeyEntity extends Entity { +export type RegistryKeyEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; readonly friendlyName?: string; readonly hive?: RegistryHive; readonly key?: string; -} +}; // @public -export interface RegistryKeyEntityProperties extends EntityCommonProperties { +export type RegistryKeyEntityProperties = EntityCommonProperties & { readonly hive?: RegistryHive; readonly key?: string; -} +}; // @public -export interface RegistryValueEntity extends Entity { +export type RegistryValueEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; @@ -4155,26 +1977,26 @@ export interface RegistryValueEntity extends Entity { readonly valueData?: string; readonly valueName?: string; readonly valueType?: RegistryValueKind; -} +}; // @public -export interface RegistryValueEntityProperties extends EntityCommonProperties { +export type RegistryValueEntityProperties = EntityCommonProperties & { readonly keyEntityId?: string; readonly valueData?: string; readonly valueName?: string; readonly valueType?: RegistryValueKind; -} +}; // @public export type RegistryValueKind = string; // @public -export interface Relation extends ResourceWithEtag { +export type Relation = ResourceWithEtag & { relatedResourceId?: string; - readonly relatedResourceKind?: string; readonly relatedResourceName?: string; readonly relatedResourceType?: string; -} + readonly relatedResourceKind?: string; +}; // @public export interface RelationList { @@ -4182,46 +2004,6 @@ export interface RelationList { value: Relation[]; } -// @public -export interface Repo { - branches?: string[]; - fullName?: string; - url?: string; -} - -// @public -export interface RepoList { - readonly nextLink?: string; - value: Repo[]; -} - -// @public -export interface Repository { - branch?: string; - deploymentLogsUrl?: string; - displayUrl?: string; - pathMapping?: ContentPathMap[]; - url?: string; -} - -// @public -export interface RepositoryResourceInfo { - azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; - gitHubResourceInfo?: GitHubResourceInfo; - webhook?: Webhook; -} - -// @public -export type RepoType = string; - -// @public -export interface RequiredPermissions { - action?: boolean; - delete?: boolean; - read?: boolean; - write?: boolean; -} - // @public export interface Resource { readonly id?: string; @@ -4231,51 +2013,36 @@ export interface Resource { } // @public -export interface ResourceProvider { - permissionsDisplayText?: string; - provider?: ProviderName; - providerDisplayName?: string; - requiredPermissions?: RequiredPermissions; - scope?: PermissionProviderScope; -} - -// @public -export interface ResourceWithEtag extends Resource { +export type ResourceWithEtag = Resource & { etag?: string; -} +}; // @public -export interface SampleQueries { - description?: string; +export type ScheduledAlertRule = AlertRule & { query?: string; -} - -// @public -export interface ScheduledAlertRule extends AlertRule { - alertDetailsOverride?: AlertDetailsOverride; - alertRuleTemplateName?: string; + queryFrequency?: string; + queryPeriod?: string; + severity?: AlertSeverity; + triggerOperator?: TriggerOperator; + triggerThreshold?: number; + eventGroupingSettings?: EventGroupingSettings; customDetails?: { [propertyName: string]: string; }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; + alertRuleTemplateName?: string; + templateVersion?: string; description?: string; displayName?: string; enabled?: boolean; - entityMappings?: EntityMapping[]; - eventGroupingSettings?: EventGroupingSettings; - incidentConfiguration?: IncidentConfiguration; readonly lastModifiedUtc?: Date; - query?: string; - queryFrequency?: string; - queryPeriod?: string; - severity?: AlertSeverity; suppressionDuration?: string; suppressionEnabled?: boolean; tactics?: AttackTactic[]; techniques?: string[]; - templateVersion?: string; - triggerOperator?: TriggerOperator; - triggerThreshold?: number; -} + incidentConfiguration?: IncidentConfiguration; +}; // @public export interface ScheduledAlertRuleCommonProperties { @@ -4294,53 +2061,53 @@ export interface ScheduledAlertRuleCommonProperties { } // @public -export interface ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties { +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { alertRuleTemplateName?: string; + templateVersion?: string; description?: string; displayName: string; enabled: boolean; - incidentConfiguration?: IncidentConfiguration; readonly lastModifiedUtc?: Date; suppressionDuration: string; suppressionEnabled: boolean; tactics?: AttackTactic[]; techniques?: string[]; - templateVersion?: string; -} + incidentConfiguration?: IncidentConfiguration; +}; // @public -export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { - alertDetailsOverride?: AlertDetailsOverride; +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { alertRulesCreatedByTemplateCount?: number; readonly createdDateUTC?: Date; - customDetails?: { - [propertyName: string]: string; - }; + readonly lastUpdatedDateUTC?: Date; description?: string; displayName?: string; - entityMappings?: EntityMapping[]; - eventGroupingSettings?: EventGroupingSettings; - readonly lastUpdatedDateUTC?: Date; + requiredDataConnectors?: AlertRuleTemplateDataSource[]; + status?: TemplateStatus; query?: string; queryFrequency?: string; queryPeriod?: string; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; severity?: AlertSeverity; - status?: TemplateStatus; - tactics?: AttackTactic[]; - techniques?: string[]; triggerOperator?: TriggerOperator; triggerThreshold?: number; + tactics?: AttackTactic[]; + techniques?: string[]; version?: string; -} + eventGroupingSettings?: EventGroupingSettings; + customDetails?: { + [propertyName: string]: string; + }; + entityMappings?: EntityMapping[]; + alertDetailsOverride?: AlertDetailsOverride; +}; // @public -export interface SecurityAlert extends Entity { +export type SecurityAlert = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; + readonly friendlyName?: string; readonly alertDisplayName?: string; - readonly alertLink?: string; readonly alertType?: string; readonly compromisedEntity?: string; readonly confidenceLevel?: ConfidenceLevel; @@ -4349,15 +2116,13 @@ export interface SecurityAlert extends Entity { readonly confidenceScoreStatus?: ConfidenceScoreStatus; readonly description?: string; readonly endTimeUtc?: Date; - readonly friendlyName?: string; readonly intent?: KillChainIntent; + readonly providerAlertId?: string; readonly processingEndTime?: Date; readonly productComponentName?: string; readonly productName?: string; readonly productVersion?: string; - readonly providerAlertId?: string; readonly remediationSteps?: string[]; - readonly resourceIdentifiers?: Record[]; severity?: AlertSeverity; readonly startTimeUtc?: Date; readonly status?: AlertStatus; @@ -4365,12 +2130,13 @@ export interface SecurityAlert extends Entity { readonly tactics?: AttackTactic[]; readonly timeGenerated?: Date; readonly vendorName?: string; -} + readonly alertLink?: string; + readonly resourceIdentifiers?: Record[]; +}; // @public -export interface SecurityAlertProperties extends EntityCommonProperties { +export type SecurityAlertProperties = EntityCommonProperties & { readonly alertDisplayName?: string; - readonly alertLink?: string; readonly alertType?: string; readonly compromisedEntity?: string; readonly confidenceLevel?: ConfidenceLevel; @@ -4380,13 +2146,12 @@ export interface SecurityAlertProperties extends EntityCommonProperties { readonly description?: string; readonly endTimeUtc?: Date; readonly intent?: KillChainIntent; + readonly providerAlertId?: string; readonly processingEndTime?: Date; readonly productComponentName?: string; readonly productName?: string; readonly productVersion?: string; - readonly providerAlertId?: string; readonly remediationSteps?: string[]; - readonly resourceIdentifiers?: Record[]; severity?: AlertSeverity; readonly startTimeUtc?: Date; readonly status?: AlertStatus; @@ -4394,7 +2159,9 @@ export interface SecurityAlertProperties extends EntityCommonProperties { readonly tactics?: AttackTactic[]; readonly timeGenerated?: Date; readonly vendorName?: string; -} + readonly alertLink?: string; + readonly resourceIdentifiers?: Record[]; +}; // @public export interface SecurityAlertPropertiesConfidenceReasonsItem { @@ -4403,36 +2170,22 @@ export interface SecurityAlertPropertiesConfidenceReasonsItem { } // @public -export interface SecurityAlertTimelineItem extends EntityTimelineItem { - alertType: string; - azureResourceId: string; - description?: string; - displayName: string; - endTimeUtc: Date; - kind: "SecurityAlert"; - productName?: string; - severity: AlertSeverity; - startTimeUtc: Date; - timeGenerated: Date; -} - -// @public -export interface SecurityGroupEntity extends Entity { +export type SecurityGroupEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; - readonly distinguishedName?: string; readonly friendlyName?: string; + readonly distinguishedName?: string; readonly objectGuid?: string; readonly sid?: string; -} +}; // @public -export interface SecurityGroupEntityProperties extends EntityCommonProperties { +export type SecurityGroupEntityProperties = EntityCommonProperties & { readonly distinguishedName?: string; readonly objectGuid?: string; readonly sid?: string; -} +}; // @public (undocumented) export class SecurityInsights extends coreClient.ServiceClient { @@ -4450,54 +2203,20 @@ export class SecurityInsights extends coreClient.ServiceClient { // (undocumented) automationRules: AutomationRules; // (undocumented) - bookmarkOperations: BookmarkOperations; - // (undocumented) - bookmarkRelations: BookmarkRelations; - // (undocumented) bookmarks: Bookmarks; // (undocumented) dataConnectors: DataConnectors; // (undocumented) - dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; - // (undocumented) - domainWhois: DomainWhois; - // (undocumented) - entities: Entities; - // (undocumented) - entitiesGetTimeline: EntitiesGetTimeline; - // (undocumented) - entitiesRelations: EntitiesRelations; - // (undocumented) - entityQueries: EntityQueries; - // (undocumented) - entityQueryTemplates: EntityQueryTemplates; - // (undocumented) - entityRelations: EntityRelations; - // (undocumented) incidentComments: IncidentComments; // (undocumented) incidentRelations: IncidentRelations; // (undocumented) incidents: Incidents; // (undocumented) - iPGeodata: IPGeodata; - // (undocumented) - metadata: Metadata; - // (undocumented) - officeConsents: OfficeConsents; - // (undocumented) operations: Operations; // (undocumented) - productSettings: ProductSettings; - // (undocumented) - securityMLAnalyticsSettings: SecurityMLAnalyticsSettings; - // (undocumented) sentinelOnboardingStates: SentinelOnboardingStates; // (undocumented) - sourceControlOperations: SourceControlOperations; - // (undocumented) - sourceControls: SourceControls; - // (undocumented) subscriptionId: string; // (undocumented) threatIntelligenceIndicator: ThreatIntelligenceIndicator; @@ -4519,72 +2238,9 @@ export interface SecurityInsightsOptionalParams extends coreClient.ServiceClient } // @public -export interface SecurityMLAnalyticsSetting extends ResourceWithEtag { - kind: SecurityMLAnalyticsSettingsKind; -} - -// @public -export interface SecurityMLAnalyticsSettings { - createOrUpdate(resourceGroupName: string, workspaceName: string, settingsResourceName: string, securityMLAnalyticsSetting: SecurityMLAnalyticsSettingUnion, options?: SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, settingsResourceName: string, options?: SecurityMLAnalyticsSettingsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, settingsResourceName: string, options?: SecurityMLAnalyticsSettingsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: SecurityMLAnalyticsSettingsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SecurityMLAnalyticsSettingsCreateOrUpdateResponse = SecurityMLAnalyticsSettingUnion; - -// @public -export interface SecurityMLAnalyticsSettingsDataSource { - connectorId?: string; - dataTypes?: string[]; -} - -// @public -export interface SecurityMLAnalyticsSettingsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface SecurityMLAnalyticsSettingsGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SecurityMLAnalyticsSettingsGetResponse = SecurityMLAnalyticsSettingUnion; - -// @public -export type SecurityMLAnalyticsSettingsKind = string; - -// @public -export interface SecurityMLAnalyticsSettingsList { - readonly nextLink?: string; - value: SecurityMLAnalyticsSettingUnion[]; -} - -// @public -export interface SecurityMLAnalyticsSettingsListNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SecurityMLAnalyticsSettingsListNextResponse = SecurityMLAnalyticsSettingsList; - -// @public -export interface SecurityMLAnalyticsSettingsListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SecurityMLAnalyticsSettingsListResponse = SecurityMLAnalyticsSettingsList; - -// @public (undocumented) -export type SecurityMLAnalyticsSettingUnion = SecurityMLAnalyticsSetting | AnomalySecurityMLAnalyticsSettings; - -// @public -export interface SentinelOnboardingState extends ResourceWithEtag { +export type SentinelOnboardingState = ResourceWithEtag & { customerManagedKey?: boolean; -} +}; // @public export interface SentinelOnboardingStates { @@ -4600,171 +2256,65 @@ export interface SentinelOnboardingStatesCreateOptionalParams extends coreClient } // @public -export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; - -// @public -export interface SentinelOnboardingStatesDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; - -// @public -export interface SentinelOnboardingStatesList { - value: SentinelOnboardingState[]; -} - -// @public -export interface SentinelOnboardingStatesListOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; - -// @public -export type SettingKind = string; - -// @public -export interface SettingList { - value: SettingsUnion[]; -} - -// @public -export interface Settings extends ResourceWithEtag { - kind: SettingKind; -} - -// @public -export type SettingsStatus = string; - -// @public (undocumented) -export type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba; - -// @public -export type SettingType = string; - -// @public -export interface SourceControl extends ResourceWithEtag { - contentTypes?: ContentType[]; - description?: string; - displayName?: string; - idPropertiesId?: string; - lastDeploymentInfo?: DeploymentInfo; - repository?: Repository; - repositoryResourceInfo?: RepositoryResourceInfo; - repoType?: RepoType; - version?: Version; -} - -// @public -export interface SourceControlList { - readonly nextLink?: string; - value: SourceControl[]; -} - -// @public -export interface SourceControlListRepositoriesNextOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SourceControlListRepositoriesNextResponse = RepoList; - -// @public -export interface SourceControlListRepositoriesOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SourceControlListRepositoriesResponse = RepoList; - -// @public -export interface SourceControlOperations { - listRepositories(resourceGroupName: string, workspaceName: string, repoType: RepoType, options?: SourceControlListRepositoriesOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface SourceControls { - create(resourceGroupName: string, workspaceName: string, sourceControlId: string, sourceControl: SourceControl, options?: SourceControlsCreateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsDeleteOptionalParams): Promise; - get(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsGetOptionalParams): Promise; - list(resourceGroupName: string, workspaceName: string, options?: SourceControlsListOptionalParams): PagedAsyncIterableIterator; -} - -// @public -export interface SourceControlsCreateOptionalParams extends coreClient.OperationOptions { -} - -// @public -export type SourceControlsCreateResponse = SourceControl; - -// @public -export interface SourceControlsDeleteOptionalParams extends coreClient.OperationOptions { -} - -// @public -export interface SourceControlsGetOptionalParams extends coreClient.OperationOptions { -} +export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState; // @public -export type SourceControlsGetResponse = SourceControl; +export interface SentinelOnboardingStatesDeleteOptionalParams extends coreClient.OperationOptions { +} // @public -export interface SourceControlsListNextOptionalParams extends coreClient.OperationOptions { +export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions { } // @public -export type SourceControlsListNextResponse = SourceControlList; +export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState; // @public -export interface SourceControlsListOptionalParams extends coreClient.OperationOptions { +export interface SentinelOnboardingStatesList { + value: SentinelOnboardingState[]; } // @public -export type SourceControlsListResponse = SourceControlList; +export interface SentinelOnboardingStatesListOptionalParams extends coreClient.OperationOptions { +} // @public -export type SourceKind = string; +export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; // @public -export type SourceType = string; +export type Source = string; // @public -export interface SubmissionMailEntity extends Entity { +export type SubmissionMailEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; readonly friendlyName?: string; readonly networkMessageId?: string; + readonly submissionId?: string; + readonly submitter?: string; + readonly submissionDate?: Date; + readonly timestamp?: Date; readonly recipient?: string; - readonly reportType?: string; readonly sender?: string; readonly senderIp?: string; readonly subject?: string; - readonly submissionDate?: Date; - readonly submissionId?: string; - readonly submitter?: string; - readonly timestamp?: Date; -} + readonly reportType?: string; +}; // @public -export interface SubmissionMailEntityProperties extends EntityCommonProperties { +export type SubmissionMailEntityProperties = EntityCommonProperties & { readonly networkMessageId?: string; + readonly submissionId?: string; + readonly submitter?: string; + readonly submissionDate?: Date; + readonly timestamp?: Date; readonly recipient?: string; - readonly reportType?: string; readonly sender?: string; readonly senderIp?: string; readonly subject?: string; - readonly submissionDate?: Date; - readonly submissionId?: string; - readonly submitter?: string; - readonly timestamp?: Date; -} - -// @public -export type SupportTier = string; + readonly reportType?: string; +}; // @public export interface SystemData { @@ -4776,23 +2326,6 @@ export interface SystemData { lastModifiedByType?: CreatedByType; } -// @public -export interface TeamInformation { - readonly description?: string; - readonly name?: string; - readonly primaryChannelUrl?: string; - readonly teamCreationTimeUtc?: Date; - readonly teamId?: string; -} - -// @public -export interface TeamProperties { - groupIds?: string[]; - memberIds?: string[]; - teamDescription?: string; - teamName: string; -} - // @public export type TemplateStatus = string; @@ -4806,37 +2339,6 @@ export interface ThreatIntelligence { readonly threatType?: string; } -// @public -export interface ThreatIntelligenceAlertRule extends AlertRule { - alertRuleTemplateName?: string; - readonly description?: string; - readonly displayName?: string; - enabled?: boolean; - readonly lastModifiedUtc?: Date; - readonly severity?: AlertSeverity; - readonly tactics?: AttackTactic[]; - readonly techniques?: string[]; -} - -// @public -export interface ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate { - alertRulesCreatedByTemplateCount?: number; - readonly createdDateUTC?: Date; - description?: string; - displayName?: string; - readonly lastUpdatedDateUTC?: Date; - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - severity?: AlertSeverity; - status?: TemplateStatus; - tactics?: AttackTactic[]; - techniques?: string[]; -} - -// @public -export interface ThreatIntelligenceAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties { - severity: AlertSeverity; -} - // @public export interface ThreatIntelligenceAppendTags { threatIntelligenceTags?: string[]; @@ -4930,76 +2432,76 @@ export interface ThreatIntelligenceIndicatorMetricsListOptionalParams extends co export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList; // @public -export interface ThreatIntelligenceIndicatorModel extends ThreatIntelligenceInformation { +export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { readonly additionalData?: { [propertyName: string]: Record; }; - confidence?: number; - created?: string; - createdByRef?: string; - defanged?: boolean; - description?: string; + readonly friendlyName?: string; + threatIntelligenceTags?: string[]; + lastUpdatedTimeUtc?: string; + source?: string; displayName?: string; - extensions?: { - [propertyName: string]: any; - }; + description?: string; + indicatorTypes?: string[]; + pattern?: string; + patternType?: string; + patternVersion?: string; + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + parsedPattern?: ThreatIntelligenceParsedPattern[]; externalId?: string; + createdByRef?: string; + defanged?: boolean; externalLastUpdatedTimeUtc?: string; externalReferences?: ThreatIntelligenceExternalReference[]; - readonly friendlyName?: string; granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - indicatorTypes?: string[]; - killChainPhases?: ThreatIntelligenceKillChainPhase[]; labels?: string[]; - language?: string; - lastUpdatedTimeUtc?: string; - modified?: string; - objectMarkingRefs?: string[]; - parsedPattern?: ThreatIntelligenceParsedPattern[]; - pattern?: string; - patternType?: string; - patternVersion?: string; revoked?: boolean; - source?: string; - threatIntelligenceTags?: string[]; + confidence?: number; + objectMarkingRefs?: string[]; + language?: string; threatTypes?: string[]; validFrom?: string; validUntil?: string; -} - -// @public -export interface ThreatIntelligenceIndicatorProperties extends EntityCommonProperties { - confidence?: number; created?: string; - createdByRef?: string; - defanged?: boolean; - description?: string; - displayName?: string; + modified?: string; extensions?: { [propertyName: string]: any; }; +}; + +// @public +export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { + threatIntelligenceTags?: string[]; + lastUpdatedTimeUtc?: string; + source?: string; + displayName?: string; + description?: string; + indicatorTypes?: string[]; + pattern?: string; + patternType?: string; + patternVersion?: string; + killChainPhases?: ThreatIntelligenceKillChainPhase[]; + parsedPattern?: ThreatIntelligenceParsedPattern[]; externalId?: string; + createdByRef?: string; + defanged?: boolean; externalLastUpdatedTimeUtc?: string; externalReferences?: ThreatIntelligenceExternalReference[]; granularMarkings?: ThreatIntelligenceGranularMarkingModel[]; - indicatorTypes?: string[]; - killChainPhases?: ThreatIntelligenceKillChainPhase[]; labels?: string[]; - language?: string; - lastUpdatedTimeUtc?: string; - modified?: string; - objectMarkingRefs?: string[]; - parsedPattern?: ThreatIntelligenceParsedPattern[]; - pattern?: string; - patternType?: string; - patternVersion?: string; revoked?: boolean; - source?: string; - threatIntelligenceTags?: string[]; + confidence?: number; + objectMarkingRefs?: string[]; + language?: string; threatTypes?: string[]; validFrom?: string; validUntil?: string; -} + created?: string; + modified?: string; + extensions?: { + [propertyName: string]: any; + }; +}; // @public export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams extends coreClient.OperationOptions { @@ -5050,9 +2552,9 @@ export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClie export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList; // @public -export interface ThreatIntelligenceInformation extends ResourceWithEtag { - kind: ThreatIntelligenceResourceKindEnum; -} +export type ThreatIntelligenceInformation = ResourceWithEtag & { + kind: ThreatIntelligenceResourceInnerKind; +}; // @public export interface ThreatIntelligenceInformationList { @@ -5106,114 +2608,31 @@ export interface ThreatIntelligenceParsedPatternTypeValue { } // @public -export type ThreatIntelligenceResourceKindEnum = string; +export type ThreatIntelligenceResourceInnerKind = string; // @public export interface ThreatIntelligenceSortingCriteria { itemKey?: string; - sortOrder?: ThreatIntelligenceSortingCriteriaEnum; + sortOrder?: ThreatIntelligenceSortingOrder; } // @public -export type ThreatIntelligenceSortingCriteriaEnum = string; +export type ThreatIntelligenceSortingOrder = string; // @public -export interface TICheckRequirements extends DataConnectorsCheckRequirements { - kind: "ThreatIntelligence"; - tenantId?: string; -} - -// @public -export interface TICheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface TIDataConnector extends DataConnector { - dataTypes?: TIDataConnectorDataTypes; +export type TIDataConnector = DataConnector & { tenantId?: string; tipLookbackPeriod?: Date; -} + dataTypes?: TIDataConnectorDataTypes; +}; // @public export interface TIDataConnectorDataTypes { - indicators: TIDataConnectorDataTypesIndicators; -} - -// @public -export interface TIDataConnectorDataTypesIndicators extends DataConnectorDataTypeCommon { -} - -// @public -export interface TIDataConnectorProperties extends DataConnectorTenantId { - dataTypes: TIDataConnectorDataTypes; - tipLookbackPeriod?: Date; -} - -// @public -export interface TimelineAggregation { - count: number; - kind: EntityTimelineKind; -} - -// @public -export interface TimelineError { - errorMessage: string; - kind: EntityTimelineKind; - queryId?: string; -} - -// @public -export interface TimelineResultsMetadata { - aggregations: TimelineAggregation[]; - errors?: TimelineError[]; - totalCount: number; -} - -// @public -export interface TiTaxiiCheckRequirements extends DataConnectorsCheckRequirements { - kind: "ThreatIntelligenceTaxii"; - tenantId?: string; -} - -// @public -export interface TiTaxiiCheckRequirementsProperties extends DataConnectorTenantId { -} - -// @public -export interface TiTaxiiDataConnector extends DataConnector { - collectionId?: string; - dataTypes?: TiTaxiiDataConnectorDataTypes; - friendlyName?: string; - password?: string; - pollingFrequency?: PollingFrequency; - taxiiLookbackPeriod?: Date; - taxiiServer?: string; - tenantId?: string; - userName?: string; - workspaceId?: string; -} - -// @public -export interface TiTaxiiDataConnectorDataTypes { - taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; -} - -// @public -export interface TiTaxiiDataConnectorDataTypesTaxiiClient extends DataConnectorDataTypeCommon { + indicators?: TIDataConnectorDataTypesIndicators; } // @public -export interface TiTaxiiDataConnectorProperties extends DataConnectorTenantId { - collectionId?: string; - dataTypes: TiTaxiiDataConnectorDataTypes; - friendlyName?: string; - password?: string; - pollingFrequency: PollingFrequency | null; - taxiiLookbackPeriod?: Date; - taxiiServer?: string; - userName?: string; - workspaceId?: string; -} +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; // @public export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual"; @@ -5225,26 +2644,18 @@ export type TriggersOn = string; export type TriggersWhen = string; // @public -export interface Ueba extends Settings { - dataSources?: UebaDataSources[]; -} - -// @public -export type UebaDataSources = string; - -// @public -export interface UrlEntity extends Entity { +export type UrlEntity = Entity & { readonly additionalData?: { [propertyName: string]: Record; }; readonly friendlyName?: string; readonly url?: string; -} +}; // @public -export interface UrlEntityProperties extends EntityCommonProperties { +export type UrlEntityProperties = EntityCommonProperties & { readonly url?: string; -} +}; // @public export interface UserInfo { @@ -5254,50 +2665,42 @@ export interface UserInfo { } // @public -export type Version = string; - -// @public -export interface Watchlist extends ResourceWithEtag { - contentType?: string; +export type Watchlist = ResourceWithEtag & { + watchlistId?: string; + displayName?: string; + provider?: string; + source?: Source; created?: Date; + updated?: Date; createdBy?: UserInfo; - defaultDuration?: string; + updatedBy?: UserInfo; description?: string; - displayName?: string; + watchlistType?: string; + watchlistAlias?: string; isDeleted?: boolean; - itemsSearchKey?: string; labels?: string[]; + defaultDuration?: string; + tenantId?: string; numberOfLinesToSkip?: number; - provider?: string; rawContent?: string; - source?: string; - sourceType?: SourceType; - tenantId?: string; - updated?: Date; - updatedBy?: UserInfo; + itemsSearchKey?: string; + contentType?: string; uploadStatus?: string; - watchlistAlias?: string; - watchlistId?: string; - watchlistType?: string; -} +}; // @public -export interface WatchlistItem extends ResourceWithEtag { - created?: Date; - createdBy?: UserInfo; - entityMapping?: { - [propertyName: string]: any; - }; - isDeleted?: boolean; - itemsKeyValue?: { - [propertyName: string]: any; - }; +export type WatchlistItem = ResourceWithEtag & { + watchlistItemType?: string; + watchlistItemId?: string; tenantId?: string; + isDeleted?: boolean; + created?: Date; updated?: Date; + createdBy?: UserInfo; updatedBy?: UserInfo; - watchlistItemId?: string; - watchlistItemType?: string; -} + itemsKeyValue?: Record; + entityMapping?: Record; +}; // @public export interface WatchlistItemList { @@ -5356,16 +2759,11 @@ export interface WatchlistList { // @public export interface Watchlists { createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlist: Watchlist, options?: WatchlistsCreateOrUpdateOptionalParams): Promise; - delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; + delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise; get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsGetOptionalParams): Promise; list(resourceGroupName: string, workspaceName: string, options?: WatchlistsListOptionalParams): PagedAsyncIterableIterator; } -// @public -export interface WatchlistsCreateOrUpdateHeaders { - azureAsyncOperation?: string; -} - // @public export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions { } @@ -5373,18 +2771,10 @@ export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.Opera // @public export type WatchlistsCreateOrUpdateResponse = Watchlist; -// @public -export interface WatchlistsDeleteHeaders { - azureAsyncOperation?: string; -} - // @public export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions { } -// @public -export type WatchlistsDeleteResponse = WatchlistsDeleteHeaders; - // @public export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions { } @@ -5408,14 +2798,6 @@ export interface WatchlistsListOptionalParams extends coreClient.OperationOption // @public export type WatchlistsListResponse = WatchlistList; -// @public -export interface Webhook { - rotateWebhookSecret?: boolean; - webhookId?: string; - webhookSecretUpdateTime?: string; - webhookUrl?: string; -} - // (No @packageDocumentation comment for this package) ``` diff --git a/sdk/securityinsight/arm-securityinsight/src/models/index.ts b/sdk/securityinsight/arm-securityinsight/src/models/index.ts index 955be7527e0d..e5dc6f4105bd 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/index.ts @@ -10,47 +10,16 @@ import * as coreClient from "@azure/core-client"; export type AutomationRuleConditionUnion = | AutomationRuleCondition - | PropertyArrayChangedConditionProperties - | PropertyChangedConditionProperties | PropertyConditionProperties; export type AutomationRuleActionUnion = | AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction; -export type EntityTimelineItemUnion = - | EntityTimelineItem - | ActivityTimelineItem - | BookmarkTimelineItem - | AnomalyTimelineItem - | SecurityAlertTimelineItem; -export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem; -export type DataConnectorsCheckRequirementsUnion = - | DataConnectorsCheckRequirements - | AADCheckRequirements - | AatpCheckRequirements - | ASCCheckRequirements - | AwsCloudTrailCheckRequirements - | AwsS3CheckRequirements - | Dynamics365CheckRequirements - | McasCheckRequirements - | MdatpCheckRequirements - | MstiCheckRequirements - | MtpCheckRequirements - | OfficeATPCheckRequirements - | OfficeIRMCheckRequirements - | Office365ProjectCheckRequirements - | OfficePowerBICheckRequirements - | TICheckRequirements - | TiTaxiiCheckRequirements - | IoTCheckRequirements; export type AlertRuleTemplateUnion = | AlertRuleTemplate - | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate - | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate - | ScheduledAlertRuleTemplate - | NrtAlertRuleTemplate; + | ScheduledAlertRuleTemplate; export type EntityUnion = | Entity | SecurityAlert @@ -73,60 +42,25 @@ export type EntityUnion = | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity - | UrlEntity - | NicEntity; -export type EntityQueryTemplateUnion = - | EntityQueryTemplate - | ActivityEntityQueryTemplate; + | UrlEntity; export type AlertRuleUnion = | AlertRule - | MLBehaviorAnalyticsAlertRule | FusionAlertRule - | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule - | ScheduledAlertRule - | NrtAlertRule; -export type EntityQueryUnion = - | EntityQuery - | ExpansionEntityQuery - | ActivityEntityQuery; -export type CustomEntityQueryUnion = - | CustomEntityQuery - | ActivityCustomEntityQuery; -export type SecurityMLAnalyticsSettingUnion = - | SecurityMLAnalyticsSetting - | AnomalySecurityMLAnalyticsSettings; -export type SettingsUnion = - | Settings - | Anomalies - | EyesOn - | EntityAnalytics - | Ueba; -export type ThreatIntelligenceInformationUnion = - | ThreatIntelligenceInformation - | ThreatIntelligenceIndicatorModel; + | ScheduledAlertRule; export type DataConnectorUnion = | DataConnector | AADDataConnector - | MstiDataConnector - | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector - | AwsS3DataConnector | McasDataConnector - | Dynamics365DataConnector - | OfficeATPDataConnector - | Office365ProjectDataConnector - | OfficePowerBIDataConnector - | OfficeIRMDataConnector | MdatpDataConnector - | OfficeDataConnector | TIDataConnector - | TiTaxiiDataConnector - | IoTDataConnector - | CodelessUiDataConnector - | CodelessApiPollingDataConnector; + | OfficeDataConnector; +export type ThreatIntelligenceInformationUnion = + | ThreatIntelligenceInformation + | ThreatIntelligenceIndicatorModel; /** List all the alert rules. */ export interface AlertRulesList { @@ -227,25 +161,25 @@ export interface AlertRuleTemplatesList { value: AlertRuleTemplateUnion[]; } -/** Describes automation rule triggering logic. */ +/** Describes automation rule triggering logic */ export interface AutomationRuleTriggeringLogic { - /** Determines whether the automation rule is enabled or disabled. */ + /** Determines whether the automation rule is enabled or disabled */ isEnabled: boolean; /** Determines when the automation rule should automatically expire and be disabled. */ expirationTimeUtc?: Date; triggersOn: TriggersOn; triggersWhen: TriggersWhen; - /** The conditions to evaluate to determine if the automation rule should be triggered on a given object. */ + /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */ conditions?: AutomationRuleConditionUnion[]; } -/** Describes an automation rule condition. */ +/** Describes an automation rule condition */ export interface AutomationRuleCondition { /** Polymorphic discriminator, which specifies the different types this object can be */ - conditionType: "PropertyArrayChanged" | "PropertyChanged" | "Property"; + conditionType: "Property"; } -/** Describes an automation rule action. */ +/** Describes an automation rule action */ export interface AutomationRuleAction { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "ModifyProperties" | "RunPlaybook"; @@ -269,15 +203,10 @@ export interface AutomationRulesList { nextLink?: string; } -export interface ManualTriggerRequestBody { - tenantId?: string; - logicAppsResourceId?: string; -} - /** List all the bookmarks. */ export interface BookmarkList { /** - * URL to fetch the next set of bookmarks. + * URL to fetch the next set of cases. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; @@ -313,416 +242,15 @@ export interface IncidentInfo { relationName?: string; } -/** Describes the entity mappings of a single entity */ -export interface BookmarkEntityMappings { - /** The entity type */ - entityType?: string; - /** Array of fields mapping for that entity type */ - fieldMappings?: EntityFieldMapping[]; -} - -/** Map identifiers of a single entity */ -export interface EntityFieldMapping { - /** Alert V3 identifier */ - identifier?: string; - /** The value of the identifier */ - value?: string; -} - -/** List of relations. */ -export interface RelationList { - /** - * URL to fetch the next set of relations. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of relations. */ - value: Relation[]; -} - -/** The parameters required to execute an expand operation on the given bookmark. */ -export interface BookmarkExpandParameters { - /** The end date filter, so the only expansion results returned are before this date. */ - endTime?: Date; - /** The Id of the expansion to perform. */ - expansionId?: string; - /** The start date filter, so the only expansion results returned are after this date. */ - startTime?: Date; -} - -/** The entity expansion result operation response. */ -export interface BookmarkExpandResponse { - /** The metadata from the expansion operation results. */ - metaData?: ExpansionResultsMetadata; - /** The expansion result values. */ - value?: BookmarkExpandResponseValue; -} - -/** Expansion result metadata. */ -export interface ExpansionResultsMetadata { - /** Information of the aggregated nodes in the expansion result. */ - aggregations?: ExpansionResultAggregation[]; -} - -/** Information of a specific aggregation in the expansion result. */ -export interface ExpansionResultAggregation { - /** The common type of the aggregation. (for e.g. entity field name) */ - aggregationType?: string; - /** Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. */ - count: number; - /** The display name of the aggregation by type. */ - displayName?: string; - /** The kind of the aggregated entity. */ - entityKind: EntityKind; -} - -/** The expansion result values. */ -export interface BookmarkExpandResponseValue { - /** Array of the expansion result entities. */ - entities?: EntityUnion[]; - /** Array of expansion result connected entities */ - edges?: ConnectedEntity[]; -} - -/** Expansion result connected entities */ -export interface ConnectedEntity { - /** Entity Id of the connected entity */ - targetEntityId?: string; - /** key-value pairs for a connected entity mapping */ - additionalData?: Record; -} - -/** Geodata information for a given IP address */ -export interface EnrichmentIpGeodata { - /** The autonomous system number associated with this IP address */ - asn?: string; - /** The name of the carrier for this IP address */ - carrier?: string; - /** The city this IP address is located in */ - city?: string; - /** A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 */ - cityCf?: number; - /** The continent this IP address is located on */ - continent?: string; - /** The county this IP address is located in */ - country?: string; - /** A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 */ - countryCf?: number; - /** The dotted-decimal or colon-separated string representation of the IP address */ - ipAddr?: string; - /** A description of the connection type of this IP address */ - ipRoutingType?: string; - /** The latitude of this IP address */ - latitude?: string; - /** The longitude of this IP address */ - longitude?: string; - /** The name of the organization for this IP address */ - organization?: string; - /** The type of the organization for this IP address */ - organizationType?: string; - /** The geographic region this IP address is located in */ - region?: string; - /** The state this IP address is located in */ - state?: string; - /** A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 */ - stateCf?: number; - /** The abbreviated name for the state this IP address is located in */ - stateCode?: string; -} - -/** Whois information for a given domain and associated metadata */ -export interface EnrichmentDomainWhois { - /** The domain for this whois record */ - domain?: string; - /** The hostname of this registrar's whois server */ - server?: string; - /** The timestamp at which this record was created */ - created?: Date; - /** The timestamp at which this record was last updated */ - updated?: Date; - /** The timestamp at which this record will expire */ - expires?: Date; - /** The whois record for a given domain */ - parsedWhois?: EnrichmentDomainWhoisDetails; -} - -/** The whois record for a given domain */ -export interface EnrichmentDomainWhoisDetails { - /** The registrar associated with this domain */ - registrar?: EnrichmentDomainWhoisRegistrarDetails; - /** The set of contacts associated with this domain */ - contacts?: EnrichmentDomainWhoisContacts; - /** A list of name servers associated with this domain */ - nameServers?: string[]; - /** The set of status flags for this whois record */ - statuses?: string[]; -} - -/** The registrar associated with this domain */ -export interface EnrichmentDomainWhoisRegistrarDetails { - /** The name of this registrar */ - name?: string; - /** This registrar's abuse contact email */ - abuseContactEmail?: string; - /** This registrar's abuse contact phone number */ - abuseContactPhone?: string; - /** This registrar's Internet Assigned Numbers Authority id */ - ianaId?: string; - /** This registrar's URL */ - url?: string; - /** The hostname of this registrar's whois server */ - whoisServer?: string; -} - -/** The set of contacts associated with this domain */ -export interface EnrichmentDomainWhoisContacts { - /** The admin contact for this whois record */ - admin?: EnrichmentDomainWhoisContact; - /** The billing contact for this whois record */ - billing?: EnrichmentDomainWhoisContact; - /** The registrant contact for this whois record */ - registrant?: EnrichmentDomainWhoisContact; - /** The technical contact for this whois record */ - tech?: EnrichmentDomainWhoisContact; -} - -/** An individual contact associated with this domain */ -export interface EnrichmentDomainWhoisContact { - /** The name of this contact */ - name?: string; - /** The organization for this contact */ - org?: string; - /** A list describing the street address for this contact */ - street?: string[]; - /** The city for this contact */ - city?: string; - /** The state for this contact */ - state?: string; - /** The postal code for this contact */ - postal?: string; - /** The country for this contact */ - country?: string; - /** The phone number for this contact */ - phone?: string; - /** The fax number for this contact */ - fax?: string; - /** The email address for this contact */ - email?: string; -} - -/** List of all the entities. */ -export interface EntityList { - /** - * URL to fetch the next set of entities. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entities. */ - value: EntityUnion[]; -} - -/** The parameters required to execute an expand operation on the given entity. */ -export interface EntityExpandParameters { - /** The end date filter, so the only expansion results returned are before this date. */ - endTime?: Date; - /** The Id of the expansion to perform. */ - expansionId?: string; - /** The start date filter, so the only expansion results returned are after this date. */ - startTime?: Date; -} - -/** The entity expansion result operation response. */ -export interface EntityExpandResponse { - /** The metadata from the expansion operation results. */ - metaData?: ExpansionResultsMetadata; - /** The expansion result values. */ - value?: EntityExpandResponseValue; -} - -/** The expansion result values. */ -export interface EntityExpandResponseValue { - /** Array of the expansion result entities. */ - entities?: EntityUnion[]; - /** Array of edges that connects the entity to the list of entities. */ - edges?: EntityEdges[]; -} - -/** The edge that connects the entity to the other entity. */ -export interface EntityEdges { - /** The target entity Id. */ - targetEntityId?: string; - /** A bag of custom fields that should be part of the entity and will be presented to the user. */ - additionalData?: { [propertyName: string]: Record }; -} - -/** The parameters required to execute s timeline operation on the given entity. */ -export interface EntityTimelineParameters { - /** Array of timeline Item kinds. */ - kinds?: EntityTimelineKind[]; - /** The start timeline date, so the results returned are after this date. */ - startTime: Date; - /** The end timeline date, so the results returned are before this date. */ - endTime: Date; - /** The number of bucket for timeline queries aggregation. */ - numberOfBucket?: number; -} - -/** The entity timeline result operation response. */ -export interface EntityTimelineResponse { - /** The metadata from the timeline operation results. */ - metaData?: TimelineResultsMetadata; - /** The timeline result values. */ - value?: EntityTimelineItemUnion[]; -} - -/** Expansion result metadata. */ -export interface TimelineResultsMetadata { - /** the total items found for the timeline request */ - totalCount: number; - /** timeline aggregation per kind */ - aggregations: TimelineAggregation[]; - /** information about the failure queries */ - errors?: TimelineError[]; -} - -/** timeline aggregation information per kind */ -export interface TimelineAggregation { - /** the total items found for a kind */ - count: number; - /** the query kind */ - kind: EntityTimelineKind; -} - -/** Timeline Query Errors. */ -export interface TimelineError { - /** the query kind */ - kind: EntityTimelineKind; - /** the query id */ - queryId?: string; - /** the error message */ - errorMessage: string; -} - -/** Entity timeline Item. */ -export interface EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Activity" | "Bookmark" | "Anomaly" | "SecurityAlert"; -} - -/** Retrieve queries for entity result operation response. */ -export interface GetQueriesResponse { - /** The query result values. */ - value?: EntityQueryItemUnion[]; -} - -/** An abstract Query item for entity */ -export interface EntityQueryItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Insight"; - /** - * Query Template ARM ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly id?: string; - /** Query Template ARM Name */ - name?: string; - /** ARM Type */ - type?: string; -} - -/** The parameters required to execute insights operation on the given entity. */ -export interface EntityGetInsightsParameters { - /** The start timeline date, so the results returned are after this date. */ - startTime: Date; - /** The end timeline date, so the results returned are before this date. */ - endTime: Date; - /** Indicates if query time range should be extended with default time range of the query. Default value is false */ - addDefaultExtendedTimeRange?: boolean; - /** List of Insights Query Id. If empty, default value is all insights of this entity */ - insightQueryIds?: string[]; -} - -/** The Get Insights result operation response. */ -export interface EntityGetInsightsResponse { - /** The metadata from the get insights operation results. */ - metaData?: GetInsightsResultsMetadata; - /** The insights result values. */ - value?: EntityInsightItem[]; -} - -/** Get Insights result metadata. */ -export interface GetInsightsResultsMetadata { - /** the total items found for the insights request */ - totalCount: number; - /** information about the failed queries */ - errors?: GetInsightsErrorKind[]; -} - -/** GetInsights Query Errors. */ -export interface GetInsightsErrorKind { - /** the query kind */ - kind: GetInsightsError; - /** the query id */ - queryId?: string; - /** the error message */ - errorMessage: string; -} - -/** Entity insight Item. */ -export interface EntityInsightItem { - /** The query id of the insight */ - queryId?: string; - /** The Time interval that the query actually executed on. */ - queryTimeInterval?: EntityInsightItemQueryTimeInterval; - /** Query results for table insights query. */ - tableQueryResults?: InsightsTableResult; - /** Query results for table insights query. */ - chartQueryResults?: InsightsTableResult[]; -} - -/** The Time interval that the query actually executed on. */ -export interface EntityInsightItemQueryTimeInterval { - /** Insight query start time */ - startTime?: Date; - /** Insight query end time */ - endTime?: Date; -} - -/** Query results for table insights query. */ -export interface InsightsTableResult { - /** Columns Metadata of the table */ - columns?: InsightsTableResultColumnsItem[]; - /** Rows data of the table */ - rows?: string[][]; -} - -export interface InsightsTableResultColumnsItem { - /** the type of the colum */ - type?: string; - /** the name of the colum */ - name?: string; -} - -/** List of all the entity queries. */ -export interface EntityQueryList { - /** - * URL to fetch the next set of entity queries. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of entity queries. */ - value: EntityQueryUnion[]; -} - -/** List of all the entity query templates. */ -export interface EntityQueryTemplateList { +/** List all the data connectors. */ +export interface DataConnectorList { /** - * URL to fetch the next set of entity query templates. + * URL to fetch the next set of data connectors. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of entity query templates. */ - value: EntityQueryTemplateUnion[]; + /** Array of data connectors. */ + value: DataConnectorUnion[]; } /** List all the incidents. */ @@ -758,21 +286,11 @@ export interface IncidentAdditionalData { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly alertProductNames?: string[]; - /** - * The provider incident url to the incident in Microsoft 365 Defender portal - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly providerIncidentUrl?: string; /** * The tactics associated with incident * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; - /** - * The techniques associated with incident's tactics' - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly techniques?: string[]; } /** Represents an incident label */ @@ -800,47 +318,6 @@ export interface IncidentOwnerInfo { ownerType?: OwnerType; } -/** Describes team information */ -export interface TeamInformation { - /** - * Team ID - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly teamId?: string; - /** - * The primary channel URL of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly primaryChannelUrl?: string; - /** - * The time the team was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly teamCreationTimeUtc?: Date; - /** - * The name of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly name?: string; - /** - * The description of the team - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; -} - -/** Describes team properties */ -export interface TeamProperties { - /** The name of the team */ - teamName: string; - /** The description of the team */ - teamDescription?: string; - /** List of member IDs to add to the team */ - memberIds?: string[]; - /** List of group IDs to add their members to the team */ - groupIds?: string[]; -} - /** List of incident alerts. */ export interface IncidentAlertList { /** Array of incident alerts. */ @@ -905,85 +382,18 @@ export interface IncidentEntitiesResultsMetadata { /** Total number of aggregations of the given kind in the incident related entities result. */ count: number; /** The kind of the aggregated entity. */ - entityKind: EntityKind; -} - -/** List of all the metadata. */ -export interface MetadataList { - /** Array of metadata. */ - value: MetadataModel[]; - /** - * URL to fetch the next page of metadata. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; -} - -/** The original source of the content item, where it comes from. */ -export interface MetadataSource { - /** Source type of the content */ - kind: SourceKind; - /** Name of the content source. The repo name, solution name, LA workspace name etc. */ - name?: string; - /** ID of the content source. The solution ID, workspace ID, etc */ - sourceId?: string; -} - -/** Publisher or creator of the content item. */ -export interface MetadataAuthor { - /** Name of the author. Company or person. */ - name?: string; - /** Email of author contact */ - email?: string; - /** Link for author/vendor page */ - link?: string; -} - -/** Support information for the content item. */ -export interface MetadataSupport { - /** Type of support for content item */ - tier: SupportTier; - /** Name of the support contact. Company or person. */ - name?: string; - /** Email of support contact */ - email?: string; - /** Link for support help, like to support page to open a ticket etc. */ - link?: string; -} - -/** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. */ -export interface MetadataDependencies { - /** Id of the content item we depend on */ - contentId?: string; - /** Type of the content item we depend on */ - kind?: Kind; - /** Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. */ - version?: string; - /** Name of the content item */ - name?: string; - /** Operator used for list of dependencies in criteria array. */ - operator?: Operator; - /** This is the list of dependencies we must fulfill, according to the AND/OR operator */ - criteria?: MetadataDependencies[]; + entityKind: EntityKindEnum; } -/** ies for the solution content item */ -export interface MetadataCategories { - /** domain for the solution content item */ - domains?: string[]; - /** Industry verticals for the solution content item */ - verticals?: string[]; -} - -/** List of all the office365 consents. */ -export interface OfficeConsentList { +/** List of relations. */ +export interface RelationList { /** - * URL to fetch the next set of office consents. + * URL to fetch the next set of relations. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; - /** Array of the consents. */ - value: OfficeConsent[]; + /** Array of relations. */ + value: Relation[]; } /** List of the Sentinel onboarding states */ @@ -992,137 +402,6 @@ export interface SentinelOnboardingStatesList { value: SentinelOnboardingState[]; } -/** List all the SecurityMLAnalyticsSettings */ -export interface SecurityMLAnalyticsSettingsList { - /** - * URL to fetch the next set of SecurityMLAnalyticsSettings. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of SecurityMLAnalyticsSettings */ - value: SecurityMLAnalyticsSettingUnion[]; -} - -/** List of all the settings. */ -export interface SettingList { - /** Array of settings. */ - value: SettingsUnion[]; -} - -/** List all the source controls. */ -export interface RepoList { - /** - * URL to fetch the next set of repositories. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of repositories. */ - value: Repo[]; -} - -/** Represents a repository. */ -export interface Repo { - /** The url to access the repository. */ - url?: string; - /** The name of the repository. */ - fullName?: string; - /** Array of branches. */ - branches?: string[]; -} - -/** List all the source controls. */ -export interface SourceControlList { - /** - * URL to fetch the next set of source controls. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of source controls. */ - value: SourceControl[]; -} - -/** metadata of a repository. */ -export interface Repository { - /** Url of repository. */ - url?: string; - /** Branch name of repository. */ - branch?: string; - /** Display url of repository. */ - displayUrl?: string; - /** Url to access repository action logs. */ - deploymentLogsUrl?: string; - /** Dictionary of source control content type and path mapping. */ - pathMapping?: ContentPathMap[]; -} - -/** The mapping of content type to a repo path. */ -export interface ContentPathMap { - /** Content type. */ - contentType?: ContentType; - /** The path to the content. */ - path?: string; -} - -/** Resources created in user's repository for the source-control. */ -export interface RepositoryResourceInfo { - /** The webhook object created for the source-control. */ - webhook?: Webhook; - /** Resources created in GitHub for this source-control. */ - gitHubResourceInfo?: GitHubResourceInfo; - /** Resources created in Azure DevOps for this source-control. */ - azureDevOpsResourceInfo?: AzureDevOpsResourceInfo; -} - -/** Detail about the webhook object. */ -export interface Webhook { - /** Unique identifier for the webhook. */ - webhookId?: string; - /** URL that gets invoked by the webhook. */ - webhookUrl?: string; - /** Time when the webhook secret was updated. */ - webhookSecretUpdateTime?: string; - /** A flag to instruct the backend service to rotate webhook secret. */ - rotateWebhookSecret?: boolean; -} - -/** Resources created in GitHub repository. */ -export interface GitHubResourceInfo { - /** GitHub application installation id. */ - appInstallationId?: string; -} - -/** Resources created in Azure DevOps repository. */ -export interface AzureDevOpsResourceInfo { - /** Id of the pipeline created for the source-control. */ - pipelineId?: string; - /** Id of the service-connection created for the source-control. */ - serviceConnectionId?: string; -} - -/** Information regarding a deployment. */ -export interface DeploymentInfo { - /** Status while fetching the last deployment. */ - deploymentFetchStatus?: DeploymentFetchStatus; - /** Deployment information. */ - deployment?: Deployment; - /** Additional details about the deployment that can be shown to the user. */ - message?: string; -} - -/** Description about a deployment. */ -export interface Deployment { - /** Deployment identifier. */ - deploymentId?: string; - /** Current status of the deployment. */ - deploymentState?: DeploymentState; - /** The outcome of the deployment. */ - deploymentResult?: DeploymentResult; - /** The time when the deployment finished. */ - deploymentTime?: Date; - /** Url to access repository action logs. */ - deploymentLogsUrl?: string; -} - /** Describes threat kill chain phase entity */ export interface ThreatIntelligenceKillChainPhase { /** Kill chainName name */ @@ -1217,7 +496,7 @@ export interface ThreatIntelligenceSortingCriteria { /** Column name */ itemKey?: string; /** Sorting order (ascending/descending/unsorted). */ - sortOrder?: ThreatIntelligenceSortingCriteriaEnum; + sortOrder?: ThreatIntelligenceSortingOrder; } /** List of all the threat intelligence metric fields (type/threat type/source). */ @@ -1272,7 +551,7 @@ export interface WatchlistList { /** List all the watchlist items. */ export interface WatchlistItemList { /** - * URL to fetch the next set of watchlist item. + * URL to fetch the next set of watchlist items. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly nextLink?: string; @@ -1280,73 +559,6 @@ export interface WatchlistItemList { value: WatchlistItem[]; } -/** List all the data connectors. */ -export interface DataConnectorList { - /** - * URL to fetch the next set of data connectors. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nextLink?: string; - /** Array of data connectors. */ - value: DataConnectorUnion[]; -} - -/** Represents Codeless API Polling data connector. */ -export interface DataConnectorConnectBody { - /** The authentication kind used to poll the data */ - kind?: ConnectAuthKind; - /** The API key of the audit server. */ - apiKey?: string; - /** Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics. */ - dataCollectionEndpoint?: string; - /** Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination. */ - dataCollectionRuleImmutableId?: string; - /** Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR. */ - outputStream?: string; - /** The client secret of the OAuth 2.0 application. */ - clientSecret?: string; - /** The client id of the OAuth 2.0 application. */ - clientId?: string; - /** The authorization code used in OAuth 2.0 code flow to issue a token. */ - authorizationCode?: string; - /** The user name in the audit log server. */ - userName?: string; - /** The user password in the audit log server. */ - password?: string; - requestConfigUserInputValues?: Record[]; -} - -/** Data connector requirements properties. */ -export interface DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: - | "AzureActiveDirectory" - | "AzureAdvancedThreatProtection" - | "AzureSecurityCenter" - | "AmazonWebServicesCloudTrail" - | "AmazonWebServicesS3" - | "Dynamics365" - | "MicrosoftCloudAppSecurity" - | "MicrosoftDefenderAdvancedThreatProtection" - | "MicrosoftThreatIntelligence" - | "MicrosoftThreatProtection" - | "OfficeATP" - | "OfficeIRM" - | "Office365Project" - | "OfficePowerBI" - | "ThreatIntelligence" - | "ThreatIntelligenceTaxii" - | "IOT"; -} - -/** Data connector requirements status. */ -export interface DataConnectorRequirementsState { - /** Authorization state for this connector */ - authorizationState?: DataConnectorAuthorizationState; - /** License state for this connector */ - licenseState?: DataConnectorLicenseState; -} - /** Lists the operations available in the SecurityInsights RP. */ export interface OperationsList { /** @@ -1390,155 +602,6 @@ export interface AlertRuleTemplateDataSource { dataTypes?: string[]; } -/** Base alert rule template property bag. */ -export interface AlertRuleTemplatePropertiesBase { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; -} - -/** Query based alert rule template base property bag. */ -export interface QueryBasedAlertRuleTemplateProperties { - /** The query that creates alerts for this rule. */ - query?: string; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ - version?: string; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} - -/** Single entity mapping for the alert rule */ -export interface EntityMapping { - /** The V3 type of the mapped entity */ - entityType?: EntityMappingType; - /** array of field mappings for the given entity mapping */ - fieldMappings?: FieldMapping[]; -} - -/** A single field mapping of the mapped entity */ -export interface FieldMapping { - /** the V3 identifier of the entity */ - identifier?: string; - /** the column name to be mapped to the identifier */ - columnName?: string; -} - -/** Settings for how to dynamically override alert static details */ -export interface AlertDetailsOverride { - /** the format containing columns name(s) to override the alert name */ - alertDisplayNameFormat?: string; - /** the format containing columns name(s) to override the alert description */ - alertDescriptionFormat?: string; - /** the column name to take the alert tactics from */ - alertTacticsColumnName?: string; - /** the column name to take the alert severity from */ - alertSeverityColumnName?: string; -} - -/** Represents a supported source signal configuration in Fusion detection. */ -export interface FusionSourceSettings { - /** Determines whether this source signal is enabled or disabled in Fusion detection. */ - enabled: boolean; - /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */ - sourceName: string; - /** Configuration for all source subtypes under this source signal consumed in fusion detection. */ - sourceSubTypes?: FusionSourceSubTypeSetting[]; -} - -/** Represents a supported source subtype configuration under a source signal in Fusion detection. */ -export interface FusionSourceSubTypeSetting { - /** Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. */ - enabled: boolean; - /** The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */ - sourceSubTypeName: string; - /** - * The display name of source subtype under a source signal consumed in Fusion detection. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sourceSubTypeDisplayName?: string; - /** Severity configuration for a source subtype consumed in fusion detection. */ - severityFilters: FusionSubTypeSeverityFilter; -} - -/** Represents severity configuration for a source subtype consumed in Fusion detection. */ -export interface FusionSubTypeSeverityFilter { - /** - * Determines whether this source subtype supports severity configuration or not. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isSupported?: boolean; - /** Individual Severity configuration settings for a given source subtype consumed in Fusion detection. */ - filters?: FusionSubTypeSeverityFiltersItem[]; -} - -/** Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */ -export interface FusionSubTypeSeverityFiltersItem { - /** The Severity for a given source subtype consumed in Fusion detection. */ - severity: AlertSeverity; - /** Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. */ - enabled: boolean; -} - -/** Represents a Fusion scenario exclusion patterns in Fusion detection. */ -export interface FusionScenarioExclusionPattern { - /** Scenario exclusion pattern. */ - exclusionPattern: string; - /** DateTime when scenario exclusion pattern is added in UTC. */ - dateAddedInUTC: string; -} - -/** Represents a source signal consumed in Fusion detection. */ -export interface FusionTemplateSourceSetting { - /** The name of a source signal consumed in Fusion detection. */ - sourceName: string; - /** All supported source subtypes under this source signal consumed in fusion detection. */ - sourceSubTypes?: FusionTemplateSourceSubType[]; -} - -/** Represents a source subtype under a source signal consumed in Fusion detection. */ -export interface FusionTemplateSourceSubType { - /** The name of source subtype under a source signal consumed in Fusion detection. */ - sourceSubTypeName: string; - /** - * The display name of source subtype under a source signal consumed in Fusion detection. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sourceSubTypeDisplayName?: string; - /** Severity configuration available for a source subtype consumed in fusion detection. */ - severityFilter: FusionTemplateSubTypeSeverityFilter; -} - -/** Represents severity configurations available for a source subtype consumed in Fusion detection. */ -export interface FusionTemplateSubTypeSeverityFilter { - /** Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. */ - isSupported: boolean; - /** List of all supported severities for this source subtype consumed in Fusion detection. */ - severityFilters?: AlertSeverity[]; -} - /** MicrosoftSecurityIncidentCreation rule common property bag. */ export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { /** the alerts' displayNames on which the cases will be generated */ @@ -1607,6 +670,34 @@ export interface EventGroupingSettings { aggregationKind?: EventGroupingAggregationKind; } +/** Single entity mapping for the alert rule */ +export interface EntityMapping { + /** The V3 type of the mapped entity */ + entityType?: EntityMappingType; + /** array of field mappings for the given entity mapping */ + fieldMappings?: FieldMapping[]; +} + +/** A single field mapping of the mapped entity */ +export interface FieldMapping { + /** the V3 identifier of the entity */ + identifier?: string; + /** the column name to be mapped to the identifier */ + columnName?: string; +} + +/** Settings for how to dynamically override alert static details */ +export interface AlertDetailsOverride { + /** the format containing columns name(s) to override the alert name */ + alertDisplayNameFormat?: string; + /** the format containing columns name(s) to override the alert description */ + alertDescriptionFormat?: string; + /** the column name to take the alert tactics from */ + alertTacticsColumnName?: string; + /** the column name to take the alert severity from */ + alertSeverityColumnName?: string; +} + export interface IncidentPropertiesAction { /** The severity of the incident */ severity?: IncidentSeverity; @@ -1616,727 +707,210 @@ export interface IncidentPropertiesAction { classification?: IncidentClassification; /** The classification reason the incident was closed with */ classificationReason?: IncidentClassificationReason; - /** Describes the reason the incident was closed. */ + /** Describes the reason the incident was closed */ classificationComment?: string; /** Information on the user an incident is assigned to */ owner?: IncidentOwnerInfo; - /** List of labels to add to the incident. */ + /** List of labels to add to the incident */ labels?: IncidentLabel[]; } -export interface AutomationRulePropertyArrayChangedValuesCondition { - arrayType?: AutomationRulePropertyArrayChangedConditionSupportedArrayType; - changeType?: AutomationRulePropertyArrayChangedConditionSupportedChangeType; -} - -export interface AutomationRulePropertyValuesChangedCondition { - propertyName?: AutomationRulePropertyChangedConditionSupportedPropertyType; - changeType?: AutomationRulePropertyChangedConditionSupportedChangedType; - operator?: AutomationRulePropertyConditionSupportedOperator; - propertyValues?: string[]; -} - export interface AutomationRulePropertyValuesCondition { - /** The property to evaluate in an automation rule property condition. */ + /** The property to evaluate in an automation rule property condition */ propertyName?: AutomationRulePropertyConditionSupportedProperty; operator?: AutomationRulePropertyConditionSupportedOperator; propertyValues?: string[]; } export interface PlaybookActionProperties { - /** The resource id of the playbook resource. */ - logicAppResourceId?: string; - /** The tenant id of the playbook resource. */ + /** The resource id of the playbook resource */ + logicAppResourceId: string; + /** The tenant id of the playbook resource */ tenantId?: string; } -/** An properties abstract Query item for entity */ -export interface EntityQueryItemProperties { - /** Data types for template */ - dataTypes?: EntityQueryItemPropertiesDataTypesItem[]; - /** The type of the entity */ - inputEntityType?: EntityType; - /** Data types for template */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: Record; -} - -export interface EntityQueryItemPropertiesDataTypesItem { - /** Data type name */ - dataType?: string; -} - -/** The insight table query. */ -export interface InsightQueryItemPropertiesTableQuery { - /** List of insight column definitions. */ - columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[]; - /** List of insight queries definitions. */ - queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[]; -} - -export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { - /** Insight column header. */ - header?: string; - /** Insights Column type. */ - outputType?: OutputType; - /** Is query supports deep-link. */ - supportDeepLink?: boolean; -} - -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { - /** Insight column header. */ - filter?: string; - /** Insight column header. */ - summarize?: string; - /** Insight column header. */ - project?: string; - /** Insight column header. */ - linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[]; -} - -export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { - /** Insight Link Definition Projected Name. */ - projectedName?: string; - /** Insight Link Definition Query. */ - query?: string; -} - -/** The activity query definitions. */ -export interface InsightQueryItemPropertiesAdditionalQuery { - /** The insight query. */ - query?: string; - /** The insight text. */ - text?: string; -} - -/** The insight chart query. */ -export interface InsightQueryItemPropertiesDefaultTimeRange { - /** The padding for the start time of the query. */ - beforeRange?: string; - /** The padding for the end time of the query. */ - afterRange?: string; -} - -/** The insight chart query. */ -export interface InsightQueryItemPropertiesReferenceTimeRange { - /** Additional query time for looking back. */ - beforeRange?: string; -} - -/** The Activity query definitions */ -export interface ActivityEntityQueriesPropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; -} - -/** The Activity query definitions */ -export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions { - /** The Activity query to run on a given entity */ - query?: string; - /** The dimensions we want to summarize the timeline results on, this is comma separated list */ - summarizeBy?: string; -} - -/** The data type definition */ -export interface DataTypeDefinitions { - /** The data type name */ - dataType?: string; -} - -/** security ml analytics settings data sources */ -export interface SecurityMLAnalyticsSettingsDataSource { - /** The connector id that provides the following data types */ - connectorId?: string; - /** The data types used by the security ml analytics settings */ - dataTypes?: string[]; -} - -/** Properties data connector on tenant level. */ -export interface DataConnectorTenantId { - /** The tenant id to connect to, and get the data from. */ - tenantId: string; -} - -/** Data connector properties. */ -export interface DataConnectorWithAlertsProperties { - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - /** Alerts data type for data connectors. */ export interface AlertsDataTypeOfDataConnector { /** Alerts data type connection. */ - alerts: DataConnectorDataTypeCommon; + alerts?: DataConnectorDataTypeCommon; } /** Common field for data type in data connectors. */ export interface DataConnectorDataTypeCommon { /** Describe whether this data type connection is enabled or not. */ - state: DataTypeState; -} - -/** The available data types for Microsoft Threat Intelligence Platforms data connector. */ -export interface MstiDataConnectorDataTypes { - /** Data type for Microsoft Threat Intelligence Platforms data connector. */ - bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL; - /** Data type for Microsoft Threat Intelligence Platforms data connector. */ - microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed; + state?: DataTypeState; } -/** The available data types for Microsoft Threat Protection Platforms data connector. */ -export interface MTPDataConnectorDataTypes { - /** Data type for Microsoft Threat Protection Platforms data connector. */ - incidents: MTPDataConnectorDataTypesIncidents; +/** Data connector properties. */ +export interface DataConnectorWithAlertsProperties { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; } /** The available data types for Amazon Web Services CloudTrail data connector. */ export interface AwsCloudTrailDataConnectorDataTypes { /** Logs data type. */ - logs: AwsCloudTrailDataConnectorDataTypesLogs; -} - -/** The available data types for Amazon Web Services S3 data connector. */ -export interface AwsS3DataConnectorDataTypes { - /** Logs data type. */ - logs: AwsS3DataConnectorDataTypesLogs; -} - -/** The available data types for Dynamics365 data connector. */ -export interface Dynamics365DataConnectorDataTypes { - /** Common Data Service data type connection. */ - dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities; + logs?: AwsCloudTrailDataConnectorDataTypesLogs; } -/** The available data types for Office Microsoft Project data connector. */ -export interface Office365ProjectConnectorDataTypes { - /** Logs data type. */ - logs: Office365ProjectConnectorDataTypesLogs; +/** Properties data connector on tenant level. */ +export interface DataConnectorTenantId { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; } -/** The available data types for Office Microsoft PowerBI data connector. */ -export interface OfficePowerBIConnectorDataTypes { - /** Logs data type. */ - logs: OfficePowerBIConnectorDataTypesLogs; +/** The available data types for TI (Threat Intelligence) data connector. */ +export interface TIDataConnectorDataTypes { + /** Data type for indicators connection. */ + indicators?: TIDataConnectorDataTypesIndicators; } /** The available data types for office data connector. */ export interface OfficeDataConnectorDataTypes { /** Exchange data type connection. */ - exchange: OfficeDataConnectorDataTypesExchange; + exchange?: OfficeDataConnectorDataTypesExchange; /** SharePoint data type connection. */ - sharePoint: OfficeDataConnectorDataTypesSharePoint; + sharePoint?: OfficeDataConnectorDataTypesSharePoint; /** Teams data type connection. */ - teams: OfficeDataConnectorDataTypesTeams; -} - -/** The available data types for TI (Threat Intelligence) data connector. */ -export interface TIDataConnectorDataTypes { - /** Data type for indicators connection. */ - indicators: TIDataConnectorDataTypesIndicators; -} - -/** The available data types for Threat Intelligence TAXII data connector. */ -export interface TiTaxiiDataConnectorDataTypes { - /** Data type for TAXII connector. */ - taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient; -} - -/** Config to describe the instructions blade */ -export interface CodelessUiConnectorConfigProperties { - /** Connector blade title */ - title: string; - /** Connector publisher name */ - publisher: string; - /** Connector description */ - descriptionMarkdown: string; - /** An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery */ - customImage?: string; - /** Name of the table the connector will insert the data to */ - graphQueriesTableName: string; - /** The graph query to show the current data status */ - graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[]; - /** The sample queries for the connector */ - sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[]; - /** Data types to check for last data received */ - dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[]; - /** Define the way the connector check connectivity */ - connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[]; - /** Connector Availability Status */ - availability: Availability; - /** Permissions required for the connector */ - permissions: Permissions; - /** Instruction steps to enable the connector */ - instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[]; -} - -/** The graph query to show the current data status */ -export interface GraphQueries { - /** the metric that the query is checking */ - metricName?: string; - /** The legend for the graph */ - legend?: string; - /** The base query for the graph */ - baseQuery?: string; -} - -/** The sample queries for the connector */ -export interface SampleQueries { - /** The sample query description */ - description?: string; - /** the sample query */ - query?: string; -} - -/** Data type for last data received */ -export interface LastDataReceivedDataType { - /** Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder */ - name?: string; - /** Query for indicate last data received */ - lastDataReceivedQuery?: string; -} - -/** Setting for the connector check connectivity */ -export interface ConnectivityCriteria { - /** type of connectivity */ - type?: ConnectivityType; - /** Queries for checking connectivity */ - value?: string[]; -} - -/** Connector Availability Status */ -export interface Availability { - /** The connector Availability Status */ - status?: 1; - /** Set connector as preview */ - isPreview?: boolean; -} - -/** Permissions required for the connector */ -export interface Permissions { - /** Resource provider permissions required for the connector */ - resourceProvider?: PermissionsResourceProviderItem[]; - /** Customs permissions required for the connector */ - customs?: PermissionsCustomsItem[]; -} - -/** Resource provider permissions required for the connector */ -export interface ResourceProvider { - /** Provider name */ - provider?: ProviderName; - /** Permission description text */ - permissionsDisplayText?: string; - /** Permission provider display name */ - providerDisplayName?: string; - /** Permission provider scope */ - scope?: PermissionProviderScope; - /** Required permissions for the connector */ - requiredPermissions?: RequiredPermissions; -} - -/** Required permissions for the connector */ -export interface RequiredPermissions { - /** action permission */ - action?: boolean; - /** write permission */ - write?: boolean; - /** read permission */ - read?: boolean; - /** delete permission */ - delete?: boolean; -} - -/** Customs permissions required for the connector */ -export interface CustomsPermission { - /** Customs permissions name */ - name?: string; - /** Customs permissions description */ - description?: string; -} - -/** Instruction steps to enable the connector */ -export interface InstructionSteps { - /** Instruction step title */ - title?: string; - /** Instruction step description */ - description?: string; - /** Instruction step details */ - instructions?: InstructionStepsInstructionsItem[]; -} - -/** Instruction step details */ -export interface ConnectorInstructionModelBase { - /** The parameters for the setting */ - parameters?: Record; - /** The kind of the setting */ - type: SettingType; -} - -/** Config to describe the polling config for API poller connector */ -export interface CodelessConnectorPollingConfigProperties { - /** The poller active status */ - isActive?: boolean; - /** Describe the authentication type of the poller */ - auth: CodelessConnectorPollingAuthProperties; - /** Describe the poll request config parameters of the poller */ - request: CodelessConnectorPollingRequestProperties; - /** Describe the poll request paging config of the poller */ - paging?: CodelessConnectorPollingPagingProperties; - /** Describe the response config parameters of the poller */ - response?: CodelessConnectorPollingResponseProperties; -} - -/** Describe the authentication properties needed to successfully authenticate with the server */ -export interface CodelessConnectorPollingAuthProperties { - /** The authentication type */ - authType: string; - /** The header name which the token is sent with */ - apiKeyName?: string; - /** A prefix send in the header before the actual token */ - apiKeyIdentifier?: string; - /** Marks if the key should sent in header */ - isApiKeyInPostPayload?: string; - /** Describes the flow name, for example 'AuthCode' for Oauth 2.0 */ - flowName?: string; - /** The endpoint used to issue a token, used in Oauth 2.0 flow */ - tokenEndpoint?: string; - /** The endpoint used to authorize the user, used in Oauth 2.0 flow */ - authorizationEndpoint?: string; - /** The query parameters used in authorization request, used in Oauth 2.0 flow */ - authorizationEndpointQueryParameters?: Record; - /** The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow */ - redirectionEndpoint?: string; - /** The query headers used in token request, used in Oauth 2.0 flow */ - tokenEndpointHeaders?: Record; - /** The query parameters used in token request, used in Oauth 2.0 flow */ - tokenEndpointQueryParameters?: Record; - /** Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow */ - isClientSecretInHeader?: boolean; - /** The OAuth token scope */ - scope?: string; -} - -/** Describe the request properties needed to successfully pull from the server */ -export interface CodelessConnectorPollingRequestProperties { - /** Describe the endpoint we should pull the data from */ - apiEndpoint: string; - /** Defines the rate limit QPS */ - rateLimitQps?: number; - /** The window interval we will use the pull the data */ - queryWindowInMin: number; - /** The http method type we will use in the poll request, GET or POST */ - httpMethod: string; - /** The time format will be used the query events in a specific window */ - queryTimeFormat: string; - /** Describe the amount of time we should try and poll the data in case of failure */ - retryCount?: number; - /** The number of seconds we will consider as a request timeout */ - timeoutInSeconds?: number; - /** Describe the headers sent in the poll request */ - headers?: Record; - /** Describe the query parameters sent in the poll request */ - queryParameters?: Record; - /** For advanced scenarios for example user name/password embedded in nested JSON payload */ - queryParametersTemplate?: string; - /** This will be used the query events from a start of the time window */ - startTimeAttributeName?: string; - /** This will be used the query events from the end of the time window */ - endTimeAttributeName?: string; + teams?: OfficeDataConnectorDataTypesTeams; } -/** Describe the properties needed to make a pagination call */ -export interface CodelessConnectorPollingPagingProperties { - /** Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' */ - pagingType: string; - /** Defines the name of a next page attribute */ - nextPageParaName?: string; - /** Defines the path to a next page token JSON */ - nextPageTokenJsonPath?: string; - /** Defines the path to a page count attribute */ - pageCountAttributePath?: string; - /** Defines the path to a page total count attribute */ - pageTotalCountAttributePath?: string; - /** Defines the path to a paging time stamp attribute */ - pageTimeStampAttributePath?: string; - /** Determines whether to search for the latest time stamp in the events list */ - searchTheLatestTimeStampFromEventsList?: string; - /** Defines the name of the page size parameter */ - pageSizeParaName?: string; - /** Defines the paging size */ - pageSize?: number; -} - -/** Describes the response from the external server */ -export interface CodelessConnectorPollingResponseProperties { - /** Describes the path we should extract the data in the response */ - eventsJsonPaths: string[]; - /** Describes the path we should extract the status code in the response */ - successStatusJsonPath?: string; - /** Describes the path we should extract the status value in the response */ - successStatusValue?: string; - /** Describes if the data in the response is Gzip */ - isGzipCompressed?: boolean; -} - -/** ThreatIntelligence property bag. */ -export interface ThreatIntelligence { +/** The geo-location context attached to the ip entity */ +export interface GeoLocation { /** - * Confidence (must be between 0 and 1) + * Autonomous System Number * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly confidence?: number; + readonly asn?: number; /** - * Name of the provider from whom this Threat Intelligence information was received + * City name * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly providerName?: string; + readonly city?: string; /** - * Report link + * The country code according to ISO 3166 format * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly reportLink?: string; + readonly countryCode?: string; /** - * Threat description (free text) + * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly threatDescription?: string; + readonly countryName?: string; /** - * Threat name (e.g. "Jedobot malware") + * The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly threatName?: string; + readonly latitude?: number; /** - * Threat type (e.g. "Botnet") + * The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly threatType?: string; -} - -/** The geo-location context attached to the ip entity */ -export interface GeoLocation { + readonly longitude?: number; /** - * Autonomous System Number + * State name * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly asn?: number; + readonly state?: string; +} + +/** ThreatIntelligence property bag. */ +export interface ThreatIntelligence { /** - * City name + * Confidence (must be between 0 and 1) * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly city?: string; + readonly confidence?: number; /** - * The country code according to ISO 3166 format + * Name of the provider from whom this Threat Intelligence information was received * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly countryCode?: string; + readonly providerName?: string; /** - * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + * Report link * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly countryName?: string; + readonly reportLink?: string; /** - * The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. + * Threat description (free text) * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly latitude?: number; + readonly threatDescription?: string; /** - * The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. + * Threat name (e.g. "Jedobot malware") * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly longitude?: number; + readonly threatName?: string; /** - * State name + * Threat type (e.g. "Botnet") * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly state?: string; + readonly threatType?: string; } /** An azure resource object with an Etag property */ -export interface ResourceWithEtag extends Resource { +export type ResourceWithEtag = Resource & { /** Etag of the azure resource */ etag?: string; -} +}; + +/** Action for alert rule. */ +export type ActionResponse = Resource & { + /** Etag of the action. */ + etag?: string; + /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ + logicAppResourceId?: string; + /** The name of the logic app's workflow. */ + workflowId?: string; +}; /** Alert rule template. */ -export interface AlertRuleTemplate extends Resource { - /** The kind of the alert rule */ +export type AlertRuleTemplate = Resource & { + /** The alert rule kind */ kind: AlertRuleKind; -} +}; /** Specific entity. */ -export interface Entity extends Resource { +export type Entity = Resource & { /** The kind of the entity. */ - kind: EntityKind; -} - -/** Specific entity query template. */ -export interface EntityQueryTemplate extends Resource { - /** the entity query template kind */ - kind: EntityQueryTemplateKind; -} - -/** Consent for Office365 tenant that already made. */ -export interface OfficeConsent extends Resource { - /** The tenantId of the Office365 with the consent. */ - tenantId?: string; - /** Help to easily cascade among the data layers. */ - consentId?: string; -} + kind: EntityKindEnum; +}; /** Action property bag. */ -export interface ActionResponseProperties extends ActionPropertiesBase { +export type ActionResponseProperties = ActionPropertiesBase & { /** The name of the logic app's workflow. */ workflowId?: string; -} +}; /** Action property bag. */ -export interface ActionRequestProperties extends ActionPropertiesBase { +export type ActionRequestProperties = ActionPropertiesBase & { /** Logic App Callback URL for this specific workflow. */ triggerUri: string; -} - -/** Describes an automation rule condition that evaluates an array property's value change */ -export interface PropertyArrayChangedConditionProperties - extends AutomationRuleCondition { - /** Polymorphic discriminator, which specifies the different types this object can be */ - conditionType: "PropertyArrayChanged"; - conditionProperties?: AutomationRulePropertyArrayChangedValuesCondition; -} - -/** Describes an automation rule condition that evaluates a property's value change */ -export interface PropertyChangedConditionProperties - extends AutomationRuleCondition { - /** Polymorphic discriminator, which specifies the different types this object can be */ - conditionType: "PropertyChanged"; - conditionProperties?: AutomationRulePropertyValuesChangedCondition; -} +}; /** Describes an automation rule condition that evaluates a property's value */ -export interface PropertyConditionProperties extends AutomationRuleCondition { +export type PropertyConditionProperties = AutomationRuleCondition & { /** Polymorphic discriminator, which specifies the different types this object can be */ conditionType: "Property"; conditionProperties?: AutomationRulePropertyValuesCondition; -} +}; -/** Describes an automation rule action to modify an object's properties */ -export interface AutomationRuleModifyPropertiesAction - extends AutomationRuleAction { +/** Describes an automation rule action to modify an object's properties. */ +export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "ModifyProperties"; actionConfiguration?: IncidentPropertiesAction; -} +}; /** Describes an automation rule action to run a playbook */ -export interface AutomationRuleRunPlaybookAction extends AutomationRuleAction { +export type AutomationRuleRunPlaybookAction = AutomationRuleAction & { /** Polymorphic discriminator, which specifies the different types this object can be */ actionType: "RunPlaybook"; actionConfiguration?: PlaybookActionProperties; -} - -/** Represents Activity timeline item. */ -export interface ActivityTimelineItem extends EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Activity"; - /** The activity query id. */ - queryId: string; - /** The grouping bucket start time. */ - bucketStartTimeUTC: Date; - /** The grouping bucket end time. */ - bucketEndTimeUTC: Date; - /** The time of the first activity in the grouping bucket. */ - firstActivityTimeUTC: Date; - /** The time of the last activity in the grouping bucket. */ - lastActivityTimeUTC: Date; - /** The activity timeline content. */ - content: string; - /** The activity timeline title. */ - title: string; -} - -/** Represents bookmark timeline item. */ -export interface BookmarkTimelineItem extends EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Bookmark"; - /** The bookmark azure resource id. */ - azureResourceId: string; - /** The bookmark display name. */ - displayName?: string; - /** The notes of the bookmark */ - notes?: string; - /** The bookmark end time. */ - endTimeUtc?: Date; - /** The bookmark start time. */ - startTimeUtc?: Date; - /** The bookmark event time. */ - eventTime?: Date; - /** Describes a user that created the bookmark */ - createdBy?: UserInfo; - /** List of labels relevant to this bookmark */ - labels?: string[]; -} - -/** Represents anomaly timeline item. */ -export interface AnomalyTimelineItem extends EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Anomaly"; - /** The anomaly azure resource id. */ - azureResourceId: string; - /** The anomaly product name. */ - productName?: string; - /** The anomaly description. */ - description?: string; - /** The anomaly name. */ - displayName: string; - /** The anomaly end time. */ - endTimeUtc: Date; - /** The anomaly start time. */ - startTimeUtc: Date; - /** The anomaly generated time. */ - timeGenerated: Date; - /** The name of the anomaly vendor. */ - vendor?: string; - /** The intent of the anomaly. */ - intent?: string; - /** The techniques of the anomaly. */ - techniques?: string[]; - /** The reasons that cause the anomaly. */ - reasons?: string[]; -} - -/** Represents security alert timeline item. */ -export interface SecurityAlertTimelineItem extends EntityTimelineItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "SecurityAlert"; - /** The alert azure resource id. */ - azureResourceId: string; - /** The alert product name. */ - productName?: string; - /** The alert description. */ - description?: string; - /** The alert name. */ - displayName: string; - /** The alert severity. */ - severity: AlertSeverity; - /** The alert end time. */ - endTimeUtc: Date; - /** The alert start time. */ - startTimeUtc: Date; - /** The alert generated time. */ - timeGenerated: Date; - /** The name of the alert type. */ - alertType: string; -} - -/** Represents Insight Query. */ -export interface InsightQueryItem extends EntityQueryItem { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Insight"; - /** Properties bag for InsightQueryItem */ - properties?: InsightQueryItemProperties; -} +}; /** SecurityAlert entity property bag. */ -export interface SecurityAlertProperties extends EntityCommonProperties { +export type SecurityAlertProperties = EntityCommonProperties & { /** * The display name of the alert. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2459,10 +1033,10 @@ export interface SecurityAlertProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly resourceIdentifiers?: Record[]; -} +}; /** Describes bookmark properties */ -export interface HuntingBookmarkProperties extends EntityCommonProperties { +export type HuntingBookmarkProperties = EntityCommonProperties & { /** The time the bookmark was created */ created?: Date; /** Describes a user that created the bookmark */ @@ -2485,11 +1059,10 @@ export interface HuntingBookmarkProperties extends EntityCommonProperties { updatedBy?: UserInfo; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; -} +}; /** Describes threat intelligence entity properties */ -export interface ThreatIntelligenceIndicatorProperties - extends EntityCommonProperties { +export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & { /** List of tags */ threatIntelligenceTags?: string[]; /** Last updated time in UTC */ @@ -2546,10 +1119,10 @@ export interface ThreatIntelligenceIndicatorProperties modified?: string; /** Extensions map */ extensions?: { [propertyName: string]: any }; -} +}; /** Account entity property bag. */ -export interface AccountEntityProperties extends EntityCommonProperties { +export type AccountEntityProperties = EntityCommonProperties & { /** * The Azure Active Directory tenant id. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2581,7 +1154,7 @@ export interface AccountEntityProperties extends EntityCommonProperties { */ readonly isDomainJoined?: boolean; /** - * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. + * The NetBIOS domain name as it appears in the alert format - domain\username. Examples: NT AUTHORITY. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly ntDomain?: string; @@ -2610,10 +1183,10 @@ export interface AccountEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly dnsDomain?: string; -} +}; /** AzureResource entity property bag. */ -export interface AzureResourceEntityProperties extends EntityCommonProperties { +export type AzureResourceEntityProperties = EntityCommonProperties & { /** * The azure resource id of the resource * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2624,11 +1197,10 @@ export interface AzureResourceEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly subscriptionId?: string; -} +}; /** CloudApplication entity property bag. */ -export interface CloudApplicationEntityProperties - extends EntityCommonProperties { +export type CloudApplicationEntityProperties = EntityCommonProperties & { /** * The technical identifier of the application. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2644,10 +1216,10 @@ export interface CloudApplicationEntityProperties * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly instanceName?: string; -} +}; /** Dns entity property bag. */ -export interface DnsEntityProperties extends EntityCommonProperties { +export type DnsEntityProperties = EntityCommonProperties & { /** * An ip entity id for the dns server resolving the request * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2668,10 +1240,10 @@ export interface DnsEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly ipAddressEntityIds?: string[]; -} +}; /** File entity property bag. */ -export interface FileEntityProperties extends EntityCommonProperties { +export type FileEntityProperties = EntityCommonProperties & { /** * The full path to the file. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2692,10 +1264,10 @@ export interface FileEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly hostEntityId?: string; -} +}; /** FileHash entity property bag. */ -export interface FileHashEntityProperties extends EntityCommonProperties { +export type FileHashEntityProperties = EntityCommonProperties & { /** * The hash algorithm type. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2706,10 +1278,10 @@ export interface FileHashEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly hashValue?: string; -} +}; /** Host entity property bag. */ -export interface HostEntityProperties extends EntityCommonProperties { +export type HostEntityProperties = EntityCommonProperties & { /** * The azure resource id of the VM. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2752,10 +1324,10 @@ export interface HostEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly osVersion?: string; -} +}; /** IoTDevice entity property bag. */ -export interface IoTDeviceEntityProperties extends EntityCommonProperties { +export type IoTDeviceEntityProperties = EntityCommonProperties & { /** * The ID of the IoT Device in the IoT Hub * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2841,62 +1413,10 @@ export interface IoTDeviceEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly protocols?: string[]; - /** - * A list of owners of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly owners?: string[]; - /** - * A list of Nic entity ids of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nicEntityIds?: string[]; - /** - * The site of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly site?: string; - /** - * The zone location of the device within a site - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly zone?: string; - /** - * The sensor the device is monitored by - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sensor?: string; - /** - * The subType of the device ('PLC', 'HMI', 'EWS', etc.) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceSubType?: string; - /** Device importance, determines if the device classified as 'crown jewel' */ - importance?: DeviceImportance; - /** - * The Purdue Layer of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly purdueLayer?: string; - /** - * Determines whether the device classified as authorized device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isAuthorized?: boolean; - /** - * Determines whether the device classified as programming device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isProgramming?: boolean; - /** - * Is the device classified as a scanner device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isScanner?: boolean; -} +}; /** Ip entity property bag. */ -export interface IpEntityProperties extends EntityCommonProperties { +export type IpEntityProperties = EntityCommonProperties & { /** * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2912,10 +1432,10 @@ export interface IpEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly threatIntelligence?: ThreatIntelligence[]; -} +}; /** Mailbox entity property bag. */ -export interface MailboxEntityProperties extends EntityCommonProperties { +export type MailboxEntityProperties = EntityCommonProperties & { /** * The mailbox's primary address * NOTE: This property will not be serialized. It can only be populated by the server. @@ -2936,10 +1456,10 @@ export interface MailboxEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly externalDirectoryObjectId?: string; -} +}; /** Mail cluster entity property bag. */ -export interface MailClusterEntityProperties extends EntityCommonProperties { +export type MailClusterEntityProperties = EntityCommonProperties & { /** * The mail message IDs that are part of the mail cluster * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3015,10 +1535,10 @@ export interface MailClusterEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly clusterGroup?: string; -} +}; /** Mail message entity property bag. */ -export interface MailMessageEntityProperties extends EntityCommonProperties { +export type MailMessageEntityProperties = EntityCommonProperties & { /** * The File entity ids of this mail message's attachments * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3120,10 +1640,10 @@ export interface MailMessageEntityProperties extends EntityCommonProperties { deliveryAction?: DeliveryAction; /** The delivery location of this mail message like Inbox, JunkFolder etc */ deliveryLocation?: DeliveryLocation; -} +}; /** Malware entity property bag. */ -export interface MalwareEntityProperties extends EntityCommonProperties { +export type MalwareEntityProperties = EntityCommonProperties & { /** * The malware category by the vendor, e.g. Trojan * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3144,10 +1664,10 @@ export interface MalwareEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly processEntityIds?: string[]; -} +}; /** Process entity property bag. */ -export interface ProcessEntityProperties extends EntityCommonProperties { +export type ProcessEntityProperties = EntityCommonProperties & { /** * The account entity id running the processes. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3190,10 +1710,10 @@ export interface ProcessEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly processId?: string; -} +}; /** RegistryKey entity property bag. */ -export interface RegistryKeyEntityProperties extends EntityCommonProperties { +export type RegistryKeyEntityProperties = EntityCommonProperties & { /** * the hive that holds the registry key. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3204,10 +1724,10 @@ export interface RegistryKeyEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly key?: string; -} +}; /** RegistryValue entity property bag. */ -export interface RegistryValueEntityProperties extends EntityCommonProperties { +export type RegistryValueEntityProperties = EntityCommonProperties & { /** * The registry key entity id. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3228,10 +1748,10 @@ export interface RegistryValueEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly valueType?: RegistryValueKind; -} +}; /** SecurityGroup entity property bag. */ -export interface SecurityGroupEntityProperties extends EntityCommonProperties { +export type SecurityGroupEntityProperties = EntityCommonProperties & { /** * The group distinguished name * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3247,10 +1767,10 @@ export interface SecurityGroupEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly sid?: string; -} +}; /** Submission mail entity property bag. */ -export interface SubmissionMailEntityProperties extends EntityCommonProperties { +export type SubmissionMailEntityProperties = EntityCommonProperties & { /** * The network message id of email to which submission belongs * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3301,207 +1821,19 @@ export interface SubmissionMailEntityProperties extends EntityCommonProperties { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly reportType?: string; -} +}; /** Url entity property bag. */ -export interface UrlEntityProperties extends EntityCommonProperties { +export type UrlEntityProperties = EntityCommonProperties & { /** * A full URL the entity points to * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly url?: string; -} - -/** Nic entity property bag. */ -export interface NicEntityProperties extends EntityCommonProperties { - /** - * The MAC address of this network interface - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly macAddress?: string; - /** - * The IP entity id of this network interface - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityId?: string; - /** - * A list of VLANs of the network interface entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vlans?: string[]; -} - -/** Represents AAD (Azure Active Directory) requirements check request. */ -export interface AADCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureActiveDirectory"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */ -export interface AatpCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureAdvancedThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents ASC (Azure Security Center) requirements check request. */ -export interface ASCCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AzureSecurityCenter"; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} - -/** Amazon Web Services CloudTrail requirements check request. */ -export interface AwsCloudTrailCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AmazonWebServicesCloudTrail"; -} - -/** Amazon Web Services S3 requirements check request. */ -export interface AwsS3CheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "AmazonWebServicesS3"; -} - -/** Represents Dynamics365 requirements check request. */ -export interface Dynamics365CheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Dynamics365"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents MCAS (Microsoft Cloud App Security) requirements check request. */ -export interface McasCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftCloudAppSecurity"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ -export interface MdatpCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftDefenderAdvancedThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents Microsoft Threat Intelligence requirements check request. */ -export interface MstiCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftThreatIntelligence"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents MTP (Microsoft Threat Protection) requirements check request. */ -export interface MtpCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "MicrosoftThreatProtection"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */ -export interface OfficeATPCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "OfficeATP"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */ -export interface OfficeIRMCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "OfficeIRM"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents Office365 Project requirements check request. */ -export interface Office365ProjectCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "Office365Project"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents Office PowerBI requirements check request. */ -export interface OfficePowerBICheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "OfficePowerBI"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Threat Intelligence Platforms data connector check requirements */ -export interface TICheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "ThreatIntelligence"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Threat Intelligence TAXII data connector check requirements */ -export interface TiTaxiiCheckRequirements - extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "ThreatIntelligenceTaxii"; - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; -} - -/** Represents IoT requirements check request. */ -export interface IoTCheckRequirements extends DataConnectorsCheckRequirements { - /** Polymorphic discriminator, which specifies the different types this object can be */ - kind: "IOT"; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} - -/** Alert rule template with MITRE property bag. */ -export interface AlertRuleTemplateWithMitreProperties - extends AlertRuleTemplatePropertiesBase { - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The techniques of the alert rule */ - techniques?: string[]; -} - -/** MicrosoftSecurityIncidentCreation rule template properties */ -export interface MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - extends AlertRuleTemplatePropertiesBase { - /** the alerts' displayNames on which the cases will be generated */ - displayNamesFilter?: string[]; - /** the alerts' displayNames on which the cases will not be generated */ - displayNamesExcludeFilter?: string[]; - /** The alerts' productName on which the cases will be generated */ - productFilter?: MicrosoftSecurityProductName; - /** the alerts' severities on which the cases will be generated */ - severitiesFilter?: AlertSeverity[]; -} - -/** NRT alert rule template properties */ -export interface NrtAlertRuleTemplateProperties - extends AlertRuleTemplateWithMitreProperties, - QueryBasedAlertRuleTemplateProperties {} +}; /** MicrosoftSecurityIncidentCreation rule property bag. */ -export interface MicrosoftSecurityIncidentCreationAlertRuleProperties - extends MicrosoftSecurityIncidentCreationAlertRuleCommonProperties { +export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & { /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; /** The description of the alert rule. */ @@ -3515,11 +1847,10 @@ export interface MicrosoftSecurityIncidentCreationAlertRuleProperties * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedUtc?: Date; -} +}; /** Scheduled alert rule base property bag. */ -export interface ScheduledAlertRuleProperties - extends ScheduledAlertRuleCommonProperties { +export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & { /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ @@ -3545,317 +1876,65 @@ export interface ScheduledAlertRuleProperties techniques?: string[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; -} - -/** Represents Insight Query. */ -export interface InsightQueryItemProperties extends EntityQueryItemProperties { - /** The insight display name. */ - displayName?: string; - /** The insight description. */ - description?: string; - /** The base query of the insight. */ - baseQuery?: string; - /** The insight table query. */ - tableQuery?: InsightQueryItemPropertiesTableQuery; - /** The insight chart query. */ - chartQuery?: Record; - /** The activity query definitions. */ - additionalQuery?: InsightQueryItemPropertiesAdditionalQuery; - /** The insight chart query. */ - defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange; - /** The insight chart query. */ - referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange; -} - -/** AAD (Azure Active Directory) requirements check properties. */ -export interface AADCheckRequirementsProperties extends DataConnectorTenantId {} - -/** AATP (Azure Advanced Threat Protection) requirements check properties. */ -export interface AatpCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** Dynamics365 requirements check properties. */ -export interface Dynamics365CheckRequirementsProperties - extends DataConnectorTenantId {} - -/** MCAS (Microsoft Cloud App Security) requirements check properties. */ -export interface McasCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */ -export interface MdatpCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** Microsoft Threat Intelligence requirements check properties. */ -export interface MstiCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** MTP (Microsoft Threat Protection) requirements check properties. */ -export interface MTPCheckRequirementsProperties extends DataConnectorTenantId {} - -/** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */ -export interface OfficeATPCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */ -export interface OfficeIRMCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** Office365 Project requirements check properties. */ -export interface Office365ProjectCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** Office PowerBI requirements check properties. */ -export interface OfficePowerBICheckRequirementsProperties - extends DataConnectorTenantId {} - -/** Threat Intelligence Platforms data connector required properties. */ -export interface TICheckRequirementsProperties extends DataConnectorTenantId {} - -/** Threat Intelligence TAXII data connector required properties. */ -export interface TiTaxiiCheckRequirementsProperties - extends DataConnectorTenantId {} - -/** AAD (Azure Active Directory) data connector properties. */ -export interface AADDataConnectorProperties - extends DataConnectorTenantId, - DataConnectorWithAlertsProperties {} - -/** Microsoft Threat Intelligence data connector properties. */ -export interface MstiDataConnectorProperties extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: MstiDataConnectorDataTypes; -} - -/** MTP (Microsoft Threat Protection) data connector properties. */ -export interface MTPDataConnectorProperties extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: MTPDataConnectorDataTypes; -} - -/** AATP (Azure Advanced Threat Protection) data connector properties. */ -export interface AatpDataConnectorProperties - extends DataConnectorTenantId, - DataConnectorWithAlertsProperties {} - -/** MCAS (Microsoft Cloud App Security) data connector properties. */ -export interface McasDataConnectorProperties extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: McasDataConnectorDataTypes; -} - -/** Dynamics365 data connector properties. */ -export interface Dynamics365DataConnectorProperties - extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: Dynamics365DataConnectorDataTypes; -} - -/** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */ -export interface OfficeATPDataConnectorProperties - extends DataConnectorTenantId, - DataConnectorWithAlertsProperties {} - -/** Office Microsoft Project data connector properties. */ -export interface Office365ProjectDataConnectorProperties - extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: Office365ProjectConnectorDataTypes; -} - -/** Office Microsoft PowerBI data connector properties. */ -export interface OfficePowerBIDataConnectorProperties - extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: OfficePowerBIConnectorDataTypes; -} - -/** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ -export interface OfficeIRMDataConnectorProperties - extends DataConnectorTenantId, - DataConnectorWithAlertsProperties {} - -/** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */ -export interface MdatpDataConnectorProperties - extends DataConnectorTenantId, - DataConnectorWithAlertsProperties {} - -/** Office data connector properties. */ -export interface OfficeDataConnectorProperties extends DataConnectorTenantId { - /** The available data types for the connector. */ - dataTypes: OfficeDataConnectorDataTypes; -} - -/** TI (Threat Intelligence) data connector properties. */ -export interface TIDataConnectorProperties extends DataConnectorTenantId { - /** The lookback period for the feed to be imported. */ - tipLookbackPeriod?: Date; - /** The available data types for the connector. */ - dataTypes: TIDataConnectorDataTypes; -} - -/** Threat Intelligence TAXII data connector properties. */ -export interface TiTaxiiDataConnectorProperties extends DataConnectorTenantId { - /** The workspace id. */ - workspaceId?: string; - /** The friendly name for the TAXII server. */ - friendlyName?: string; - /** The API root for the TAXII server. */ - taxiiServer?: string; - /** The collection id of the TAXII server. */ - collectionId?: string; - /** The userName for the TAXII server. */ - userName?: string; - /** The password for the TAXII server. */ - password?: string; - /** The lookback period for the TAXII server. */ - taxiiLookbackPeriod?: Date; - /** The polling frequency for the TAXII server. */ - pollingFrequency: PollingFrequency | null; - /** The available data types for Threat Intelligence TAXII data connector. */ - dataTypes: TiTaxiiDataConnectorDataTypes; -} - -/** ASC (Azure Security Center) data connector properties. */ -export interface ASCDataConnectorProperties - extends DataConnectorWithAlertsProperties { - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} - -/** IoT data connector properties. */ -export interface IoTDataConnectorProperties - extends DataConnectorWithAlertsProperties { - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} +}; /** The available data types for MCAS (Microsoft Cloud App Security) data connector. */ -export interface McasDataConnectorDataTypes - extends AlertsDataTypeOfDataConnector { +export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & { /** Discovery log data type connection. */ discoveryLogs?: DataConnectorDataTypeCommon; -} - -/** Data type for Microsoft Threat Intelligence Platforms data connector. */ -export interface MstiDataConnectorDataTypesBingSafetyPhishingURL - extends DataConnectorDataTypeCommon { - /** lookback period */ - lookbackPeriod: string; -} - -/** Data type for Microsoft Threat Intelligence Platforms data connector. */ -export interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed - extends DataConnectorDataTypeCommon { - /** lookback period */ - lookbackPeriod: string; -} - -/** Data type for Microsoft Threat Protection Platforms data connector. */ -export interface MTPDataConnectorDataTypesIncidents - extends DataConnectorDataTypeCommon {} - -/** Logs data type. */ -export interface AwsCloudTrailDataConnectorDataTypesLogs - extends DataConnectorDataTypeCommon {} - -/** Logs data type. */ -export interface AwsS3DataConnectorDataTypesLogs - extends DataConnectorDataTypeCommon {} - -/** Common Data Service data type connection. */ -export interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities - extends DataConnectorDataTypeCommon {} +}; /** Logs data type. */ -export interface Office365ProjectConnectorDataTypesLogs - extends DataConnectorDataTypeCommon {} +export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {}; -/** Logs data type. */ -export interface OfficePowerBIConnectorDataTypesLogs - extends DataConnectorDataTypeCommon {} +/** Data type for indicators connection. */ +export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {}; /** Exchange data type connection. */ -export interface OfficeDataConnectorDataTypesExchange - extends DataConnectorDataTypeCommon {} +export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {}; /** SharePoint data type connection. */ -export interface OfficeDataConnectorDataTypesSharePoint - extends DataConnectorDataTypeCommon {} +export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {}; /** Teams data type connection. */ -export interface OfficeDataConnectorDataTypesTeams - extends DataConnectorDataTypeCommon {} - -/** Data type for indicators connection. */ -export interface TIDataConnectorDataTypesIndicators - extends DataConnectorDataTypeCommon {} - -/** Data type for TAXII connector. */ -export interface TiTaxiiDataConnectorDataTypesTaxiiClient - extends DataConnectorDataTypeCommon {} - -export interface CodelessUiConnectorConfigPropertiesGraphQueriesItem - extends GraphQueries {} - -export interface CodelessUiConnectorConfigPropertiesSampleQueriesItem - extends SampleQueries {} - -export interface CodelessUiConnectorConfigPropertiesDataTypesItem - extends LastDataReceivedDataType {} - -export interface CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem - extends ConnectivityCriteria {} - -export interface PermissionsResourceProviderItem extends ResourceProvider {} +export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {}; -/** Customs permissions required for the connector */ -export interface Customs extends CustomsPermission {} - -export interface CodelessUiConnectorConfigPropertiesInstructionStepsItem - extends InstructionSteps {} - -export interface InstructionStepsInstructionsItem - extends ConnectorInstructionModelBase {} +/** ASC (Azure Security Center) data connector properties. */ +export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & { + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; /** Alert rule. */ -export interface AlertRule extends ResourceWithEtag { - /** The kind of the alert rule */ +export type AlertRule = ResourceWithEtag & { + /** The alert rule kind */ kind: AlertRuleKind; -} - -/** Action for alert rule. */ -export interface ActionResponse extends ResourceWithEtag { - /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ - logicAppResourceId?: string; - /** The name of the logic app's workflow. */ - workflowId?: string; -} +}; /** Action for alert rule. */ -export interface ActionRequest extends ResourceWithEtag { +export type ActionRequest = ResourceWithEtag & { /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */ logicAppResourceId?: string; /** Logic App Callback URL for this specific workflow. */ triggerUri?: string; -} +}; -export interface AutomationRule extends ResourceWithEtag { - /** The display name of the automation rule. */ +export type AutomationRule = ResourceWithEtag & { + /** The display name of the automation rule */ displayName: string; - /** The order of execution of the automation rule. */ + /** The order of execution of the automation rule */ order: number; - /** Describes automation rule triggering logic. */ + /** Describes automation rule triggering logic */ triggeringLogic: AutomationRuleTriggeringLogic; - /** The actions to execute when the automation rule is triggered. */ + /** The actions to execute when the automation rule is triggered */ actions: AutomationRuleActionUnion[]; /** - * The last time the automation rule was updated. + * The last time the automation rule was updated * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedTimeUtc?: Date; /** - * The time the automation rule was created. + * The time the automation rule was created * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly createdTimeUtc?: Date; @@ -3869,10 +1948,10 @@ export interface AutomationRule extends ResourceWithEtag { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly createdBy?: ClientInfo; -} +}; /** Represents a bookmark in Azure Security Insights. */ -export interface Bookmark extends ResourceWithEtag { +export type Bookmark = ResourceWithEtag & { /** The time the bookmark was created */ created?: Date; /** Describes a user that created the bookmark */ @@ -3899,49 +1978,16 @@ export interface Bookmark extends ResourceWithEtag { queryEndTime?: Date; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; - /** Describes the entity mappings of the bookmark */ - entityMappings?: BookmarkEntityMappings[]; - /** A list of relevant mitre attacks */ - tactics?: AttackTactic[]; - /** A list of relevant mitre techniques */ - techniques?: string[]; -} - -/** Represents a relation between two resources */ -export interface Relation extends ResourceWithEtag { - /** The resource ID of the related resource */ - relatedResourceId?: string; - /** - * The name of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceName?: string; - /** - * The resource type of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceType?: string; - /** - * The resource kind of the related resource - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly relatedResourceKind?: string; -} - -/** Specific entity query. */ -export interface EntityQuery extends ResourceWithEtag { - /** the entity query kind */ - kind: EntityQueryKind; -} +}; -/** Specific entity query that supports put requests. */ -export interface CustomEntityQuery extends ResourceWithEtag { - /** the entity query kind */ - kind: CustomEntityQueryKind; -} +/** Data connector. */ +export type DataConnector = ResourceWithEtag & { + /** The data connector kind */ + kind: DataConnectorKind; +}; /** Represents an incident in Azure Security Insights. */ -export interface Incident extends ResourceWithEtag { +export type Incident = ResourceWithEtag & { /** * Additional data on the incident * NOTE: This property will not be serialized. It can only be populated by the server. @@ -3974,10 +2020,6 @@ export interface Incident extends ResourceWithEtag { readonly incidentNumber?: number; /** List of labels relevant to this incident */ labels?: IncidentLabel[]; - /** The name of the source provider that generated the incident */ - providerName?: string; - /** The incident ID assigned by the incident provider */ - providerIncidentId?: string; /** The time of the last activity in the incident */ lastActivityTimeUtc?: Date; /** @@ -3996,14 +2038,12 @@ export interface Incident extends ResourceWithEtag { severity?: IncidentSeverity; /** The status of the incident */ status?: IncidentStatus; - /** Describes a team for the incident */ - teamInformation?: TeamInformation; /** The title of the incident */ title?: string; -} +}; /** Represents an incident comment */ -export interface IncidentComment extends ResourceWithEtag { +export type IncidentComment = ResourceWithEtag & { /** * The time the comment was created * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4021,150 +2061,51 @@ export interface IncidentComment extends ResourceWithEtag { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly author?: ClientInfo; -} - -/** Metadata resource definition. */ -export interface MetadataModel extends ResourceWithEtag { - /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId?: string; - /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ - parentId?: string; - /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ - version?: string; - /** The kind of content the metadata is for. */ - kind?: Kind; - /** Source of the content. This is where/how it was created. */ - source?: MetadataSource; - /** The creator of the content item. */ - author?: MetadataAuthor; - /** Support information for the metadata - type, name, contact information */ - support?: MetadataSupport; - /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ - dependencies?: MetadataDependencies; - /** Categories for the solution content item */ - categories?: MetadataCategories; - /** Providers for the solution content item */ - providers?: string[]; - /** first publish date solution content item */ - firstPublishDate?: Date; - /** last publish date for the solution content item */ - lastPublishDate?: Date; - /** The custom version of the content. A optional free text */ - customVersion?: string; - /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */ - contentSchemaVersion?: string; - /** the icon identifier. this id can later be fetched from the solution template */ - icon?: string; - /** the tactics the resource covers */ - threatAnalysisTactics?: string[]; - /** the techniques the resource covers, these have to be aligned with the tactics being used */ - threatAnalysisTechniques?: string[]; - /** preview image file names. These will be taken from the solution artifacts */ - previewImages?: string[]; - /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */ - previewImagesDark?: string[]; -} +}; -/** Metadata patch request body. */ -export interface MetadataPatch extends ResourceWithEtag { - /** Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId?: string; - /** Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) */ - parentId?: string; - /** Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks */ - version?: string; - /** The kind of content the metadata is for. */ - kind?: Kind; - /** Source of the content. This is where/how it was created. */ - source?: MetadataSource; - /** The creator of the content item. */ - author?: MetadataAuthor; - /** Support information for the metadata - type, name, contact information */ - support?: MetadataSupport; - /** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */ - dependencies?: MetadataDependencies; - /** Categories for the solution content item */ - categories?: MetadataCategories; - /** Providers for the solution content item */ - providers?: string[]; - /** first publish date solution content item */ - firstPublishDate?: Date; - /** last publish date for the solution content item */ - lastPublishDate?: Date; - /** The custom version of the content. A optional free text */ - customVersion?: string; - /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */ - contentSchemaVersion?: string; - /** the icon identifier. this id can later be fetched from the solution template */ - icon?: string; - /** the tactics the resource covers */ - threatAnalysisTactics?: string[]; - /** the techniques the resource covers, these have to be aligned with the tactics being used */ - threatAnalysisTechniques?: string[]; - /** preview image file names. These will be taken from the solution artifacts */ - previewImages?: string[]; - /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */ - previewImagesDark?: string[]; -} +/** Represents a relation between two resources */ +export type Relation = ResourceWithEtag & { + /** The resource ID of the related resource */ + relatedResourceId?: string; + /** + * The name of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceName?: string; + /** + * The resource type of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceType?: string; + /** + * The resource kind of the related resource + * NOTE: This property will not be serialized. It can only be populated by the server. + */ + readonly relatedResourceKind?: string; +}; /** Sentinel onboarding state */ -export interface SentinelOnboardingState extends ResourceWithEtag { +export type SentinelOnboardingState = ResourceWithEtag & { /** Flag that indicates the status of the CMK setting */ customerManagedKey?: boolean; -} - -/** Security ML Analytics Setting */ -export interface SecurityMLAnalyticsSetting extends ResourceWithEtag { - /** The kind of security ML Analytics Settings */ - kind: SecurityMLAnalyticsSettingsKind; -} - -/** The Setting. */ -export interface Settings extends ResourceWithEtag { - /** The kind of the setting */ - kind: SettingKind; -} - -/** Represents a SourceControl in Azure Security Insights. */ -export interface SourceControl extends ResourceWithEtag { - /** The id (a Guid) of the source control */ - idPropertiesId?: string; - /** The version number associated with the source control */ - version?: Version; - /** The display name of the source control */ - displayName?: string; - /** A description of the source control */ - description?: string; - /** The repository type of the source control */ - repoType?: RepoType; - /** Array of source control content types. */ - contentTypes?: ContentType[]; - /** Repository metadata. */ - repository?: Repository; - /** Information regarding the resources created in user's repository. */ - repositoryResourceInfo?: RepositoryResourceInfo; - /** Information regarding the latest deployment for the source control. */ - lastDeploymentInfo?: DeploymentInfo; -} +}; /** Threat intelligence information object. */ -export interface ThreatIntelligenceInformation extends ResourceWithEtag { +export type ThreatIntelligenceInformation = ResourceWithEtag & { /** The kind of the entity. */ - kind: ThreatIntelligenceResourceKindEnum; -} + kind: ThreatIntelligenceResourceInnerKind; +}; /** Represents a Watchlist in Azure Security Insights. */ -export interface Watchlist extends ResourceWithEtag { +export type Watchlist = ResourceWithEtag & { /** The id (a Guid) of the watchlist */ watchlistId?: string; /** The display name of the watchlist */ displayName?: string; /** The provider of the watchlist */ provider?: string; - /** The filename of the watchlist, called 'source' */ - source?: string; - /** The sourceType of the watchlist */ - sourceType?: SourceType; + /** The source of the watchlist */ + source?: Source; /** The time the watchlist was created */ created?: Date; /** The last time the watchlist was updated */ @@ -4187,20 +2128,24 @@ export interface Watchlist extends ResourceWithEtag { defaultDuration?: string; /** The tenantId where the watchlist belongs to */ tenantId?: string; - /** The number of lines in a csv/tsv content to skip before the header */ + /** The number of lines in a csv content to skip before the header */ numberOfLinesToSkip?: number; - /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */ + /** + * The raw content that represents to watchlist items to create. Example : This line will be skipped + * header1,header2 + * value1,value2 + */ rawContent?: string; /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */ itemsSearchKey?: string; - /** The content type of the raw content. Example : text/csv or text/tsv */ + /** The content type of the raw content. For now, only text/csv is valid */ contentType?: string; - /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */ + /** The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted */ uploadStatus?: string; -} +}; -/** Represents a Watchlist item in Azure Security Insights. */ -export interface WatchlistItem extends ResourceWithEtag { +/** Represents a Watchlist Item in Azure Security Insights. */ +export type WatchlistItem = ResourceWithEtag & { /** The type of the watchlist item */ watchlistItemType?: string; /** The id (a Guid) of the watchlist item */ @@ -4218,50 +2163,13 @@ export interface WatchlistItem extends ResourceWithEtag { /** Describes a user that updated the watchlist item */ updatedBy?: UserInfo; /** key-value pairs for a watchlist item */ - itemsKeyValue?: { [propertyName: string]: any }; + itemsKeyValue?: Record; /** key-value pairs for a watchlist item entity mapping */ - entityMapping?: { [propertyName: string]: any }; -} - -/** Data connector */ -export interface DataConnector extends ResourceWithEtag { - /** The data connector kind */ - kind: DataConnectorKind; -} - -/** Represents MLBehaviorAnalytics alert rule template. */ -export interface MLBehaviorAnalyticsAlertRuleTemplate - extends AlertRuleTemplate { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The techniques of the alert rule */ - techniques?: string[]; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; -} + entityMapping?: Record; +}; /** Represents Fusion alert rule template. */ -export interface FusionAlertRuleTemplate extends AlertRuleTemplate { +export type FusionAlertRuleTemplate = AlertRuleTemplate & { /** the number of alert rules that were created by this template */ alertRulesCreatedByTemplateCount?: number; /** @@ -4286,62 +2194,29 @@ export interface FusionAlertRuleTemplate extends AlertRuleTemplate { severity?: AlertSeverity; /** The tactics of the alert rule template */ tactics?: AttackTactic[]; - /** The techniques of the alert rule */ + /** The techniques of the alert rule template */ techniques?: string[]; - /** All supported source signal configurations consumed in fusion detection. */ - sourceSettings?: FusionTemplateSourceSetting[]; -} +}; -/** Represents Threat Intelligence alert rule template. */ -export interface ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate { +/** Represents MicrosoftSecurityIncidentCreation rule template. */ +export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & { /** the number of alert rules that were created by this template */ alertRulesCreatedByTemplateCount?: number; - /** - * The last time that this alert rule template has been updated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastUpdatedDateUTC?: Date; /** * The time that this alert rule template has been added. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The techniques of the alert rule */ - techniques?: string[]; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; -} - -/** Represents MicrosoftSecurityIncidentCreation rule template. */ -export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate - extends AlertRuleTemplate { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; /** - * The last time that this alert rule template has been updated. + * The time that this alert rule template was last updated. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastUpdatedDateUTC?: Date; - /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; /** The description of the alert rule template. */ description?: string; /** The display name for alert rule template. */ displayName?: string; - /** The required data sources for this template */ + /** The required data connectors for this template */ requiredDataConnectors?: AlertRuleTemplateDataSource[]; /** The alert rule template status. */ status?: TemplateStatus; @@ -4353,10 +2228,10 @@ export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate productFilter?: MicrosoftSecurityProductName; /** the alerts' severities on which the cases will be generated */ severitiesFilter?: AlertSeverity[]; -} +}; /** Represents scheduled alert rule template. */ -export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { +export type ScheduledAlertRuleTemplate = AlertRuleTemplate & { /** the number of alert rules that were created by this template */ alertRulesCreatedByTemplateCount?: number; /** @@ -4391,7 +2266,7 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { triggerThreshold?: number; /** The tactics of the alert rule template */ tactics?: AttackTactic[]; - /** The techniques of the alert rule */ + /** The techniques of the alert rule template */ techniques?: string[]; /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ version?: string; @@ -4403,57 +2278,17 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate { entityMappings?: EntityMapping[]; /** The alert details override settings */ alertDetailsOverride?: AlertDetailsOverride; -} +}; -/** Represents NRT alert rule template. */ -export interface NrtAlertRuleTemplate extends AlertRuleTemplate { - /** the number of alert rules that were created by this template */ - alertRulesCreatedByTemplateCount?: number; +/** Represents a security alert entity. */ +export type SecurityAlert = Entity & { /** - * The last time that this alert rule template has been updated. + * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. */ - readonly lastUpdatedDateUTC?: Date; + readonly additionalData?: { [propertyName: string]: Record }; /** - * The time that this alert rule template has been added. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdDateUTC?: Date; - /** The description of the alert rule template. */ - description?: string; - /** The display name for alert rule template. */ - displayName?: string; - /** The required data sources for this template */ - requiredDataConnectors?: AlertRuleTemplateDataSource[]; - /** The alert rule template status. */ - status?: TemplateStatus; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The techniques of the alert rule */ - techniques?: string[]; - /** The query that creates alerts for this rule. */ - query?: string; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The version of this template - in format , where all are numbers. For example <1.0.2>. */ - version?: string; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} - -/** Represents a security alert entity. */ -export interface SecurityAlert extends Entity { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. + * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly friendlyName?: string; @@ -4579,10 +2414,10 @@ export interface SecurityAlert extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly resourceIdentifiers?: Record[]; -} +}; /** Represents a Hunting bookmark entity. */ -export interface HuntingBookmark extends Entity { +export type HuntingBookmark = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4615,10 +2450,10 @@ export interface HuntingBookmark extends Entity { updatedBy?: UserInfo; /** Describes an incident that relates to bookmark */ incidentInfo?: IncidentInfo; -} +}; /** Represents an account entity. */ -export interface AccountEntity extends Entity { +export type AccountEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4660,7 +2495,7 @@ export interface AccountEntity extends Entity { */ readonly isDomainJoined?: boolean; /** - * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. + * The NetBIOS domain name as it appears in the alert format - domain\username. Examples: NT AUTHORITY. * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly ntDomain?: string; @@ -4689,10 +2524,10 @@ export interface AccountEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly dnsDomain?: string; -} +}; /** Represents an azure resource entity. */ -export interface AzureResourceEntity extends Entity { +export type AzureResourceEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4713,10 +2548,10 @@ export interface AzureResourceEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly subscriptionId?: string; -} +}; /** Represents a cloud application entity. */ -export interface CloudApplicationEntity extends Entity { +export type CloudApplicationEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4742,10 +2577,10 @@ export interface CloudApplicationEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly instanceName?: string; -} +}; /** Represents a dns entity. */ -export interface DnsEntity extends Entity { +export type DnsEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4776,10 +2611,10 @@ export interface DnsEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly ipAddressEntityIds?: string[]; -} +}; /** Represents a file entity. */ -export interface FileEntity extends Entity { +export type FileEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4810,10 +2645,10 @@ export interface FileEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly hostEntityId?: string; -} +}; /** Represents a file hash entity. */ -export interface FileHashEntity extends Entity { +export type FileHashEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4834,10 +2669,10 @@ export interface FileHashEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly hashValue?: string; -} +}; /** Represents a host entity. */ -export interface HostEntity extends Entity { +export type HostEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4890,10 +2725,10 @@ export interface HostEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly osVersion?: string; -} +}; /** Represents an IoT device entity. */ -export interface IoTDeviceEntity extends Entity { +export type IoTDeviceEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -4989,62 +2824,10 @@ export interface IoTDeviceEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly protocols?: string[]; - /** - * A list of owners of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly owners?: string[]; - /** - * A list of Nic entity ids of the IoTDevice entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly nicEntityIds?: string[]; - /** - * The site of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly site?: string; - /** - * The zone location of the device within a site - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly zone?: string; - /** - * The sensor the device is monitored by - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly sensor?: string; - /** - * The subType of the device ('PLC', 'HMI', 'EWS', etc.) - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly deviceSubType?: string; - /** Device importance, determines if the device classified as 'crown jewel' */ - importance?: DeviceImportance; - /** - * The Purdue Layer of the device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly purdueLayer?: string; - /** - * Determines whether the device classified as authorized device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isAuthorized?: boolean; - /** - * Determines whether the device classified as programming device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isProgramming?: boolean; - /** - * Is the device classified as a scanner device - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isScanner?: boolean; -} +}; /** Represents an ip entity. */ -export interface IpEntity extends Entity { +export type IpEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5070,10 +2853,10 @@ export interface IpEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly threatIntelligence?: ThreatIntelligence[]; -} +}; /** Represents a mailbox entity. */ -export interface MailboxEntity extends Entity { +export type MailboxEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5104,10 +2887,10 @@ export interface MailboxEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly externalDirectoryObjectId?: string; -} +}; /** Represents a mail cluster entity. */ -export interface MailClusterEntity extends Entity { +export type MailClusterEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5193,10 +2976,10 @@ export interface MailClusterEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly clusterGroup?: string; -} +}; /** Represents a mail message entity. */ -export interface MailMessageEntity extends Entity { +export type MailMessageEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5308,10 +3091,10 @@ export interface MailMessageEntity extends Entity { deliveryAction?: DeliveryAction; /** The delivery location of this mail message like Inbox, JunkFolder etc */ deliveryLocation?: DeliveryLocation; -} +}; /** Represents a malware entity. */ -export interface MalwareEntity extends Entity { +export type MalwareEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5342,10 +3125,10 @@ export interface MalwareEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly processEntityIds?: string[]; -} +}; /** Represents a process entity. */ -export interface ProcessEntity extends Entity { +export type ProcessEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5398,10 +3181,10 @@ export interface ProcessEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly processId?: string; -} +}; /** Represents a registry key entity. */ -export interface RegistryKeyEntity extends Entity { +export type RegistryKeyEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5422,10 +3205,10 @@ export interface RegistryKeyEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly key?: string; -} +}; /** Represents a registry value entity. */ -export interface RegistryValueEntity extends Entity { +export type RegistryValueEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5456,10 +3239,10 @@ export interface RegistryValueEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly valueType?: RegistryValueKind; -} +}; /** Represents a security group entity. */ -export interface SecurityGroupEntity extends Entity { +export type SecurityGroupEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5485,10 +3268,10 @@ export interface SecurityGroupEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly sid?: string; -} +}; /** Represents a submission mail entity. */ -export interface SubmissionMailEntity extends Entity { +export type SubmissionMailEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5549,10 +3332,10 @@ export interface SubmissionMailEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly reportType?: string; -} +}; /** Represents a url entity. */ -export interface UrlEntity extends Entity { +export type UrlEntity = Entity & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -5568,155 +3351,10 @@ export interface UrlEntity extends Entity { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly url?: string; -} - -/** Represents an network interface entity. */ -export interface NicEntity extends Entity { - /** - * A bag of custom fields that should be part of the entity and will be presented to the user. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly additionalData?: { [propertyName: string]: Record }; - /** - * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly friendlyName?: string; - /** - * The MAC address of this network interface - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly macAddress?: string; - /** - * The IP entity id of this network interface - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly ipAddressEntityId?: string; - /** - * A list of VLANs of the network interface entity. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly vlans?: string[]; -} - -/** Represents Activity entity query. */ -export interface ActivityEntityQueryTemplate extends EntityQueryTemplate { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions; - /** List of required data types for the given entity query template */ - dataTypes?: DataTypeDefinitions[]; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; -} - -/** MLBehaviorAnalytics alert rule template properties. */ -export interface MLBehaviorAnalyticsAlertRuleTemplateProperties - extends AlertRuleTemplateWithMitreProperties { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; -} - -/** Threat Intelligence alert rule template properties */ -export interface ThreatIntelligenceAlertRuleTemplateProperties - extends AlertRuleTemplateWithMitreProperties { - /** The severity for alerts created by this alert rule. */ - severity: AlertSeverity; -} - -export interface PermissionsCustomsItem extends Customs {} - -/** Represents MLBehaviorAnalytics alert rule. */ -export interface MLBehaviorAnalyticsAlertRule extends AlertRule { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** - * The description of the alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The display name for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** - * The severity for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly severity?: AlertSeverity; - /** - * The tactics of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; - /** - * The techniques of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly techniques?: string[]; -} +}; /** Represents Fusion alert rule. */ -export interface FusionAlertRule extends AlertRule { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** - * The description of the alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly description?: string; - /** - * The display name for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** Configuration for all supported source signals in fusion detection. */ - sourceSettings?: FusionSourceSettings[]; - /** Configuration to exclude scenarios in fusion detection. */ - scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; - /** - * The last time that this alert has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** - * The severity for alerts created by this alert rule. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly severity?: AlertSeverity; - /** - * The tactics of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly tactics?: AttackTactic[]; - /** - * The techniques of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly techniques?: string[]; -} - -/** Represents Threat Intelligence alert rule. */ -export interface ThreatIntelligenceAlertRule extends AlertRule { +export type FusionAlertRule = AlertRule & { /** The Name of the alert rule template used to create this rule. */ alertRuleTemplateName?: string; /** @@ -5746,15 +3384,12 @@ export interface ThreatIntelligenceAlertRule extends AlertRule { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly tactics?: AttackTactic[]; - /** - * The techniques of the alert rule - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly techniques?: string[]; -} + /** The techniques of the alert rule */ + techniques?: string[]; +}; /** Represents MicrosoftSecurityIncidentCreation rule. */ -export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule { +export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & { /** the alerts' displayNames on which the cases will be generated */ displayNamesFilter?: string[]; /** the alerts' displayNames on which the cases will not be generated */ @@ -5776,10 +3411,10 @@ export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule { * NOTE: This property will not be serialized. It can only be populated by the server. */ readonly lastModifiedUtc?: Date; -} +}; /** Represents scheduled alert rule. */ -export interface ScheduledAlertRule extends AlertRule { +export type ScheduledAlertRule = AlertRule & { /** The query that creates alerts for this rule. */ query?: string; /** The frequency (in ISO 8601 duration format) for this alert rule to run. */ @@ -5825,196 +3460,76 @@ export interface ScheduledAlertRule extends AlertRule { techniques?: string[]; /** The settings of the incidents that created from alerts triggered by this analytics rule */ incidentConfiguration?: IncidentConfiguration; -} - -/** Represents NRT alert rule. */ -export interface NrtAlertRule extends AlertRule { - /** The Name of the alert rule template used to create this rule. */ - alertRuleTemplateName?: string; - /** The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2> */ - templateVersion?: string; - /** The description of the alert rule. */ - description?: string; - /** The query that creates alerts for this rule. */ - query?: string; - /** The tactics of the alert rule */ - tactics?: AttackTactic[]; - /** The techniques of the alert rule */ - techniques?: string[]; - /** The display name for alerts created by this alert rule. */ - displayName?: string; - /** Determines whether this alert rule is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this alert rule has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */ - suppressionDuration?: string; - /** Determines whether the suppression for this alert rule is enabled or disabled. */ - suppressionEnabled?: boolean; - /** The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; - /** The settings of the incidents that created from alerts triggered by this analytics rule */ - incidentConfiguration?: IncidentConfiguration; - /** Dictionary of string key-value pairs of columns to be attached to the alert */ - customDetails?: { [propertyName: string]: string }; - /** Array of the entity mappings of the alert rule */ - entityMappings?: EntityMapping[]; - /** The alert details override settings */ - alertDetailsOverride?: AlertDetailsOverride; -} +}; -/** Represents Expansion entity query. */ -export interface ExpansionEntityQuery extends EntityQuery { - /** List of the data sources that are required to run the query */ - dataSources?: string[]; - /** The query display name */ - displayName?: string; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - inputFields?: string[]; - /** List of the desired output types to be constructed from the result */ - outputEntityTypes?: EntityType[]; - /** The template query string to be parsed and formatted */ - queryTemplate?: string; -} +/** Represents AAD (Azure Active Directory) data connector. */ +export type AADDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; -/** Represents Activity entity query. */ -export interface ActivityEntityQuery extends EntityQuery { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; - /** The template id this activity was created from */ - templateName?: string; - /** Determines whether this activity is enabled or disabled. */ - enabled?: boolean; - /** - * The time the activity was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The last time the activity was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; -} +/** Represents AATP (Azure Advanced Threat Protection) data connector. */ +export type AatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; -/** Represents Activity entity query. */ -export interface ActivityCustomEntityQuery extends CustomEntityQuery { - /** The entity query title */ - title?: string; - /** The entity query content to display in timeline */ - content?: string; - /** The entity query description */ - description?: string; - /** The Activity query definitions */ - queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions; - /** The type of the query's source entity */ - inputEntityType?: EntityType; - /** List of the fields of the source entity that are required to run the query */ - requiredInputFieldsSets?: string[][]; - /** The query applied only to entities matching to all filters */ - entitiesFilter?: { [propertyName: string]: string[] }; - /** The template id this activity was created from */ - templateName?: string; - /** Determines whether this activity is enabled or disabled. */ - enabled?: boolean; - /** - * The time the activity was created - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly createdTimeUtc?: Date; - /** - * The last time the activity was updated - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedTimeUtc?: Date; -} +/** Represents ASC (Azure Security Center) data connector. */ +export type ASCDataConnector = DataConnector & { + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; + /** The subscription id to connect to, and get the data from. */ + subscriptionId?: string; +}; -/** Represents Anomaly Security ML Analytics Settings */ -export interface AnomalySecurityMLAnalyticsSettings - extends SecurityMLAnalyticsSetting { - /** The description of the SecurityMLAnalyticsSettings. */ - description?: string; - /** The display name for settings created by this SecurityMLAnalyticsSettings. */ - displayName?: string; - /** Determines whether this settings is enabled or disabled. */ - enabled?: boolean; - /** - * The last time that this SecurityMLAnalyticsSettings has been modified. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly lastModifiedUtc?: Date; - /** The required data sources for this SecurityMLAnalyticsSettings */ - requiredDataConnectors?: SecurityMLAnalyticsSettingsDataSource[]; - /** The tactics of the SecurityMLAnalyticsSettings */ - tactics?: AttackTactic[]; - /** The techniques of the SecurityMLAnalyticsSettings */ - techniques?: string[]; - /** The anomaly version of the AnomalySecurityMLAnalyticsSettings. */ - anomalyVersion?: string; - /** The customizable observations of the AnomalySecurityMLAnalyticsSettings. */ - customizableObservations?: Record; - /** The frequency that this SecurityMLAnalyticsSettings will be run. */ - frequency?: string; - /** The anomaly SecurityMLAnalyticsSettings status */ - settingsStatus?: SettingsStatus; - /** Determines whether this anomaly security ml analytics settings is a default settings */ - isDefaultSettings?: boolean; - /** The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. */ - anomalySettingsVersion?: number; - /** The anomaly settings definition Id */ - settingsDefinitionId?: string; -} +/** Represents Amazon Web Services CloudTrail data connector. */ +export type AwsCloudTrailDataConnector = DataConnector & { + /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */ + awsRoleArn?: string; + /** The available data types for the connector. */ + dataTypes?: AwsCloudTrailDataConnectorDataTypes; +}; -/** Settings with single toggle. */ -export interface Anomalies extends Settings { - /** - * Determines whether the setting is enable or disabled. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isEnabled?: boolean; -} +/** Represents MCAS (Microsoft Cloud App Security) data connector. */ +export type McasDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: McasDataConnectorDataTypes; +}; -/** Settings with single toggle. */ -export interface EyesOn extends Settings { - /** - * Determines whether the setting is enable or disabled. - * NOTE: This property will not be serialized. It can only be populated by the server. - */ - readonly isEnabled?: boolean; -} +/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */ +export type MdatpDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: AlertsDataTypeOfDataConnector; +}; -/** Settings with single toggle. */ -export interface EntityAnalytics extends Settings { - /** The relevant entity providers that are synced */ - entityProviders?: EntityProviders[]; -} +/** Represents threat intelligence data connector. */ +export type TIDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The lookback period for the feed to be imported. */ + tipLookbackPeriod?: Date; + /** The available data types for the connector. */ + dataTypes?: TIDataConnectorDataTypes; +}; -/** Settings with single toggle. */ -export interface Ueba extends Settings { - /** The relevant data sources that enriched by ueba */ - dataSources?: UebaDataSources[]; -} +/** Represents office data connector. */ +export type OfficeDataConnector = DataConnector & { + /** The tenant id to connect to, and get the data from. */ + tenantId?: string; + /** The available data types for the connector. */ + dataTypes?: OfficeDataConnectorDataTypes; +}; /** Threat intelligence indicator entity. */ -export interface ThreatIntelligenceIndicatorModel - extends ThreatIntelligenceInformation { +export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & { /** * A bag of custom fields that should be part of the entity and will be presented to the user. * NOTE: This property will not be serialized. It can only be populated by the server. @@ -6081,214 +3596,13 @@ export interface ThreatIntelligenceIndicatorModel modified?: string; /** Extensions map */ extensions?: { [propertyName: string]: any }; -} - -/** Represents AAD (Azure Active Directory) data connector. */ -export interface AADDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Represents Microsoft Threat Intelligence data connector. */ -export interface MstiDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: MstiDataConnectorDataTypes; -} - -/** Represents MTP (Microsoft Threat Protection) data connector. */ -export interface MTPDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: MTPDataConnectorDataTypes; -} - -/** Represents AATP (Azure Advanced Threat Protection) data connector. */ -export interface AatpDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Represents ASC (Azure Security Center) data connector. */ -export interface ASCDataConnector extends DataConnector { - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} - -/** Represents Amazon Web Services CloudTrail data connector. */ -export interface AwsCloudTrailDataConnector extends DataConnector { - /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */ - awsRoleArn?: string; - /** The available data types for the connector. */ - dataTypes?: AwsCloudTrailDataConnectorDataTypes; -} - -/** Represents Amazon Web Services S3 data connector. */ -export interface AwsS3DataConnector extends DataConnector { - /** The logs destination table name in LogAnalytics. */ - destinationTable?: string; - /** The AWS sqs urls for the connector. */ - sqsUrls?: string[]; - /** The Aws Role Arn that is used to access the Aws account. */ - roleArn?: string; - /** The available data types for the connector. */ - dataTypes?: AwsS3DataConnectorDataTypes; -} - -/** Represents MCAS (Microsoft Cloud App Security) data connector. */ -export interface McasDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: McasDataConnectorDataTypes; -} - -/** Represents Dynamics365 data connector. */ -export interface Dynamics365DataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: Dynamics365DataConnectorDataTypes; -} - -/** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */ -export interface OfficeATPDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Represents Office Microsoft Project data connector. */ -export interface Office365ProjectDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: Office365ProjectConnectorDataTypes; -} - -/** Represents Office Microsoft PowerBI data connector. */ -export interface OfficePowerBIDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: OfficePowerBIConnectorDataTypes; -} - -/** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ -export interface OfficeIRMDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */ -export interface MdatpDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; -} - -/** Represents office data connector. */ -export interface OfficeDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The available data types for the connector. */ - dataTypes?: OfficeDataConnectorDataTypes; -} - -/** Represents threat intelligence data connector. */ -export interface TIDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The lookback period for the feed to be imported. */ - tipLookbackPeriod?: Date; - /** The available data types for the connector. */ - dataTypes?: TIDataConnectorDataTypes; -} - -/** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */ -export interface TiTaxiiDataConnector extends DataConnector { - /** The tenant id to connect to, and get the data from. */ - tenantId?: string; - /** The workspace id. */ - workspaceId?: string; - /** The friendly name for the TAXII server. */ - friendlyName?: string; - /** The API root for the TAXII server. */ - taxiiServer?: string; - /** The collection id of the TAXII server. */ - collectionId?: string; - /** The userName for the TAXII server. */ - userName?: string; - /** The password for the TAXII server. */ - password?: string; - /** The lookback period for the TAXII server. */ - taxiiLookbackPeriod?: Date; - /** The polling frequency for the TAXII server. */ - pollingFrequency?: PollingFrequency; - /** The available data types for Threat Intelligence TAXII data connector. */ - dataTypes?: TiTaxiiDataConnectorDataTypes; -} - -/** Represents IoT data connector. */ -export interface IoTDataConnector extends DataConnector { - /** The available data types for the connector. */ - dataTypes?: AlertsDataTypeOfDataConnector; - /** The subscription id to connect to, and get the data from. */ - subscriptionId?: string; -} - -/** Represents Codeless UI data connector. */ -export interface CodelessUiDataConnector extends DataConnector { - /** Config to describe the instructions blade */ - connectorUiConfig?: CodelessUiConnectorConfigProperties; -} - -/** Represents Codeless API Polling data connector. */ -export interface CodelessApiPollingDataConnector extends DataConnector { - /** Config to describe the instructions blade */ - connectorUiConfig?: CodelessUiConnectorConfigProperties; - /** Config to describe the polling instructions */ - pollingConfig?: CodelessConnectorPollingConfigProperties; -} - -/** Defines headers for Watchlists_delete operation. */ -export interface WatchlistsDeleteHeaders { - /** Contains the status URL on which clients are expected to poll the status of the delete operation. */ - azureAsyncOperation?: string; -} - -/** Defines headers for Watchlists_createOrUpdate operation. */ -export interface WatchlistsCreateOrUpdateHeaders { - /** Contains the status URL on which clients are expected to poll the status of the operation. */ - azureAsyncOperation?: string; -} +}; /** Known values of {@link AlertRuleKind} that the service accepts. */ export enum KnownAlertRuleKind { - /** Scheduled */ Scheduled = "Scheduled", - /** MicrosoftSecurityIncidentCreation */ MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation", - /** Fusion */ - Fusion = "Fusion", - /** MLBehaviorAnalytics */ - MLBehaviorAnalytics = "MLBehaviorAnalytics", - /** ThreatIntelligence */ - ThreatIntelligence = "ThreatIntelligence", - /** NRT */ - NRT = "NRT" + Fusion = "Fusion" } /** @@ -6298,22 +3612,15 @@ export enum KnownAlertRuleKind { * ### Known values supported by the service * **Scheduled** \ * **MicrosoftSecurityIncidentCreation** \ - * **Fusion** \ - * **MLBehaviorAnalytics** \ - * **ThreatIntelligence** \ - * **NRT** + * **Fusion** */ export type AlertRuleKind = string; /** Known values of {@link CreatedByType} that the service accepts. */ export enum KnownCreatedByType { - /** User */ User = "User", - /** Application */ Application = "Application", - /** ManagedIdentity */ ManagedIdentity = "ManagedIdentity", - /** Key */ Key = "Key" } @@ -6332,9 +3639,7 @@ export type CreatedByType = string; /** Known values of {@link TriggersOn} that the service accepts. */ export enum KnownTriggersOn { /** Trigger on Incidents */ - Incidents = "Incidents", - /** Trigger on Alerts */ - Alerts = "Alerts" + Incidents = "Incidents" } /** @@ -6342,17 +3647,14 @@ export enum KnownTriggersOn { * {@link KnownTriggersOn} can be used interchangeably with TriggersOn, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Incidents**: Trigger on Incidents \ - * **Alerts**: Trigger on Alerts + * **Incidents**: Trigger on Incidents */ export type TriggersOn = string; /** Known values of {@link TriggersWhen} that the service accepts. */ export enum KnownTriggersWhen { /** Trigger on created objects */ - Created = "Created", - /** Trigger on updated objects */ - Updated = "Updated" + Created = "Created" } /** @@ -6360,19 +3662,14 @@ export enum KnownTriggersWhen { * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Created**: Trigger on created objects \ - * **Updated**: Trigger on updated objects + * **Created**: Trigger on created objects */ export type TriggersWhen = string; /** Known values of {@link ConditionType} that the service accepts. */ export enum KnownConditionType { /** Evaluate an object property value */ - Property = "Property", - /** Evaluate an object property changed value */ - PropertyChanged = "PropertyChanged", - /** Evaluate an object array property changed value */ - PropertyArrayChanged = "PropertyArrayChanged" + Property = "Property" } /** @@ -6380,9 +3677,7 @@ export enum KnownConditionType { * {@link KnownConditionType} can be used interchangeably with ConditionType, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Property**: Evaluate an object property value \ - * **PropertyChanged**: Evaluate an object property changed value \ - * **PropertyArrayChanged**: Evaluate an object array property changed value + * **Property**: Evaluate an object property value */ export type ConditionType = string; @@ -6402,295 +3697,105 @@ export enum KnownActionType { * **ModifyProperties**: Modify an object's properties \ * **RunPlaybook**: Run a playbook on an object */ -export type ActionType = string; - -/** Known values of {@link IncidentSeverity} that the service accepts. */ -export enum KnownIncidentSeverity { - /** High severity */ - High = "High", - /** Medium severity */ - Medium = "Medium", - /** Low severity */ - Low = "Low", - /** Informational severity */ - Informational = "Informational" -} - -/** - * Defines values for IncidentSeverity. \ - * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **High**: High severity \ - * **Medium**: Medium severity \ - * **Low**: Low severity \ - * **Informational**: Informational severity - */ -export type IncidentSeverity = string; - -/** Known values of {@link AttackTactic} that the service accepts. */ -export enum KnownAttackTactic { - /** Reconnaissance */ - Reconnaissance = "Reconnaissance", - /** ResourceDevelopment */ - ResourceDevelopment = "ResourceDevelopment", - /** InitialAccess */ - InitialAccess = "InitialAccess", - /** Execution */ - Execution = "Execution", - /** Persistence */ - Persistence = "Persistence", - /** PrivilegeEscalation */ - PrivilegeEscalation = "PrivilegeEscalation", - /** DefenseEvasion */ - DefenseEvasion = "DefenseEvasion", - /** CredentialAccess */ - CredentialAccess = "CredentialAccess", - /** Discovery */ - Discovery = "Discovery", - /** LateralMovement */ - LateralMovement = "LateralMovement", - /** Collection */ - Collection = "Collection", - /** Exfiltration */ - Exfiltration = "Exfiltration", - /** CommandAndControl */ - CommandAndControl = "CommandAndControl", - /** Impact */ - Impact = "Impact", - /** PreAttack */ - PreAttack = "PreAttack", - /** ImpairProcessControl */ - ImpairProcessControl = "ImpairProcessControl", - /** InhibitResponseFunction */ - InhibitResponseFunction = "InhibitResponseFunction" -} - -/** - * Defines values for AttackTactic. \ - * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Reconnaissance** \ - * **ResourceDevelopment** \ - * **InitialAccess** \ - * **Execution** \ - * **Persistence** \ - * **PrivilegeEscalation** \ - * **DefenseEvasion** \ - * **CredentialAccess** \ - * **Discovery** \ - * **LateralMovement** \ - * **Collection** \ - * **Exfiltration** \ - * **CommandAndControl** \ - * **Impact** \ - * **PreAttack** \ - * **ImpairProcessControl** \ - * **InhibitResponseFunction** - */ -export type AttackTactic = string; - -/** Known values of {@link EntityKind} that the service accepts. */ -export enum KnownEntityKind { - /** Entity represents account in the system. */ - Account = "Account", - /** Entity represents host in the system. */ - Host = "Host", - /** Entity represents file in the system. */ - File = "File", - /** Entity represents azure resource in the system. */ - AzureResource = "AzureResource", - /** Entity represents cloud application in the system. */ - CloudApplication = "CloudApplication", - /** Entity represents dns resolution in the system. */ - DnsResolution = "DnsResolution", - /** Entity represents file hash in the system. */ - FileHash = "FileHash", - /** Entity represents ip in the system. */ - Ip = "Ip", - /** Entity represents malware in the system. */ - Malware = "Malware", - /** Entity represents process in the system. */ - Process = "Process", - /** Entity represents registry key in the system. */ - RegistryKey = "RegistryKey", - /** Entity represents registry value in the system. */ - RegistryValue = "RegistryValue", - /** Entity represents security group in the system. */ - SecurityGroup = "SecurityGroup", - /** Entity represents url in the system. */ - Url = "Url", - /** Entity represents IoT device in the system. */ - IoTDevice = "IoTDevice", - /** Entity represents security alert in the system. */ - SecurityAlert = "SecurityAlert", - /** Entity represents bookmark in the system. */ - Bookmark = "Bookmark", - /** Entity represents mail cluster in the system. */ - MailCluster = "MailCluster", - /** Entity represents mail message in the system. */ - MailMessage = "MailMessage", - /** Entity represents mailbox in the system. */ - Mailbox = "Mailbox", - /** Entity represents submission mail in the system. */ - SubmissionMail = "SubmissionMail", - /** Entity represents network interface in the system. */ - Nic = "Nic" -} - -/** - * Defines values for EntityKind. \ - * {@link KnownEntityKind} can be used interchangeably with EntityKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Account**: Entity represents account in the system. \ - * **Host**: Entity represents host in the system. \ - * **File**: Entity represents file in the system. \ - * **AzureResource**: Entity represents azure resource in the system. \ - * **CloudApplication**: Entity represents cloud application in the system. \ - * **DnsResolution**: Entity represents dns resolution in the system. \ - * **FileHash**: Entity represents file hash in the system. \ - * **Ip**: Entity represents ip in the system. \ - * **Malware**: Entity represents malware in the system. \ - * **Process**: Entity represents process in the system. \ - * **RegistryKey**: Entity represents registry key in the system. \ - * **RegistryValue**: Entity represents registry value in the system. \ - * **SecurityGroup**: Entity represents security group in the system. \ - * **Url**: Entity represents url in the system. \ - * **IoTDevice**: Entity represents IoT device in the system. \ - * **SecurityAlert**: Entity represents security alert in the system. \ - * **Bookmark**: Entity represents bookmark in the system. \ - * **MailCluster**: Entity represents mail cluster in the system. \ - * **MailMessage**: Entity represents mail message in the system. \ - * **Mailbox**: Entity represents mailbox in the system. \ - * **SubmissionMail**: Entity represents submission mail in the system. \ - * **Nic**: Entity represents network interface in the system. - */ -export type EntityKind = string; - -/** Known values of {@link EntityTimelineKind} that the service accepts. */ -export enum KnownEntityTimelineKind { - /** activity */ - Activity = "Activity", - /** bookmarks */ - Bookmark = "Bookmark", - /** security alerts */ - SecurityAlert = "SecurityAlert", - /** anomaly */ - Anomaly = "Anomaly" -} - -/** - * Defines values for EntityTimelineKind. \ - * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Activity**: activity \ - * **Bookmark**: bookmarks \ - * **SecurityAlert**: security alerts \ - * **Anomaly**: anomaly - */ -export type EntityTimelineKind = string; - -/** Known values of {@link EntityItemQueryKind} that the service accepts. */ -export enum KnownEntityItemQueryKind { - /** insight */ - Insight = "Insight" -} - -/** - * Defines values for EntityItemQueryKind. \ - * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Insight**: insight - */ -export type EntityItemQueryKind = string; - -/** Known values of {@link EntityQueryKind} that the service accepts. */ -export enum KnownEntityQueryKind { - /** Expansion */ - Expansion = "Expansion", - /** Insight */ - Insight = "Insight", - /** Activity */ - Activity = "Activity" -} - -/** - * Defines values for EntityQueryKind. \ - * {@link KnownEntityQueryKind} can be used interchangeably with EntityQueryKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Expansion** \ - * **Insight** \ - * **Activity** - */ -export type EntityQueryKind = string; - -/** Known values of {@link GetInsightsError} that the service accepts. */ -export enum KnownGetInsightsError { - /** Insight */ - Insight = "Insight" -} - -/** - * Defines values for GetInsightsError. \ - * {@link KnownGetInsightsError} can be used interchangeably with GetInsightsError, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Insight** - */ -export type GetInsightsError = string; - -/** Known values of {@link Enum13} that the service accepts. */ -export enum KnownEnum13 { - /** Expansion */ - Expansion = "Expansion", - /** Activity */ - Activity = "Activity" +export type ActionType = string; + +/** Known values of {@link IncidentSeverity} that the service accepts. */ +export enum KnownIncidentSeverity { + /** High severity */ + High = "High", + /** Medium severity */ + Medium = "Medium", + /** Low severity */ + Low = "Low", + /** Informational severity */ + Informational = "Informational" } /** - * Defines values for Enum13. \ - * {@link KnownEnum13} can be used interchangeably with Enum13, + * Defines values for IncidentSeverity. \ + * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Expansion** \ - * **Activity** + * **High**: High severity \ + * **Medium**: Medium severity \ + * **Low**: Low severity \ + * **Informational**: Informational severity */ -export type Enum13 = string; +export type IncidentSeverity = string; -/** Known values of {@link CustomEntityQueryKind} that the service accepts. */ -export enum KnownCustomEntityQueryKind { - /** Activity */ - Activity = "Activity" +/** Known values of {@link DataConnectorKind} that the service accepts. */ +export enum KnownDataConnectorKind { + AzureActiveDirectory = "AzureActiveDirectory", + AzureSecurityCenter = "AzureSecurityCenter", + MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", + ThreatIntelligence = "ThreatIntelligence", + Office365 = "Office365", + AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", + AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", + MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection" } /** - * Defines values for CustomEntityQueryKind. \ - * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind, + * Defines values for DataConnectorKind. \ + * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Activity** + * **AzureActiveDirectory** \ + * **AzureSecurityCenter** \ + * **MicrosoftCloudAppSecurity** \ + * **ThreatIntelligence** \ + * **Office365** \ + * **AmazonWebServicesCloudTrail** \ + * **AzureAdvancedThreatProtection** \ + * **MicrosoftDefenderAdvancedThreatProtection** */ -export type CustomEntityQueryKind = string; +export type DataConnectorKind = string; -/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */ -export enum KnownEntityQueryTemplateKind { - /** Activity */ - Activity = "Activity" +/** Known values of {@link AttackTactic} that the service accepts. */ +export enum KnownAttackTactic { + Reconnaissance = "Reconnaissance", + ResourceDevelopment = "ResourceDevelopment", + InitialAccess = "InitialAccess", + Execution = "Execution", + Persistence = "Persistence", + PrivilegeEscalation = "PrivilegeEscalation", + DefenseEvasion = "DefenseEvasion", + CredentialAccess = "CredentialAccess", + Discovery = "Discovery", + LateralMovement = "LateralMovement", + Collection = "Collection", + Exfiltration = "Exfiltration", + CommandAndControl = "CommandAndControl", + Impact = "Impact", + PreAttack = "PreAttack", + ImpairProcessControl = "ImpairProcessControl", + InhibitResponseFunction = "InhibitResponseFunction" } /** - * Defines values for EntityQueryTemplateKind. \ - * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind, + * Defines values for AttackTactic. \ + * {@link KnownAttackTactic} can be used interchangeably with AttackTactic, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Activity** + * **Reconnaissance** \ + * **ResourceDevelopment** \ + * **InitialAccess** \ + * **Execution** \ + * **Persistence** \ + * **PrivilegeEscalation** \ + * **DefenseEvasion** \ + * **CredentialAccess** \ + * **Discovery** \ + * **LateralMovement** \ + * **Collection** \ + * **Exfiltration** \ + * **CommandAndControl** \ + * **Impact** \ + * **PreAttack** \ + * **ImpairProcessControl** \ + * **InhibitResponseFunction** */ -export type EntityQueryTemplateKind = string; +export type AttackTactic = string; /** Known values of {@link IncidentClassification} that the service accepts. */ export enum KnownIncidentClassification { @@ -6950,476 +4055,129 @@ export enum KnownAlertStatus { */ export type AlertStatus = string; -/** Known values of {@link Kind} that the service accepts. */ -export enum KnownKind { - /** DataConnector */ - DataConnector = "DataConnector", - /** DataType */ - DataType = "DataType", - /** Workbook */ - Workbook = "Workbook", - /** WorkbookTemplate */ - WorkbookTemplate = "WorkbookTemplate", - /** Playbook */ - Playbook = "Playbook", - /** PlaybookTemplate */ - PlaybookTemplate = "PlaybookTemplate", - /** AnalyticsRuleTemplate */ - AnalyticsRuleTemplate = "AnalyticsRuleTemplate", - /** AnalyticsRule */ - AnalyticsRule = "AnalyticsRule", - /** HuntingQuery */ - HuntingQuery = "HuntingQuery", - /** InvestigationQuery */ - InvestigationQuery = "InvestigationQuery", - /** Parser */ - Parser = "Parser", - /** Watchlist */ - Watchlist = "Watchlist", - /** WatchlistTemplate */ - WatchlistTemplate = "WatchlistTemplate", - /** Solution */ - Solution = "Solution", - /** AzureFunction */ - AzureFunction = "AzureFunction", - /** LogicAppsCustomConnector */ - LogicAppsCustomConnector = "LogicAppsCustomConnector", - /** AutomationRule */ - AutomationRule = "AutomationRule" -} - -/** - * Defines values for Kind. \ - * {@link KnownKind} can be used interchangeably with Kind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **DataConnector** \ - * **DataType** \ - * **Workbook** \ - * **WorkbookTemplate** \ - * **Playbook** \ - * **PlaybookTemplate** \ - * **AnalyticsRuleTemplate** \ - * **AnalyticsRule** \ - * **HuntingQuery** \ - * **InvestigationQuery** \ - * **Parser** \ - * **Watchlist** \ - * **WatchlistTemplate** \ - * **Solution** \ - * **AzureFunction** \ - * **LogicAppsCustomConnector** \ - * **AutomationRule** - */ -export type Kind = string; - -/** Known values of {@link SourceKind} that the service accepts. */ -export enum KnownSourceKind { - /** LocalWorkspace */ - LocalWorkspace = "LocalWorkspace", - /** Community */ - Community = "Community", - /** Solution */ - Solution = "Solution", - /** SourceRepository */ - SourceRepository = "SourceRepository" -} - -/** - * Defines values for SourceKind. \ - * {@link KnownSourceKind} can be used interchangeably with SourceKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **LocalWorkspace** \ - * **Community** \ - * **Solution** \ - * **SourceRepository** - */ -export type SourceKind = string; - -/** Known values of {@link SupportTier} that the service accepts. */ -export enum KnownSupportTier { - /** Microsoft */ - Microsoft = "Microsoft", - /** Partner */ - Partner = "Partner", - /** Community */ - Community = "Community" -} - -/** - * Defines values for SupportTier. \ - * {@link KnownSupportTier} can be used interchangeably with SupportTier, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft** \ - * **Partner** \ - * **Community** - */ -export type SupportTier = string; - -/** Known values of {@link Operator} that the service accepts. */ -export enum KnownOperator { - /** AND */ - AND = "AND", - /** OR */ - OR = "OR" -} - -/** - * Defines values for Operator. \ - * {@link KnownOperator} can be used interchangeably with Operator, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AND** \ - * **OR** - */ -export type Operator = string; - -/** Known values of {@link SecurityMLAnalyticsSettingsKind} that the service accepts. */ -export enum KnownSecurityMLAnalyticsSettingsKind { - /** Anomaly */ - Anomaly = "Anomaly" -} - -/** - * Defines values for SecurityMLAnalyticsSettingsKind. \ - * {@link KnownSecurityMLAnalyticsSettingsKind} can be used interchangeably with SecurityMLAnalyticsSettingsKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Anomaly** - */ -export type SecurityMLAnalyticsSettingsKind = string; - -/** Known values of {@link SettingKind} that the service accepts. */ -export enum KnownSettingKind { - /** Anomalies */ - Anomalies = "Anomalies", - /** EyesOn */ - EyesOn = "EyesOn", - /** EntityAnalytics */ - EntityAnalytics = "EntityAnalytics", - /** Ueba */ - Ueba = "Ueba" -} - -/** - * Defines values for SettingKind. \ - * {@link KnownSettingKind} can be used interchangeably with SettingKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Anomalies** \ - * **EyesOn** \ - * **EntityAnalytics** \ - * **Ueba** - */ -export type SettingKind = string; - -/** Known values of {@link RepoType} that the service accepts. */ -export enum KnownRepoType { - /** Github */ - Github = "Github", - /** DevOps */ - DevOps = "DevOps" -} - -/** - * Defines values for RepoType. \ - * {@link KnownRepoType} can be used interchangeably with RepoType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Github** \ - * **DevOps** - */ -export type RepoType = string; - -/** Known values of {@link Version} that the service accepts. */ -export enum KnownVersion { - /** V1 */ - V1 = "V1", - /** V2 */ - V2 = "V2" -} - -/** - * Defines values for Version. \ - * {@link KnownVersion} can be used interchangeably with Version, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **V1** \ - * **V2** - */ -export type Version = string; - -/** Known values of {@link ContentType} that the service accepts. */ -export enum KnownContentType { - /** AnalyticRule */ - AnalyticRule = "AnalyticRule", - /** Workbook */ - Workbook = "Workbook" -} - -/** - * Defines values for ContentType. \ - * {@link KnownContentType} can be used interchangeably with ContentType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AnalyticRule** \ - * **Workbook** - */ -export type ContentType = string; - -/** Known values of {@link DeploymentFetchStatus} that the service accepts. */ -export enum KnownDeploymentFetchStatus { - /** Success */ - Success = "Success", - /** Unauthorized */ - Unauthorized = "Unauthorized", - /** NotFound */ - NotFound = "NotFound" -} - -/** - * Defines values for DeploymentFetchStatus. \ - * {@link KnownDeploymentFetchStatus} can be used interchangeably with DeploymentFetchStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Success** \ - * **Unauthorized** \ - * **NotFound** - */ -export type DeploymentFetchStatus = string; - -/** Known values of {@link DeploymentState} that the service accepts. */ -export enum KnownDeploymentState { - /** InProgress */ - InProgress = "In_Progress", - /** Completed */ - Completed = "Completed", - /** Queued */ - Queued = "Queued", - /** Canceling */ - Canceling = "Canceling" -} - -/** - * Defines values for DeploymentState. \ - * {@link KnownDeploymentState} can be used interchangeably with DeploymentState, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **In_Progress** \ - * **Completed** \ - * **Queued** \ - * **Canceling** - */ -export type DeploymentState = string; - -/** Known values of {@link DeploymentResult} that the service accepts. */ -export enum KnownDeploymentResult { - /** Success */ - Success = "Success", - /** Canceled */ - Canceled = "Canceled", - /** Failed */ - Failed = "Failed" +/** Known values of {@link EntityKindEnum} that the service accepts. */ +export enum KnownEntityKindEnum { + /** Entity represents account in the system. */ + Account = "Account", + /** Entity represents host in the system. */ + Host = "Host", + /** Entity represents file in the system. */ + File = "File", + /** Entity represents azure resource in the system. */ + AzureResource = "AzureResource", + /** Entity represents cloud application in the system. */ + CloudApplication = "CloudApplication", + /** Entity represents dns resolution in the system. */ + DnsResolution = "DnsResolution", + /** Entity represents file hash in the system. */ + FileHash = "FileHash", + /** Entity represents ip in the system. */ + Ip = "Ip", + /** Entity represents malware in the system. */ + Malware = "Malware", + /** Entity represents process in the system. */ + Process = "Process", + /** Entity represents registry key in the system. */ + RegistryKey = "RegistryKey", + /** Entity represents registry value in the system. */ + RegistryValue = "RegistryValue", + /** Entity represents security group in the system. */ + SecurityGroup = "SecurityGroup", + /** Entity represents url in the system. */ + Url = "Url", + /** Entity represents IoT device in the system. */ + IoTDevice = "IoTDevice", + /** Entity represents security alert in the system. */ + SecurityAlert = "SecurityAlert", + /** Entity represents bookmark in the system. */ + Bookmark = "Bookmark", + /** Entity represents mail cluster in the system. */ + MailCluster = "MailCluster", + /** Entity represents mail message in the system. */ + MailMessage = "MailMessage", + /** Entity represents mailbox in the system. */ + Mailbox = "Mailbox", + /** Entity represents submission mail in the system. */ + SubmissionMail = "SubmissionMail" } /** - * Defines values for DeploymentResult. \ - * {@link KnownDeploymentResult} can be used interchangeably with DeploymentResult, + * Defines values for EntityKindEnum. \ + * {@link KnownEntityKindEnum} can be used interchangeably with EntityKindEnum, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Success** \ - * **Canceled** \ - * **Failed** + * **Account**: Entity represents account in the system. \ + * **Host**: Entity represents host in the system. \ + * **File**: Entity represents file in the system. \ + * **AzureResource**: Entity represents azure resource in the system. \ + * **CloudApplication**: Entity represents cloud application in the system. \ + * **DnsResolution**: Entity represents dns resolution in the system. \ + * **FileHash**: Entity represents file hash in the system. \ + * **Ip**: Entity represents ip in the system. \ + * **Malware**: Entity represents malware in the system. \ + * **Process**: Entity represents process in the system. \ + * **RegistryKey**: Entity represents registry key in the system. \ + * **RegistryValue**: Entity represents registry value in the system. \ + * **SecurityGroup**: Entity represents security group in the system. \ + * **Url**: Entity represents url in the system. \ + * **IoTDevice**: Entity represents IoT device in the system. \ + * **SecurityAlert**: Entity represents security alert in the system. \ + * **Bookmark**: Entity represents bookmark in the system. \ + * **MailCluster**: Entity represents mail cluster in the system. \ + * **MailMessage**: Entity represents mail message in the system. \ + * **Mailbox**: Entity represents mailbox in the system. \ + * **SubmissionMail**: Entity represents submission mail in the system. */ -export type DeploymentResult = string; +export type EntityKindEnum = string; -/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */ -export enum KnownThreatIntelligenceResourceKindEnum { +/** Known values of {@link ThreatIntelligenceResourceInnerKind} that the service accepts. */ +export enum KnownThreatIntelligenceResourceInnerKind { /** Entity represents threat intelligence indicator in the system. */ Indicator = "indicator" } /** - * Defines values for ThreatIntelligenceResourceKindEnum. \ - * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum, + * Defines values for ThreatIntelligenceResourceInnerKind. \ + * {@link KnownThreatIntelligenceResourceInnerKind} can be used interchangeably with ThreatIntelligenceResourceInnerKind, * this enum contains the known values that the service supports. * ### Known values supported by the service * **indicator**: Entity represents threat intelligence indicator in the system. */ -export type ThreatIntelligenceResourceKindEnum = string; +export type ThreatIntelligenceResourceInnerKind = string; -/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */ -export enum KnownThreatIntelligenceSortingCriteriaEnum { - /** Unsorted */ +/** Known values of {@link ThreatIntelligenceSortingOrder} that the service accepts. */ +export enum KnownThreatIntelligenceSortingOrder { Unsorted = "unsorted", - /** Ascending */ Ascending = "ascending", - /** Descending */ Descending = "descending" } /** - * Defines values for ThreatIntelligenceSortingCriteriaEnum. \ - * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum, + * Defines values for ThreatIntelligenceSortingOrder. \ + * {@link KnownThreatIntelligenceSortingOrder} can be used interchangeably with ThreatIntelligenceSortingOrder, * this enum contains the known values that the service supports. * ### Known values supported by the service * **unsorted** \ * **ascending** \ * **descending** */ -export type ThreatIntelligenceSortingCriteriaEnum = string; - -/** Known values of {@link SourceType} that the service accepts. */ -export enum KnownSourceType { - /** LocalFile */ - LocalFile = "Local file", - /** RemoteStorage */ - RemoteStorage = "Remote storage" -} - -/** - * Defines values for SourceType. \ - * {@link KnownSourceType} can be used interchangeably with SourceType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Local file** \ - * **Remote storage** - */ -export type SourceType = string; - -/** Known values of {@link DataConnectorKind} that the service accepts. */ -export enum KnownDataConnectorKind { - /** AzureActiveDirectory */ - AzureActiveDirectory = "AzureActiveDirectory", - /** AzureSecurityCenter */ - AzureSecurityCenter = "AzureSecurityCenter", - /** MicrosoftCloudAppSecurity */ - MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity", - /** ThreatIntelligence */ - ThreatIntelligence = "ThreatIntelligence", - /** ThreatIntelligenceTaxii */ - ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii", - /** Office365 */ - Office365 = "Office365", - /** OfficeATP */ - OfficeATP = "OfficeATP", - /** OfficeIRM */ - OfficeIRM = "OfficeIRM", - /** Office365Project */ - Office365Project = "Office365Project", - /** OfficePowerBI */ - OfficePowerBI = "OfficePowerBI", - /** AmazonWebServicesCloudTrail */ - AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail", - /** AmazonWebServicesS3 */ - AmazonWebServicesS3 = "AmazonWebServicesS3", - /** AzureAdvancedThreatProtection */ - AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection", - /** MicrosoftDefenderAdvancedThreatProtection */ - MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection", - /** Dynamics365 */ - Dynamics365 = "Dynamics365", - /** MicrosoftThreatProtection */ - MicrosoftThreatProtection = "MicrosoftThreatProtection", - /** MicrosoftThreatIntelligence */ - MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence", - /** GenericUI */ - GenericUI = "GenericUI", - /** APIPolling */ - APIPolling = "APIPolling", - /** IOT */ - IOT = "IOT" -} - -/** - * Defines values for DataConnectorKind. \ - * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AzureActiveDirectory** \ - * **AzureSecurityCenter** \ - * **MicrosoftCloudAppSecurity** \ - * **ThreatIntelligence** \ - * **ThreatIntelligenceTaxii** \ - * **Office365** \ - * **OfficeATP** \ - * **OfficeIRM** \ - * **Office365Project** \ - * **OfficePowerBI** \ - * **AmazonWebServicesCloudTrail** \ - * **AmazonWebServicesS3** \ - * **AzureAdvancedThreatProtection** \ - * **MicrosoftDefenderAdvancedThreatProtection** \ - * **Dynamics365** \ - * **MicrosoftThreatProtection** \ - * **MicrosoftThreatIntelligence** \ - * **GenericUI** \ - * **APIPolling** \ - * **IOT** - */ -export type DataConnectorKind = string; - -/** Known values of {@link ConnectAuthKind} that the service accepts. */ -export enum KnownConnectAuthKind { - /** Basic */ - Basic = "Basic", - /** OAuth2 */ - OAuth2 = "OAuth2", - /** APIKey */ - APIKey = "APIKey" -} - -/** - * Defines values for ConnectAuthKind. \ - * {@link KnownConnectAuthKind} can be used interchangeably with ConnectAuthKind, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Basic** \ - * **OAuth2** \ - * **APIKey** - */ -export type ConnectAuthKind = string; - -/** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */ -export enum KnownDataConnectorAuthorizationState { - /** Valid */ - Valid = "Valid", - /** Invalid */ - Invalid = "Invalid" -} - -/** - * Defines values for DataConnectorAuthorizationState. \ - * {@link KnownDataConnectorAuthorizationState} can be used interchangeably with DataConnectorAuthorizationState, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Valid** \ - * **Invalid** - */ -export type DataConnectorAuthorizationState = string; - -/** Known values of {@link DataConnectorLicenseState} that the service accepts. */ -export enum KnownDataConnectorLicenseState { - /** Valid */ - Valid = "Valid", - /** Invalid */ - Invalid = "Invalid", - /** Unknown */ - Unknown = "Unknown" +export type ThreatIntelligenceSortingOrder = string; + +/** Known values of {@link Source} that the service accepts. */ +export enum KnownSource { + LocalFile = "Local file", + RemoteStorage = "Remote storage" } /** - * Defines values for DataConnectorLicenseState. \ - * {@link KnownDataConnectorLicenseState} can be used interchangeably with DataConnectorLicenseState, + * Defines values for Source. \ + * {@link KnownSource} can be used interchangeably with Source, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **Valid** \ - * **Invalid** \ - * **Unknown** + * **Local file** \ + * **Remote storage** */ -export type DataConnectorLicenseState = string; +export type Source = string; /** Known values of {@link TemplateStatus} that the service accepts. */ export enum KnownTemplateStatus { @@ -7442,6 +4200,49 @@ export enum KnownTemplateStatus { */ export type TemplateStatus = string; +/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */ +export enum KnownMicrosoftSecurityProductName { + MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", + AzureSecurityCenter = "Azure Security Center", + AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", + AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", + AzureSecurityCenterForIoT = "Azure Security Center for IoT" +} + +/** + * Defines values for MicrosoftSecurityProductName. \ + * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **Microsoft Cloud App Security** \ + * **Azure Security Center** \ + * **Azure Advanced Threat Protection** \ + * **Azure Active Directory Identity Protection** \ + * **Azure Security Center for IoT** + */ +export type MicrosoftSecurityProductName = string; + +/** Known values of {@link MatchingMethod} that the service accepts. */ +export enum KnownMatchingMethod { + /** Grouping alerts into a single incident if all the entities match */ + AllEntities = "AllEntities", + /** Grouping any alerts triggered by this rule into a single incident */ + AnyAlert = "AnyAlert", + /** Grouping alerts into a single incident if the selected entities, custom details and alert details match */ + Selected = "Selected" +} + +/** + * Defines values for MatchingMethod. \ + * {@link KnownMatchingMethod} can be used interchangeably with MatchingMethod, + * this enum contains the known values that the service supports. + * ### Known values supported by the service + * **AllEntities**: Grouping alerts into a single incident if all the entities match \ + * **AnyAlert**: Grouping any alerts triggered by this rule into a single incident \ + * **Selected**: Grouping alerts into a single incident if the selected entities, custom details and alert details match + */ +export type MatchingMethod = string; + /** Known values of {@link EntityMappingType} that the service accepts. */ export enum KnownEntityMappingType { /** User account entity type */ @@ -7508,60 +4309,6 @@ export enum KnownEntityMappingType { */ export type EntityMappingType = string; -/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */ -export enum KnownMicrosoftSecurityProductName { - /** MicrosoftCloudAppSecurity */ - MicrosoftCloudAppSecurity = "Microsoft Cloud App Security", - /** AzureSecurityCenter */ - AzureSecurityCenter = "Azure Security Center", - /** AzureAdvancedThreatProtection */ - AzureAdvancedThreatProtection = "Azure Advanced Threat Protection", - /** AzureActiveDirectoryIdentityProtection */ - AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection", - /** AzureSecurityCenterForIoT */ - AzureSecurityCenterForIoT = "Azure Security Center for IoT", - /** Office365AdvancedThreatProtection */ - Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection", - /** MicrosoftDefenderAdvancedThreatProtection */ - MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection" -} - -/** - * Defines values for MicrosoftSecurityProductName. \ - * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft Cloud App Security** \ - * **Azure Security Center** \ - * **Azure Advanced Threat Protection** \ - * **Azure Active Directory Identity Protection** \ - * **Azure Security Center for IoT** \ - * **Office 365 Advanced Threat Protection** \ - * **Microsoft Defender Advanced Threat Protection** - */ -export type MicrosoftSecurityProductName = string; - -/** Known values of {@link MatchingMethod} that the service accepts. */ -export enum KnownMatchingMethod { - /** Grouping alerts into a single incident if all the entities match */ - AllEntities = "AllEntities", - /** Grouping any alerts triggered by this rule into a single incident */ - AnyAlert = "AnyAlert", - /** Grouping alerts into a single incident if the selected entities, custom details and alert details match */ - Selected = "Selected" -} - -/** - * Defines values for MatchingMethod. \ - * {@link KnownMatchingMethod} can be used interchangeably with MatchingMethod, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **AllEntities**: Grouping alerts into a single incident if all the entities match \ - * **AnyAlert**: Grouping any alerts triggered by this rule into a single incident \ - * **Selected**: Grouping alerts into a single incident if the selected entities, custom details and alert details match - */ -export type MatchingMethod = string; - /** Known values of {@link AlertDetail} that the service accepts. */ export enum KnownAlertDetail { /** Alert display name */ @@ -7582,9 +4329,7 @@ export type AlertDetail = string; /** Known values of {@link EventGroupingAggregationKind} that the service accepts. */ export enum KnownEventGroupingAggregationKind { - /** SingleAlert */ SingleAlert = "SingleAlert", - /** AlertPerResult */ AlertPerResult = "AlertPerResult" } @@ -7598,120 +4343,6 @@ export enum KnownEventGroupingAggregationKind { */ export type EventGroupingAggregationKind = string; -/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedArrayType} that the service accepts. */ -export enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType { - /** Evaluate the condition on the alerts */ - Alerts = "Alerts", - /** Evaluate the condition on the labels */ - Labels = "Labels", - /** Evaluate the condition on the tactics */ - Tactics = "Tactics", - /** Evaluate the condition on the comments */ - Comments = "Comments" -} - -/** - * Defines values for AutomationRulePropertyArrayChangedConditionSupportedArrayType. \ - * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedArrayType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Alerts**: Evaluate the condition on the alerts \ - * **Labels**: Evaluate the condition on the labels \ - * **Tactics**: Evaluate the condition on the tactics \ - * **Comments**: Evaluate the condition on the comments - */ -export type AutomationRulePropertyArrayChangedConditionSupportedArrayType = string; - -/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedChangeType} that the service accepts. */ -export enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType { - /** Evaluate the condition on items added to the array */ - Added = "Added" -} - -/** - * Defines values for AutomationRulePropertyArrayChangedConditionSupportedChangeType. \ - * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedChangeType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Added**: Evaluate the condition on items added to the array - */ -export type AutomationRulePropertyArrayChangedConditionSupportedChangeType = string; - -/** Known values of {@link AutomationRulePropertyChangedConditionSupportedPropertyType} that the service accepts. */ -export enum KnownAutomationRulePropertyChangedConditionSupportedPropertyType { - /** Evaluate the condition on the incident severity */ - IncidentSeverity = "IncidentSeverity", - /** Evaluate the condition on the incident status */ - IncidentStatus = "IncidentStatus", - /** Evaluate the condition on the incident owner */ - IncidentOwner = "IncidentOwner" -} - -/** - * Defines values for AutomationRulePropertyChangedConditionSupportedPropertyType. \ - * {@link KnownAutomationRulePropertyChangedConditionSupportedPropertyType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedPropertyType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **IncidentSeverity**: Evaluate the condition on the incident severity \ - * **IncidentStatus**: Evaluate the condition on the incident status \ - * **IncidentOwner**: Evaluate the condition on the incident owner - */ -export type AutomationRulePropertyChangedConditionSupportedPropertyType = string; - -/** Known values of {@link AutomationRulePropertyChangedConditionSupportedChangedType} that the service accepts. */ -export enum KnownAutomationRulePropertyChangedConditionSupportedChangedType { - /** Evaluate the condition on the previous value of the property */ - ChangedFrom = "ChangedFrom", - /** Evaluate the condition on the updated value of the property */ - ChangedTo = "ChangedTo" -} - -/** - * Defines values for AutomationRulePropertyChangedConditionSupportedChangedType. \ - * {@link KnownAutomationRulePropertyChangedConditionSupportedChangedType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedChangedType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **ChangedFrom**: Evaluate the condition on the previous value of the property \ - * **ChangedTo**: Evaluate the condition on the updated value of the property - */ -export type AutomationRulePropertyChangedConditionSupportedChangedType = string; - -/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */ -export enum KnownAutomationRulePropertyConditionSupportedOperator { - /** Evaluates if the property equals at least one of the condition values */ - Equals = "Equals", - /** Evaluates if the property does not equal any of the condition values */ - NotEquals = "NotEquals", - /** Evaluates if the property contains at least one of the condition values */ - Contains = "Contains", - /** Evaluates if the property does not contain any of the condition values */ - NotContains = "NotContains", - /** Evaluates if the property starts with any of the condition values */ - StartsWith = "StartsWith", - /** Evaluates if the property does not start with any of the condition values */ - NotStartsWith = "NotStartsWith", - /** Evaluates if the property ends with any of the condition values */ - EndsWith = "EndsWith", - /** Evaluates if the property does not end with any of the condition values */ - NotEndsWith = "NotEndsWith" -} - -/** - * Defines values for AutomationRulePropertyConditionSupportedOperator. \ - * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Equals**: Evaluates if the property equals at least one of the condition values \ - * **NotEquals**: Evaluates if the property does not equal any of the condition values \ - * **Contains**: Evaluates if the property contains at least one of the condition values \ - * **NotContains**: Evaluates if the property does not contain any of the condition values \ - * **StartsWith**: Evaluates if the property starts with any of the condition values \ - * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \ - * **EndsWith**: Evaluates if the property ends with any of the condition values \ - * **NotEndsWith**: Evaluates if the property does not end with any of the condition values - */ -export type AutomationRulePropertyConditionSupportedOperator = string; - /** Known values of {@link AutomationRulePropertyConditionSupportedProperty} that the service accepts. */ export enum KnownAutomationRulePropertyConditionSupportedProperty { /** The title of the incident */ @@ -7748,8 +4379,6 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { AccountUPNSuffix = "AccountUPNSuffix", /** The name of the product of the alert */ AlertProductNames = "AlertProductNames", - /** The analytic rule ids of the alert */ - AlertAnalyticRuleIds = "AlertAnalyticRuleIds", /** The Azure resource id */ AzureResourceResourceId = "AzureResourceResourceId", /** The Azure resource subscription id */ @@ -7848,7 +4477,6 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **AccountObjectGuid**: The account unique identifier \ * **AccountUPNSuffix**: The account user principal name suffix \ * **AlertProductNames**: The name of the product of the alert \ - * **AlertAnalyticRuleIds**: The analytic rule ids of the alert \ * **AzureResourceResourceId**: The Azure resource id \ * **AzureResourceSubscriptionId**: The Azure resource subscription id \ * **CloudApplicationAppId**: The cloud application identifier \ @@ -7859,203 +4487,75 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty { * **FileHashValue**: The file hash value \ * **HostAzureID**: The host Azure resource id \ * **HostName**: The host name without domain \ - * **HostNetBiosName**: The host NetBIOS name \ - * **HostNTDomain**: The host NT domain \ - * **HostOSVersion**: The host operating system \ - * **IoTDeviceId**: "The IoT device id \ - * **IoTDeviceName**: The IoT device name \ - * **IoTDeviceType**: The IoT device type \ - * **IoTDeviceVendor**: The IoT device vendor \ - * **IoTDeviceModel**: The IoT device model \ - * **IoTDeviceOperatingSystem**: The IoT device operating system \ - * **IPAddress**: The IP address \ - * **MailboxDisplayName**: The mailbox display name \ - * **MailboxPrimaryAddress**: The mailbox primary address \ - * **MailboxUPN**: The mailbox user principal name \ - * **MailMessageDeliveryAction**: The mail message delivery action \ - * **MailMessageDeliveryLocation**: The mail message delivery location \ - * **MailMessageRecipient**: The mail message recipient \ - * **MailMessageSenderIP**: The mail message sender IP address \ - * **MailMessageSubject**: The mail message subject \ - * **MailMessageP1Sender**: The mail message P1 sender \ - * **MailMessageP2Sender**: The mail message P2 sender \ - * **MalwareCategory**: The malware category \ - * **MalwareName**: The malware name \ - * **ProcessCommandLine**: The process execution command line \ - * **ProcessId**: The process id \ - * **RegistryKey**: The registry key path \ - * **RegistryValueData**: The registry key value in string formatted representation \ - * **Url**: The url - */ -export type AutomationRulePropertyConditionSupportedProperty = string; - -/** Known values of {@link EntityType} that the service accepts. */ -export enum KnownEntityType { - /** Entity represents account in the system. */ - Account = "Account", - /** Entity represents host in the system. */ - Host = "Host", - /** Entity represents file in the system. */ - File = "File", - /** Entity represents azure resource in the system. */ - AzureResource = "AzureResource", - /** Entity represents cloud application in the system. */ - CloudApplication = "CloudApplication", - /** Entity represents dns in the system. */ - DNS = "DNS", - /** Entity represents file hash in the system. */ - FileHash = "FileHash", - /** Entity represents ip in the system. */ - IP = "IP", - /** Entity represents malware in the system. */ - Malware = "Malware", - /** Entity represents process in the system. */ - Process = "Process", - /** Entity represents registry key in the system. */ - RegistryKey = "RegistryKey", - /** Entity represents registry value in the system. */ - RegistryValue = "RegistryValue", - /** Entity represents security group in the system. */ - SecurityGroup = "SecurityGroup", - /** Entity represents url in the system. */ - URL = "URL", - /** Entity represents IoT device in the system. */ - IoTDevice = "IoTDevice", - /** Entity represents security alert in the system. */ - SecurityAlert = "SecurityAlert", - /** Entity represents HuntingBookmark in the system. */ - HuntingBookmark = "HuntingBookmark", - /** Entity represents mail cluster in the system. */ - MailCluster = "MailCluster", - /** Entity represents mail message in the system. */ - MailMessage = "MailMessage", - /** Entity represents mailbox in the system. */ - Mailbox = "Mailbox", - /** Entity represents submission mail in the system. */ - SubmissionMail = "SubmissionMail", - /** Entity represents network interface in the system. */ - Nic = "Nic" -} - -/** - * Defines values for EntityType. \ - * {@link KnownEntityType} can be used interchangeably with EntityType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Account**: Entity represents account in the system. \ - * **Host**: Entity represents host in the system. \ - * **File**: Entity represents file in the system. \ - * **AzureResource**: Entity represents azure resource in the system. \ - * **CloudApplication**: Entity represents cloud application in the system. \ - * **DNS**: Entity represents dns in the system. \ - * **FileHash**: Entity represents file hash in the system. \ - * **IP**: Entity represents ip in the system. \ - * **Malware**: Entity represents malware in the system. \ - * **Process**: Entity represents process in the system. \ - * **RegistryKey**: Entity represents registry key in the system. \ - * **RegistryValue**: Entity represents registry value in the system. \ - * **SecurityGroup**: Entity represents security group in the system. \ - * **URL**: Entity represents url in the system. \ - * **IoTDevice**: Entity represents IoT device in the system. \ - * **SecurityAlert**: Entity represents security alert in the system. \ - * **HuntingBookmark**: Entity represents HuntingBookmark in the system. \ - * **MailCluster**: Entity represents mail cluster in the system. \ - * **MailMessage**: Entity represents mail message in the system. \ - * **Mailbox**: Entity represents mailbox in the system. \ - * **SubmissionMail**: Entity represents submission mail in the system. \ - * **Nic**: Entity represents network interface in the system. - */ -export type EntityType = string; - -/** Known values of {@link OutputType} that the service accepts. */ -export enum KnownOutputType { - /** Number */ - Number = "Number", - /** String */ - String = "String", - /** Date */ - Date = "Date", - /** Entity */ - Entity = "Entity" -} - -/** - * Defines values for OutputType. \ - * {@link KnownOutputType} can be used interchangeably with OutputType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Number** \ - * **String** \ - * **Date** \ - * **Entity** - */ -export type OutputType = string; - -/** Known values of {@link SettingsStatus} that the service accepts. */ -export enum KnownSettingsStatus { - /** Anomaly settings status in Production mode */ - Production = "Production", - /** Anomaly settings status in Flighting mode */ - Flighting = "Flighting" -} - -/** - * Defines values for SettingsStatus. \ - * {@link KnownSettingsStatus} can be used interchangeably with SettingsStatus, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Production**: Anomaly settings status in Production mode \ - * **Flighting**: Anomaly settings status in Flighting mode + * **HostNetBiosName**: The host NetBIOS name \ + * **HostNTDomain**: The host NT domain \ + * **HostOSVersion**: The host operating system \ + * **IoTDeviceId**: "The IoT device id \ + * **IoTDeviceName**: The IoT device name \ + * **IoTDeviceType**: The IoT device type \ + * **IoTDeviceVendor**: The IoT device vendor \ + * **IoTDeviceModel**: The IoT device model \ + * **IoTDeviceOperatingSystem**: The IoT device operating system \ + * **IPAddress**: The IP address \ + * **MailboxDisplayName**: The mailbox display name \ + * **MailboxPrimaryAddress**: The mailbox primary address \ + * **MailboxUPN**: The mailbox user principal name \ + * **MailMessageDeliveryAction**: The mail message delivery action \ + * **MailMessageDeliveryLocation**: The mail message delivery location \ + * **MailMessageRecipient**: The mail message recipient \ + * **MailMessageSenderIP**: The mail message sender IP address \ + * **MailMessageSubject**: The mail message subject \ + * **MailMessageP1Sender**: The mail message P1 sender \ + * **MailMessageP2Sender**: The mail message P2 sender \ + * **MalwareCategory**: The malware category \ + * **MalwareName**: The malware name \ + * **ProcessCommandLine**: The process execution command line \ + * **ProcessId**: The process id \ + * **RegistryKey**: The registry key path \ + * **RegistryValueData**: The registry key value in string formatted representation \ + * **Url**: The url */ -export type SettingsStatus = string; - -/** Known values of {@link EntityProviders} that the service accepts. */ -export enum KnownEntityProviders { - /** ActiveDirectory */ - ActiveDirectory = "ActiveDirectory", - /** AzureActiveDirectory */ - AzureActiveDirectory = "AzureActiveDirectory" -} +export type AutomationRulePropertyConditionSupportedProperty = string; -/** - * Defines values for EntityProviders. \ - * {@link KnownEntityProviders} can be used interchangeably with EntityProviders, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **ActiveDirectory** \ - * **AzureActiveDirectory** - */ -export type EntityProviders = string; - -/** Known values of {@link UebaDataSources} that the service accepts. */ -export enum KnownUebaDataSources { - /** AuditLogs */ - AuditLogs = "AuditLogs", - /** AzureActivity */ - AzureActivity = "AzureActivity", - /** SecurityEvent */ - SecurityEvent = "SecurityEvent", - /** SigninLogs */ - SigninLogs = "SigninLogs" +/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */ +export enum KnownAutomationRulePropertyConditionSupportedOperator { + /** Evaluates if the property equals at least one of the condition values */ + Equals = "Equals", + /** Evaluates if the property does not equal any of the condition values */ + NotEquals = "NotEquals", + /** Evaluates if the property contains at least one of the condition values */ + Contains = "Contains", + /** Evaluates if the property does not contain any of the condition values */ + NotContains = "NotContains", + /** Evaluates if the property starts with any of the condition values */ + StartsWith = "StartsWith", + /** Evaluates if the property does not start with any of the condition values */ + NotStartsWith = "NotStartsWith", + /** Evaluates if the property ends with any of the condition values */ + EndsWith = "EndsWith", + /** Evaluates if the property does not end with any of the condition values */ + NotEndsWith = "NotEndsWith" } /** - * Defines values for UebaDataSources. \ - * {@link KnownUebaDataSources} can be used interchangeably with UebaDataSources, + * Defines values for AutomationRulePropertyConditionSupportedOperator. \ + * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator, * this enum contains the known values that the service supports. * ### Known values supported by the service - * **AuditLogs** \ - * **AzureActivity** \ - * **SecurityEvent** \ - * **SigninLogs** + * **Equals**: Evaluates if the property equals at least one of the condition values \ + * **NotEquals**: Evaluates if the property does not equal any of the condition values \ + * **Contains**: Evaluates if the property contains at least one of the condition values \ + * **NotContains**: Evaluates if the property does not contain any of the condition values \ + * **StartsWith**: Evaluates if the property starts with any of the condition values \ + * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \ + * **EndsWith**: Evaluates if the property ends with any of the condition values \ + * **NotEndsWith**: Evaluates if the property does not end with any of the condition values */ -export type UebaDataSources = string; +export type AutomationRulePropertyConditionSupportedOperator = string; /** Known values of {@link DataTypeState} that the service accepts. */ export enum KnownDataTypeState { - /** Enabled */ Enabled = "Enabled", - /** Disabled */ Disabled = "Disabled" } @@ -8069,114 +4569,6 @@ export enum KnownDataTypeState { */ export type DataTypeState = string; -/** Known values of {@link PollingFrequency} that the service accepts. */ -export enum KnownPollingFrequency { - /** Once a minute */ - OnceAMinute = "OnceAMinute", - /** Once an hour */ - OnceAnHour = "OnceAnHour", - /** Once a day */ - OnceADay = "OnceADay" -} - -/** - * Defines values for PollingFrequency. \ - * {@link KnownPollingFrequency} can be used interchangeably with PollingFrequency, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **OnceAMinute**: Once a minute \ - * **OnceAnHour**: Once an hour \ - * **OnceADay**: Once a day - */ -export type PollingFrequency = string; - -/** Known values of {@link ConnectivityType} that the service accepts. */ -export enum KnownConnectivityType { - /** IsConnectedQuery */ - IsConnectedQuery = "IsConnectedQuery" -} - -/** - * Defines values for ConnectivityType. \ - * {@link KnownConnectivityType} can be used interchangeably with ConnectivityType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **IsConnectedQuery** - */ -export type ConnectivityType = string; - -/** Known values of {@link ProviderName} that the service accepts. */ -export enum KnownProviderName { - /** MicrosoftOperationalInsightsSolutions */ - MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions", - /** MicrosoftOperationalInsightsWorkspaces */ - MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces", - /** MicrosoftOperationalInsightsWorkspacesDatasources */ - MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources", - /** MicrosoftAadiamDiagnosticSettings */ - MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings", - /** MicrosoftOperationalInsightsWorkspacesSharedKeys */ - MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys", - /** MicrosoftAuthorizationPolicyAssignments */ - MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments" -} - -/** - * Defines values for ProviderName. \ - * {@link KnownProviderName} can be used interchangeably with ProviderName, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Microsoft.OperationalInsights\/solutions** \ - * **Microsoft.OperationalInsights\/workspaces** \ - * **Microsoft.OperationalInsights\/workspaces\/datasources** \ - * **microsoft.aadiam\/diagnosticSettings** \ - * **Microsoft.OperationalInsights\/workspaces\/sharedKeys** \ - * **Microsoft.Authorization\/policyAssignments** - */ -export type ProviderName = string; - -/** Known values of {@link PermissionProviderScope} that the service accepts. */ -export enum KnownPermissionProviderScope { - /** ResourceGroup */ - ResourceGroup = "ResourceGroup", - /** Subscription */ - Subscription = "Subscription", - /** Workspace */ - Workspace = "Workspace" -} - -/** - * Defines values for PermissionProviderScope. \ - * {@link KnownPermissionProviderScope} can be used interchangeably with PermissionProviderScope, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **ResourceGroup** \ - * **Subscription** \ - * **Workspace** - */ -export type PermissionProviderScope = string; - -/** Known values of {@link SettingType} that the service accepts. */ -export enum KnownSettingType { - /** CopyableLabel */ - CopyableLabel = "CopyableLabel", - /** InstructionStepsGroup */ - InstructionStepsGroup = "InstructionStepsGroup", - /** InfoMessage */ - InfoMessage = "InfoMessage" -} - -/** - * Defines values for SettingType. \ - * {@link KnownSettingType} can be used interchangeably with SettingType, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **CopyableLabel** \ - * **InstructionStepsGroup** \ - * **InfoMessage** - */ -export type SettingType = string; - /** Known values of {@link FileHashAlgorithm} that the service accepts. */ export enum KnownFileHashAlgorithm { /** Unknown hash algorithm */ @@ -8204,30 +4596,6 @@ export enum KnownFileHashAlgorithm { */ export type FileHashAlgorithm = string; -/** Known values of {@link DeviceImportance} that the service accepts. */ -export enum KnownDeviceImportance { - /** Unknown - Default value */ - Unknown = "Unknown", - /** Low */ - Low = "Low", - /** Normal */ - Normal = "Normal", - /** High */ - High = "High" -} - -/** - * Defines values for DeviceImportance. \ - * {@link KnownDeviceImportance} can be used interchangeably with DeviceImportance, - * this enum contains the known values that the service supports. - * ### Known values supported by the service - * **Unknown**: Unknown - Default value \ - * **Low**: Low \ - * **Normal**: Normal \ - * **High**: High - */ -export type DeviceImportance = string; - /** Known values of {@link AntispamMailDirection} that the service accepts. */ export enum KnownAntispamMailDirection { /** Unknown */ @@ -8476,93 +4844,6 @@ export interface AutomationRulesListNextOptionalParams /** Contains response data for the listNext operation. */ export type AutomationRulesListNextResponse = AutomationRulesList; -/** Optional parameters. */ -export interface IncidentsRunPlaybookOptionalParams - extends coreClient.OperationOptions { - requestBody?: ManualTriggerRequestBody; -} - -/** Contains response data for the runPlaybook operation. */ -export type IncidentsRunPlaybookResponse = Record; - -/** Optional parameters. */ -export interface IncidentsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type IncidentsListResponse = IncidentList; - -/** Optional parameters. */ -export interface IncidentsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type IncidentsGetResponse = Incident; - -/** Optional parameters. */ -export interface IncidentsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type IncidentsCreateOrUpdateResponse = Incident; - -/** Optional parameters. */ -export interface IncidentsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface IncidentsCreateTeamOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createTeam operation. */ -export type IncidentsCreateTeamResponse = TeamInformation; - -/** Optional parameters. */ -export interface IncidentsListAlertsOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listAlerts operation. */ -export type IncidentsListAlertsResponse = IncidentAlertList; - -/** Optional parameters. */ -export interface IncidentsListBookmarksOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listBookmarks operation. */ -export type IncidentsListBookmarksResponse = IncidentBookmarkList; - -/** Optional parameters. */ -export interface IncidentsListEntitiesOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listEntities operation. */ -export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; - -/** Optional parameters. */ -export interface IncidentsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the listNext operation. */ -export type IncidentsListNextResponse = IncidentList; - /** Optional parameters. */ export interface BookmarksListOptionalParams extends coreClient.OperationOptions {} @@ -8581,158 +4862,54 @@ export type BookmarksGetResponse = Bookmark; export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the createOrUpdate operation. */ -export type BookmarksCreateOrUpdateResponse = Bookmark; - -/** Optional parameters. */ -export interface BookmarksDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface BookmarksListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type BookmarksListNextResponse = BookmarkList; - -/** Optional parameters. */ -export interface BookmarkRelationsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the list operation. */ -export type BookmarkRelationsListResponse = RelationList; - -/** Optional parameters. */ -export interface BookmarkRelationsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type BookmarkRelationsGetResponse = Relation; - -/** Optional parameters. */ -export interface BookmarkRelationsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type BookmarkRelationsCreateOrUpdateResponse = Relation; - -/** Optional parameters. */ -export interface BookmarkRelationsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface BookmarkRelationsListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} - -/** Contains response data for the listNext operation. */ -export type BookmarkRelationsListNextResponse = RelationList; - -/** Optional parameters. */ -export interface BookmarkExpandOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the expand operation. */ -export type BookmarkExpandOperationResponse = BookmarkExpandResponse; - -/** Optional parameters. */ -export interface IPGeodataGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type IPGeodataGetResponse = EnrichmentIpGeodata; - -/** Optional parameters. */ -export interface DomainWhoisGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DomainWhoisGetResponse = EnrichmentDomainWhois; - -/** Optional parameters. */ -export interface EntitiesListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type EntitiesListResponse = EntityList; +/** Contains response data for the createOrUpdate operation. */ +export type BookmarksCreateOrUpdateResponse = Bookmark; /** Optional parameters. */ -export interface EntitiesGetOptionalParams +export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the get operation. */ -export type EntitiesGetResponse = EntityUnion; - /** Optional parameters. */ -export interface EntitiesExpandOptionalParams +export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the expand operation. */ -export type EntitiesExpandResponse = EntityExpandResponse; +/** Contains response data for the listNext operation. */ +export type BookmarksListNextResponse = BookmarkList; /** Optional parameters. */ -export interface EntitiesQueriesOptionalParams +export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the queries operation. */ -export type EntitiesQueriesResponse = GetQueriesResponse; +/** Contains response data for the list operation. */ +export type DataConnectorsListResponse = DataConnectorList; /** Optional parameters. */ -export interface EntitiesGetInsightsOptionalParams +export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the getInsights operation. */ -export type EntitiesGetInsightsResponse = EntityGetInsightsResponse; +/** Contains response data for the get operation. */ +export type DataConnectorsGetResponse = DataConnectorUnion; /** Optional parameters. */ -export interface EntitiesListNextOptionalParams +export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the listNext operation. */ -export type EntitiesListNextResponse = EntityList; +/** Contains response data for the createOrUpdate operation. */ +export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; /** Optional parameters. */ -export interface EntitiesGetTimelineListOptionalParams +export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the list operation. */ -export type EntitiesGetTimelineListResponse = EntityTimelineResponse; - /** Optional parameters. */ -export interface EntitiesRelationsListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ - skipToken?: string; -} +export interface DataConnectorsListNextOptionalParams + extends coreClient.OperationOptions {} -/** Contains response data for the list operation. */ -export type EntitiesRelationsListResponse = RelationList; +/** Contains response data for the listNext operation. */ +export type DataConnectorsListNextResponse = DataConnectorList; /** Optional parameters. */ -export interface EntitiesRelationsListNextOptionalParams +export interface IncidentsListOptionalParams extends coreClient.OperationOptions { /** Filters the results, based on a Boolean condition. Optional. */ filter?: string; @@ -8744,74 +4921,63 @@ export interface EntitiesRelationsListNextOptionalParams skipToken?: string; } -/** Contains response data for the listNext operation. */ -export type EntitiesRelationsListNextResponse = RelationList; - -/** Optional parameters. */ -export interface EntityRelationsGetRelationOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the getRelation operation. */ -export type EntityRelationsGetRelationResponse = Relation; - -/** Optional parameters. */ -export interface EntityQueriesListOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum13; -} - /** Contains response data for the list operation. */ -export type EntityQueriesListResponse = EntityQueryList; +export type IncidentsListResponse = IncidentList; /** Optional parameters. */ -export interface EntityQueriesGetOptionalParams +export interface IncidentsGetOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the get operation. */ -export type EntityQueriesGetResponse = EntityQueryUnion; +export type IncidentsGetResponse = Incident; /** Optional parameters. */ -export interface EntityQueriesCreateOrUpdateOptionalParams +export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} /** Contains response data for the createOrUpdate operation. */ -export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion; +export type IncidentsCreateOrUpdateResponse = Incident; /** Optional parameters. */ -export interface EntityQueriesDeleteOptionalParams +export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions {} /** Optional parameters. */ -export interface EntityQueriesListNextOptionalParams - extends coreClient.OperationOptions { - /** The entity query kind we want to fetch */ - kind?: Enum13; -} +export interface IncidentsListAlertsOptionalParams + extends coreClient.OperationOptions {} -/** Contains response data for the listNext operation. */ -export type EntityQueriesListNextResponse = EntityQueryList; +/** Contains response data for the listAlerts operation. */ +export type IncidentsListAlertsResponse = IncidentAlertList; /** Optional parameters. */ -export interface EntityQueryTemplatesListOptionalParams +export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the list operation. */ -export type EntityQueryTemplatesListResponse = EntityQueryTemplateList; +/** Contains response data for the listBookmarks operation. */ +export type IncidentsListBookmarksResponse = IncidentBookmarkList; /** Optional parameters. */ -export interface EntityQueryTemplatesGetOptionalParams +export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the get operation. */ -export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion; +/** Contains response data for the listEntities operation. */ +export type IncidentsListEntitiesResponse = IncidentEntitiesResponse; /** Optional parameters. */ -export interface EntityQueryTemplatesListNextOptionalParams - extends coreClient.OperationOptions {} +export interface IncidentsListNextOptionalParams + extends coreClient.OperationOptions { + /** Filters the results, based on a Boolean condition. Optional. */ + filter?: string; + /** Sorts the results. Optional. */ + orderby?: string; + /** Returns only the first n results. Optional. */ + top?: number; + /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */ + skipToken?: string; +} /** Contains response data for the listNext operation. */ -export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList; +export type IncidentsListNextResponse = IncidentList; /** Optional parameters. */ export interface IncidentCommentsListOptionalParams @@ -8913,88 +5079,6 @@ export interface IncidentRelationsListNextOptionalParams /** Contains response data for the listNext operation. */ export type IncidentRelationsListNextResponse = RelationList; -/** Optional parameters. */ -export interface MetadataListOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ - skip?: number; -} - -/** Contains response data for the list operation. */ -export type MetadataListResponse = MetadataList; - -/** Optional parameters. */ -export interface MetadataGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type MetadataGetResponse = MetadataModel; - -/** Optional parameters. */ -export interface MetadataDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface MetadataCreateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the create operation. */ -export type MetadataCreateResponse = MetadataModel; - -/** Optional parameters. */ -export interface MetadataUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the update operation. */ -export type MetadataUpdateResponse = MetadataModel; - -/** Optional parameters. */ -export interface MetadataListNextOptionalParams - extends coreClient.OperationOptions { - /** Filters the results, based on a Boolean condition. Optional. */ - filter?: string; - /** Sorts the results. Optional. */ - orderby?: string; - /** Returns only the first n results. Optional. */ - top?: number; - /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */ - skip?: number; -} - -/** Contains response data for the listNext operation. */ -export type MetadataListNextResponse = MetadataList; - -/** Optional parameters. */ -export interface OfficeConsentsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type OfficeConsentsListResponse = OfficeConsentList; - -/** Optional parameters. */ -export interface OfficeConsentsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type OfficeConsentsGetResponse = OfficeConsent; - -/** Optional parameters. */ -export interface OfficeConsentsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface OfficeConsentsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type OfficeConsentsListNextResponse = OfficeConsentList; - /** Optional parameters. */ export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions {} @@ -9023,109 +5107,6 @@ export interface SentinelOnboardingStatesListOptionalParams /** Contains response data for the list operation. */ export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList; -/** Optional parameters. */ -export interface SecurityMLAnalyticsSettingsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type SecurityMLAnalyticsSettingsListResponse = SecurityMLAnalyticsSettingsList; - -/** Optional parameters. */ -export interface SecurityMLAnalyticsSettingsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type SecurityMLAnalyticsSettingsGetResponse = SecurityMLAnalyticsSettingUnion; - -/** Optional parameters. */ -export interface SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type SecurityMLAnalyticsSettingsCreateOrUpdateResponse = SecurityMLAnalyticsSettingUnion; - -/** Optional parameters. */ -export interface SecurityMLAnalyticsSettingsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface SecurityMLAnalyticsSettingsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type SecurityMLAnalyticsSettingsListNextResponse = SecurityMLAnalyticsSettingsList; - -/** Optional parameters. */ -export interface ProductSettingsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type ProductSettingsListResponse = SettingList; - -/** Optional parameters. */ -export interface ProductSettingsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type ProductSettingsGetResponse = SettingsUnion; - -/** Optional parameters. */ -export interface ProductSettingsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface ProductSettingsUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the update operation. */ -export type ProductSettingsUpdateResponse = SettingsUnion; - -/** Optional parameters. */ -export interface SourceControlListRepositoriesOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listRepositories operation. */ -export type SourceControlListRepositoriesResponse = RepoList; - -/** Optional parameters. */ -export interface SourceControlListRepositoriesNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listRepositoriesNext operation. */ -export type SourceControlListRepositoriesNextResponse = RepoList; - -/** Optional parameters. */ -export interface SourceControlsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type SourceControlsListResponse = SourceControlList; - -/** Optional parameters. */ -export interface SourceControlsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type SourceControlsGetResponse = SourceControl; - -/** Optional parameters. */ -export interface SourceControlsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface SourceControlsCreateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the create operation. */ -export type SourceControlsCreateResponse = SourceControl; - -/** Optional parameters. */ -export interface SourceControlsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type SourceControlsListNextResponse = SourceControlList; - /** Optional parameters. */ export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions {} @@ -9236,9 +5217,6 @@ export type WatchlistsGetResponse = Watchlist; export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions {} -/** Contains response data for the delete operation. */ -export type WatchlistsDeleteResponse = WatchlistsDeleteHeaders; - /** Optional parameters. */ export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {} @@ -9294,53 +5272,6 @@ export interface WatchlistItemsListNextOptionalParams /** Contains response data for the listNext operation. */ export type WatchlistItemsListNextResponse = WatchlistItemList; -/** Optional parameters. */ -export interface DataConnectorsListOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the list operation. */ -export type DataConnectorsListResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsGetOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the get operation. */ -export type DataConnectorsGetResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsCreateOrUpdateOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the createOrUpdate operation. */ -export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion; - -/** Optional parameters. */ -export interface DataConnectorsDeleteOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsConnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsDisconnectOptionalParams - extends coreClient.OperationOptions {} - -/** Optional parameters. */ -export interface DataConnectorsListNextOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the listNext operation. */ -export type DataConnectorsListNextResponse = DataConnectorList; - -/** Optional parameters. */ -export interface DataConnectorsCheckRequirementsPostOptionalParams - extends coreClient.OperationOptions {} - -/** Contains response data for the post operation. */ -export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState; - /** Optional parameters. */ export interface OperationsListOptionalParams extends coreClient.OperationOptions {} diff --git a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts index 6a5a7d831fa4..07f653d46805 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/mappers.ts @@ -392,27 +392,6 @@ export const AutomationRulesList: coreClient.CompositeMapper = { } }; -export const ManualTriggerRequestBody: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ManualTriggerRequestBody", - modelProperties: { - tenantId: { - serializedName: "tenantId", - type: { - name: "Uuid" - } - }, - logicAppsResourceId: { - serializedName: "logicAppsResourceId", - type: { - name: "String" - } - } - } - } -}; - export const BookmarkList: coreClient.CompositeMapper = { type: { name: "Composite", @@ -505,25 +484,27 @@ export const IncidentInfo: coreClient.CompositeMapper = { } }; -export const BookmarkEntityMappings: coreClient.CompositeMapper = { +export const DataConnectorList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkEntityMappings", + className: "DataConnectorList", modelProperties: { - entityType: { - serializedName: "entityType", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - fieldMappings: { - serializedName: "fieldMappings", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityFieldMapping" + className: "DataConnector" } } } @@ -532,48 +513,81 @@ export const BookmarkEntityMappings: coreClient.CompositeMapper = { } }; -export const EntityFieldMapping: coreClient.CompositeMapper = { +export const IncidentList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityFieldMapping", + className: "IncidentList", modelProperties: { - identifier: { - serializedName: "identifier", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, value: { serializedName: "value", + required: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Incident" + } + } } } } } }; -export const RelationList: coreClient.CompositeMapper = { +export const IncidentAdditionalData: coreClient.CompositeMapper = { type: { name: "Composite", - className: "RelationList", + className: "IncidentAdditionalData", modelProperties: { - nextLink: { - serializedName: "nextLink", + alertsCount: { + serializedName: "alertsCount", readOnly: true, type: { - name: "String" + name: "Number" } }, - value: { - serializedName: "value", - required: true, + bookmarksCount: { + serializedName: "bookmarksCount", + readOnly: true, + type: { + name: "Number" + } + }, + commentsCount: { + serializedName: "commentsCount", + readOnly: true, + type: { + name: "Number" + } + }, + alertProductNames: { + serializedName: "alertProductNames", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "Relation" + name: "String" + } + } + } + }, + tactics: { + serializedName: "tactics", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "String" } } } @@ -582,69 +596,82 @@ export const RelationList: coreClient.CompositeMapper = { } }; -export const BookmarkExpandParameters: coreClient.CompositeMapper = { +export const IncidentLabel: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandParameters", + className: "IncidentLabel", modelProperties: { - endTime: { - serializedName: "endTime", - type: { - name: "DateTime" - } - }, - expansionId: { - serializedName: "expansionId", + labelName: { + serializedName: "labelName", + required: true, type: { - name: "Uuid" + name: "String" } }, - startTime: { - serializedName: "startTime", + labelType: { + serializedName: "labelType", + readOnly: true, type: { - name: "DateTime" + name: "String" } } } } }; -export const BookmarkExpandResponse: coreClient.CompositeMapper = { +export const IncidentOwnerInfo: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandResponse", + className: "IncidentOwnerInfo", modelProperties: { - metaData: { - serializedName: "metaData", + email: { + serializedName: "email", type: { - name: "Composite", - className: "ExpansionResultsMetadata" + name: "String" } }, - value: { - serializedName: "value", + assignedTo: { + serializedName: "assignedTo", type: { - name: "Composite", - className: "BookmarkExpandResponseValue" + name: "String" + } + }, + objectId: { + serializedName: "objectId", + type: { + name: "Uuid" + } + }, + userPrincipalName: { + serializedName: "userPrincipalName", + type: { + name: "String" + } + }, + ownerType: { + serializedName: "ownerType", + type: { + name: "String" } } } } }; -export const ExpansionResultsMetadata: coreClient.CompositeMapper = { +export const IncidentAlertList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ExpansionResultsMetadata", + className: "IncidentAlertList", modelProperties: { - aggregations: { - serializedName: "aggregations", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "ExpansionResultAggregation" + className: "SecurityAlert" } } } @@ -653,33 +680,47 @@ export const ExpansionResultsMetadata: coreClient.CompositeMapper = { } }; -export const ExpansionResultAggregation: coreClient.CompositeMapper = { +export const SecurityAlertPropertiesConfidenceReasonsItem: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ExpansionResultAggregation", + className: "SecurityAlertPropertiesConfidenceReasonsItem", modelProperties: { - aggregationType: { - serializedName: "aggregationType", + reason: { + serializedName: "reason", + readOnly: true, type: { name: "String" } }, - count: { - serializedName: "count", - required: true, + reasonType: { + serializedName: "reasonType", + readOnly: true, type: { - name: "Number" + name: "String" } - }, - displayName: { - serializedName: "displayName", + } + } + } +}; + +export const EntityCommonProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "EntityCommonProperties", + modelProperties: { + additionalData: { + serializedName: "additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - entityKind: { - serializedName: "entityKind", - required: true, + friendlyName: { + serializedName: "friendlyName", + readOnly: true, type: { name: "String" } @@ -688,31 +729,49 @@ export const ExpansionResultAggregation: coreClient.CompositeMapper = { } }; -export const BookmarkExpandResponseValue: coreClient.CompositeMapper = { +export const IncidentBookmarkList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "BookmarkExpandResponseValue", + className: "IncidentBookmarkList", modelProperties: { - entities: { - serializedName: "entities", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "Entity" + className: "HuntingBookmark" } } } + } + } + } +}; + +export const IncidentCommentList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentCommentList", + modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } }, - edges: { - serializedName: "edges", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "ConnectedEntity" + className: "IncidentComment" } } } @@ -721,131 +780,54 @@ export const BookmarkExpandResponseValue: coreClient.CompositeMapper = { } }; -export const ConnectedEntity: coreClient.CompositeMapper = { +export const IncidentEntitiesResponse: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ConnectedEntity", + className: "IncidentEntitiesResponse", modelProperties: { - targetEntityId: { - serializedName: "targetEntityId", + entities: { + serializedName: "entities", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Entity" + } + } } }, - additionalData: { - serializedName: "additionalData", + metaData: { + serializedName: "metaData", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "Sequence", + element: { + type: { + name: "Composite", + className: "IncidentEntitiesResultsMetadata" + } + } } } } } }; -export const EnrichmentIpGeodata: coreClient.CompositeMapper = { +export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentIpGeodata", + className: "IncidentEntitiesResultsMetadata", modelProperties: { - asn: { - serializedName: "asn", + count: { + serializedName: "count", + required: true, type: { - name: "String" + name: "Number" } }, - carrier: { - serializedName: "carrier", - type: { - name: "String" - } - }, - city: { - serializedName: "city", - type: { - name: "String" - } - }, - cityCf: { - serializedName: "cityCf", - type: { - name: "Number" - } - }, - continent: { - serializedName: "continent", - type: { - name: "String" - } - }, - country: { - serializedName: "country", - type: { - name: "String" - } - }, - countryCf: { - serializedName: "countryCf", - type: { - name: "Number" - } - }, - ipAddr: { - serializedName: "ipAddr", - type: { - name: "String" - } - }, - ipRoutingType: { - serializedName: "ipRoutingType", - type: { - name: "String" - } - }, - latitude: { - serializedName: "latitude", - type: { - name: "String" - } - }, - longitude: { - serializedName: "longitude", - type: { - name: "String" - } - }, - organization: { - serializedName: "organization", - type: { - name: "String" - } - }, - organizationType: { - serializedName: "organizationType", - type: { - name: "String" - } - }, - region: { - serializedName: "region", - type: { - name: "String" - } - }, - state: { - serializedName: "state", - type: { - name: "String" - } - }, - stateCf: { - serializedName: "stateCf", - type: { - name: "Number" - } - }, - stateCode: { - serializedName: "stateCode", + entityKind: { + serializedName: "entityKind", + required: true, type: { name: "String" } @@ -854,89 +836,49 @@ export const EnrichmentIpGeodata: coreClient.CompositeMapper = { } }; -export const EnrichmentDomainWhois: coreClient.CompositeMapper = { +export const RelationList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhois", + className: "RelationList", modelProperties: { - domain: { - serializedName: "domain", - type: { - name: "String" - } - }, - server: { - serializedName: "server", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { name: "String" } }, - created: { - serializedName: "created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "updated", - type: { - name: "DateTime" - } - }, - expires: { - serializedName: "expires", - type: { - name: "DateTime" - } - }, - parsedWhois: { - serializedName: "parsedWhois", + value: { + serializedName: "value", + required: true, type: { - name: "Composite", - className: "EnrichmentDomainWhoisDetails" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "Relation" + } + } } } } } }; -export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { +export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisDetails", + className: "SentinelOnboardingStatesList", modelProperties: { - registrar: { - serializedName: "registrar", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisRegistrarDetails" - } - }, - contacts: { - serializedName: "contacts", - type: { - name: "Composite", - className: "EnrichmentDomainWhoisContacts" - } - }, - nameServers: { - serializedName: "nameServers", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - statuses: { - serializedName: "statuses", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "SentinelOnboardingState" } } } @@ -945,43 +887,67 @@ export const EnrichmentDomainWhoisDetails: coreClient.CompositeMapper = { } }; -export const EnrichmentDomainWhoisRegistrarDetails: coreClient.CompositeMapper = { +export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisRegistrarDetails", + className: "ThreatIntelligenceKillChainPhase", modelProperties: { - name: { - serializedName: "name", + killChainName: { + serializedName: "killChainName", type: { name: "String" } }, - abuseContactEmail: { - serializedName: "abuseContactEmail", + phaseName: { + serializedName: "phaseName", type: { name: "String" } - }, - abuseContactPhone: { - serializedName: "abuseContactPhone", + } + } + } +}; + +export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern", + modelProperties: { + patternTypeKey: { + serializedName: "patternTypeKey", type: { name: "String" } }, - ianaId: { - serializedName: "ianaId", + patternTypeValues: { + serializedName: "patternTypeValues", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue" + } + } } - }, - url: { - serializedName: "url", + } + } + } +}; + +export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPatternTypeValue", + modelProperties: { + valueType: { + serializedName: "valueType", type: { name: "String" } }, - whoisServer: { - serializedName: "whoisServer", + value: { + serializedName: "value", type: { name: "String" } @@ -990,62 +956,65 @@ export const EnrichmentDomainWhoisRegistrarDetails: coreClient.CompositeMapper = } }; -export const EnrichmentDomainWhoisContacts: coreClient.CompositeMapper = { +export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisContacts", + className: "ThreatIntelligenceExternalReference", modelProperties: { - admin: { - serializedName: "admin", + description: { + serializedName: "description", type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" + name: "String" } }, - billing: { - serializedName: "billing", + externalId: { + serializedName: "externalId", type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" + name: "String" } }, - registrant: { - serializedName: "registrant", + sourceName: { + serializedName: "sourceName", type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" + name: "String" } }, - tech: { - serializedName: "tech", + url: { + serializedName: "url", type: { - name: "Composite", - className: "EnrichmentDomainWhoisContact" + name: "String" + } + }, + hashes: { + serializedName: "hashes", + type: { + name: "Dictionary", + value: { type: { name: "String" } } } } } } }; -export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { +export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EnrichmentDomainWhoisContact", + className: "ThreatIntelligenceGranularMarkingModel", modelProperties: { - name: { - serializedName: "name", + language: { + serializedName: "language", type: { name: "String" } }, - org: { - serializedName: "org", + markingRef: { + serializedName: "markingRef", type: { - name: "String" + name: "Number" } }, - street: { - serializedName: "street", + selectors: { + serializedName: "selectors", type: { name: "Sequence", element: { @@ -1054,57 +1023,15 @@ export const EnrichmentDomainWhoisContact: coreClient.CompositeMapper = { } } } - }, - city: { - serializedName: "city", - type: { - name: "String" - } - }, - state: { - serializedName: "state", - type: { - name: "String" - } - }, - postal: { - serializedName: "postal", - type: { - name: "String" - } - }, - country: { - serializedName: "country", - type: { - name: "String" - } - }, - phone: { - serializedName: "phone", - type: { - name: "String" - } - }, - fax: { - serializedName: "fax", - type: { - name: "String" - } - }, - email: { - serializedName: "email", - type: { - name: "String" - } } } } }; -export const EntityList: coreClient.CompositeMapper = { +export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityList", + className: "ThreatIntelligenceInformationList", modelProperties: { nextLink: { serializedName: "nextLink", @@ -1121,7 +1048,7 @@ export const EntityList: coreClient.CompositeMapper = { element: { type: { name: "Composite", - className: "Entity" + className: "ThreatIntelligenceInformation" } } } @@ -1130,120 +1057,83 @@ export const EntityList: coreClient.CompositeMapper = { } }; -export const EntityExpandParameters: coreClient.CompositeMapper = { +export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityExpandParameters", + className: "ThreatIntelligenceFilteringCriteria", modelProperties: { - endTime: { - serializedName: "endTime", + pageSize: { + serializedName: "pageSize", type: { - name: "DateTime" + name: "Number" } }, - expansionId: { - serializedName: "expansionId", + minConfidence: { + serializedName: "minConfidence", type: { - name: "Uuid" + name: "Number" } }, - startTime: { - serializedName: "startTime", + maxConfidence: { + serializedName: "maxConfidence", type: { - name: "DateTime" + name: "Number" } - } - } - } -}; - -export const EntityExpandResponse: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityExpandResponse", - modelProperties: { - metaData: { - serializedName: "metaData", + }, + minValidUntil: { + serializedName: "minValidUntil", type: { - name: "Composite", - className: "ExpansionResultsMetadata" + name: "String" } }, - value: { - serializedName: "value", + maxValidUntil: { + serializedName: "maxValidUntil", type: { - name: "Composite", - className: "EntityExpandResponseValue" + name: "String" } - } - } - } -}; - -export const EntityExpandResponseValue: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityExpandResponseValue", - modelProperties: { - entities: { - serializedName: "entities", + }, + includeDisabled: { + serializedName: "includeDisabled", + type: { + name: "Boolean" + } + }, + sortBy: { + serializedName: "sortBy", type: { name: "Sequence", element: { type: { name: "Composite", - className: "Entity" + className: "ThreatIntelligenceSortingCriteria" } } } }, - edges: { - serializedName: "edges", + sources: { + serializedName: "sources", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityEdges" + name: "String" } } } - } - } - } -}; - -export const EntityEdges: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityEdges", - modelProperties: { - targetEntityId: { - serializedName: "targetEntityId", - type: { - name: "String" - } }, - additionalData: { - serializedName: "additionalData", + patternTypes: { + serializedName: "patternTypes", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } + name: "Sequence", + element: { + type: { + name: "String" + } } } - } - } - } -}; - -export const EntityTimelineParameters: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityTimelineParameters", - modelProperties: { - kinds: { - serializedName: "kinds", + }, + threatTypes: { + serializedName: "threatTypes", type: { name: "Sequence", element: { @@ -1253,50 +1143,73 @@ export const EntityTimelineParameters: coreClient.CompositeMapper = { } } }, - startTime: { - serializedName: "startTime", - required: true, + ids: { + serializedName: "ids", type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - endTime: { - serializedName: "endTime", - required: true, + keywords: { + serializedName: "keywords", type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - numberOfBucket: { - serializedName: "numberOfBucket", + skipToken: { + serializedName: "skipToken", type: { - name: "Number" + name: "String" } } } } }; -export const EntityTimelineResponse: coreClient.CompositeMapper = { +export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityTimelineResponse", + className: "ThreatIntelligenceSortingCriteria", modelProperties: { - metaData: { - serializedName: "metaData", + itemKey: { + serializedName: "itemKey", type: { - name: "Composite", - className: "TimelineResultsMetadata" + name: "String" } }, + sortOrder: { + serializedName: "sortOrder", + type: { + name: "String" + } + } + } + } +}; + +export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricsList", + modelProperties: { value: { serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityTimelineItem" + className: "ThreatIntelligenceMetrics" } } } @@ -1305,133 +1218,135 @@ export const EntityTimelineResponse: coreClient.CompositeMapper = { } }; -export const TimelineResultsMetadata: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TimelineResultsMetadata", + className: "ThreatIntelligenceMetrics", modelProperties: { - totalCount: { - serializedName: "totalCount", - required: true, + properties: { + serializedName: "properties", type: { - name: "Number" + name: "Composite", + className: "ThreatIntelligenceMetric" + } + } + } + } +}; + +export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "ThreatIntelligenceMetric", + modelProperties: { + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", + type: { + name: "String" } }, - aggregations: { - serializedName: "aggregations", - required: true, + threatTypeMetrics: { + serializedName: "threatTypeMetrics", type: { name: "Sequence", element: { type: { name: "Composite", - className: "TimelineAggregation" + className: "ThreatIntelligenceMetricEntity" } } } }, - errors: { - serializedName: "errors", + patternTypeMetrics: { + serializedName: "patternTypeMetrics", type: { name: "Sequence", element: { type: { name: "Composite", - className: "TimelineError" + className: "ThreatIntelligenceMetricEntity" } } } - } - } - } -}; - -export const TimelineAggregation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TimelineAggregation", - modelProperties: { - count: { - serializedName: "count", - required: true, - type: { - name: "Number" - } }, - kind: { - serializedName: "kind", - required: true, + sourceMetrics: { + serializedName: "sourceMetrics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceMetricEntity" + } + } } } } } }; -export const TimelineError: coreClient.CompositeMapper = { +export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TimelineError", + className: "ThreatIntelligenceMetricEntity", modelProperties: { - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - }, - queryId: { - serializedName: "queryId", + metricName: { + serializedName: "metricName", type: { name: "String" } }, - errorMessage: { - serializedName: "errorMessage", - required: true, + metricValue: { + serializedName: "metricValue", type: { - name: "String" + name: "Number" } } } } }; -export const EntityTimelineItem: coreClient.CompositeMapper = { +export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "ThreatIntelligenceAppendTags", modelProperties: { - kind: { - serializedName: "kind", - required: true, + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const GetQueriesResponse: coreClient.CompositeMapper = { +export const WatchlistList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "GetQueriesResponse", + className: "WatchlistList", modelProperties: { + nextLink: { + serializedName: "nextLink", + readOnly: true, + type: { + name: "String" + } + }, value: { serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityQueryItem" + className: "Watchlist" } } } @@ -1440,78 +1355,27 @@ export const GetQueriesResponse: coreClient.CompositeMapper = { } }; -export const EntityQueryItem: coreClient.CompositeMapper = { +export const WatchlistItemList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryItem", - uberParent: "EntityQueryItem", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "WatchlistItemList", modelProperties: { - id: { - serializedName: "id", + nextLink: { + serializedName: "nextLink", readOnly: true, type: { name: "String" } }, - name: { - serializedName: "name", - type: { - name: "String" - } - }, - type: { - serializedName: "type", - type: { - name: "String" - } - }, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const EntityGetInsightsParameters: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityGetInsightsParameters", - modelProperties: { - startTime: { - serializedName: "startTime", - required: true, - type: { - name: "DateTime" - } - }, - endTime: { - serializedName: "endTime", - required: true, - type: { - name: "DateTime" - } - }, - addDefaultExtendedTimeRange: { - serializedName: "addDefaultExtendedTimeRange", - type: { - name: "Boolean" - } - }, - insightQueryIds: { - serializedName: "insightQueryIds", + value: { + serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { - name: "Uuid" + name: "Composite", + className: "WatchlistItem" } } } @@ -1520,26 +1384,27 @@ export const EntityGetInsightsParameters: coreClient.CompositeMapper = { } }; -export const EntityGetInsightsResponse: coreClient.CompositeMapper = { +export const OperationsList: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityGetInsightsResponse", + className: "OperationsList", modelProperties: { - metaData: { - serializedName: "metaData", + nextLink: { + serializedName: "nextLink", + readOnly: true, type: { - name: "Composite", - className: "GetInsightsResultsMetadata" + name: "String" } }, value: { serializedName: "value", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityInsightItem" + className: "Operation" } } } @@ -1548,262 +1413,233 @@ export const EntityGetInsightsResponse: coreClient.CompositeMapper = { } }; -export const GetInsightsResultsMetadata: coreClient.CompositeMapper = { +export const Operation: coreClient.CompositeMapper = { type: { name: "Composite", - className: "GetInsightsResultsMetadata", + className: "Operation", modelProperties: { - totalCount: { - serializedName: "totalCount", - required: true, + display: { + serializedName: "display", type: { - name: "Number" + name: "Composite", + className: "OperationDisplay" } }, - errors: { - serializedName: "errors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "GetInsightsErrorKind" - } - } - } - } - } - } -}; - -export const GetInsightsErrorKind: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GetInsightsErrorKind", - modelProperties: { - kind: { - serializedName: "kind", - required: true, + name: { + serializedName: "name", type: { name: "String" } }, - queryId: { - serializedName: "queryId", + origin: { + serializedName: "origin", type: { name: "String" } }, - errorMessage: { - serializedName: "errorMessage", - required: true, + isDataAction: { + serializedName: "isDataAction", type: { - name: "String" + name: "Boolean" } } } } }; -export const EntityInsightItem: coreClient.CompositeMapper = { +export const OperationDisplay: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityInsightItem", + className: "OperationDisplay", modelProperties: { - queryId: { - serializedName: "queryId", + description: { + serializedName: "description", type: { name: "String" } }, - queryTimeInterval: { - serializedName: "queryTimeInterval", + operation: { + serializedName: "operation", type: { - name: "Composite", - className: "EntityInsightItemQueryTimeInterval" + name: "String" } }, - tableQueryResults: { - serializedName: "tableQueryResults", + provider: { + serializedName: "provider", type: { - name: "Composite", - className: "InsightsTableResult" + name: "String" } }, - chartQueryResults: { - serializedName: "chartQueryResults", + resource: { + serializedName: "resource", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "InsightsTableResult" - } - } + name: "String" } } } } }; -export const EntityInsightItemQueryTimeInterval: coreClient.CompositeMapper = { +export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityInsightItemQueryTimeInterval", + className: "AlertRuleTemplateDataSource", modelProperties: { - startTime: { - serializedName: "startTime", + connectorId: { + serializedName: "connectorId", type: { - name: "DateTime" + name: "String" } }, - endTime: { - serializedName: "endTime", + dataTypes: { + serializedName: "dataTypes", type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const InsightsTableResult: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "InsightsTableResult", + className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", modelProperties: { - columns: { - serializedName: "columns", + displayNamesFilter: { + serializedName: "displayNamesFilter", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "InsightsTableResultColumnsItem" + name: "String" } } } }, - rows: { - serializedName: "rows", + displayNamesExcludeFilter: { + serializedName: "displayNamesExcludeFilter", type: { name: "Sequence", element: { type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } - } - } - } -}; - -export const InsightsTableResultColumnsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightsTableResultColumnsItem", - modelProperties: { - type: { - serializedName: "type", + }, + productFilter: { + serializedName: "productFilter", + required: true, type: { name: "String" } }, - name: { - serializedName: "name", + severitiesFilter: { + serializedName: "severitiesFilter", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const EntityQueryList: coreClient.CompositeMapper = { +export const IncidentConfiguration: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryList", + className: "IncidentConfiguration", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + createIncident: { + serializedName: "createIncident", + required: true, type: { - name: "String" + name: "Boolean" } }, - value: { - serializedName: "value", - required: true, + groupingConfiguration: { + serializedName: "groupingConfiguration", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQuery" - } - } + name: "Composite", + className: "GroupingConfiguration" } } } } }; -export const EntityQueryTemplateList: coreClient.CompositeMapper = { +export const GroupingConfiguration: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryTemplateList", + className: "GroupingConfiguration", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - value: { - serializedName: "value", + reopenClosedIncident: { + serializedName: "reopenClosedIncident", + required: true, + type: { + name: "Boolean" + } + }, + lookbackDuration: { + serializedName: "lookbackDuration", + required: true, + type: { + name: "TimeSpan" + } + }, + matchingMethod: { + serializedName: "matchingMethod", required: true, + type: { + name: "String" + } + }, + groupByEntities: { + serializedName: "groupByEntities", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityQueryTemplate" + name: "String" } } } - } - } - } -}; - -export const IncidentList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + }, + groupByAlertDetails: { + serializedName: "groupByAlertDetails", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - value: { - serializedName: "value", - required: true, + groupByCustomDetails: { + serializedName: "groupByCustomDetails", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "Incident" + name: "String" } } } @@ -1812,94 +1648,92 @@ export const IncidentList: coreClient.CompositeMapper = { } }; -export const IncidentAdditionalData: coreClient.CompositeMapper = { +export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentAdditionalData", + className: "ScheduledAlertRuleCommonProperties", modelProperties: { - alertsCount: { - serializedName: "alertsCount", - readOnly: true, + query: { + serializedName: "query", type: { - name: "Number" + name: "String" } }, - bookmarksCount: { - serializedName: "bookmarksCount", - readOnly: true, + queryFrequency: { + serializedName: "queryFrequency", type: { - name: "Number" + name: "TimeSpan" } }, - commentsCount: { - serializedName: "commentsCount", - readOnly: true, + queryPeriod: { + serializedName: "queryPeriod", + type: { + name: "TimeSpan" + } + }, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + triggerOperator: { + serializedName: "triggerOperator", + type: { + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + } + }, + triggerThreshold: { + serializedName: "triggerThreshold", type: { name: "Number" } }, - alertProductNames: { - serializedName: "alertProductNames", - readOnly: true, + eventGroupingSettings: { + serializedName: "eventGroupingSettings", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "EventGroupingSettings" } }, - providerIncidentUrl: { - serializedName: "providerIncidentUrl", - readOnly: true, + customDetails: { + serializedName: "customDetails", type: { - name: "String" + name: "Dictionary", + value: { type: { name: "String" } } } }, - tactics: { - serializedName: "tactics", - readOnly: true, + entityMappings: { + serializedName: "entityMappings", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "EntityMapping" } } } }, - techniques: { - serializedName: "techniques", - readOnly: true, + alertDetailsOverride: { + serializedName: "alertDetailsOverride", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "AlertDetailsOverride" } } } } }; -export const IncidentLabel: coreClient.CompositeMapper = { +export const EventGroupingSettings: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentLabel", + className: "EventGroupingSettings", modelProperties: { - labelName: { - serializedName: "labelName", - required: true, - type: { - name: "String" - } - }, - labelType: { - serializedName: "labelType", - readOnly: true, + aggregationKind: { + serializedName: "aggregationKind", type: { name: "String" } @@ -1908,37 +1742,46 @@ export const IncidentLabel: coreClient.CompositeMapper = { } }; -export const IncidentOwnerInfo: coreClient.CompositeMapper = { +export const EntityMapping: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentOwnerInfo", + className: "EntityMapping", modelProperties: { - email: { - serializedName: "email", - type: { - name: "String" - } - }, - assignedTo: { - serializedName: "assignedTo", + entityType: { + serializedName: "entityType", type: { name: "String" } }, - objectId: { - serializedName: "objectId", + fieldMappings: { + serializedName: "fieldMappings", type: { - name: "Uuid" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "FieldMapping" + } + } } - }, - userPrincipalName: { - serializedName: "userPrincipalName", + } + } + } +}; + +export const FieldMapping: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "FieldMapping", + modelProperties: { + identifier: { + serializedName: "identifier", type: { name: "String" } }, - ownerType: { - serializedName: "ownerType", + columnName: { + serializedName: "columnName", type: { name: "String" } @@ -1947,42 +1790,31 @@ export const IncidentOwnerInfo: coreClient.CompositeMapper = { } }; -export const TeamInformation: coreClient.CompositeMapper = { +export const AlertDetailsOverride: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TeamInformation", + className: "AlertDetailsOverride", modelProperties: { - teamId: { - serializedName: "teamId", - readOnly: true, + alertDisplayNameFormat: { + serializedName: "alertDisplayNameFormat", type: { name: "String" } }, - primaryChannelUrl: { - serializedName: "primaryChannelUrl", - readOnly: true, + alertDescriptionFormat: { + serializedName: "alertDescriptionFormat", type: { name: "String" } }, - teamCreationTimeUtc: { - serializedName: "teamCreationTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - name: { - serializedName: "name", - readOnly: true, + alertTacticsColumnName: { + serializedName: "alertTacticsColumnName", type: { name: "String" } }, - description: { - serializedName: "description", - readOnly: true, + alertSeverityColumnName: { + serializedName: "alertSeverityColumnName", type: { name: "String" } @@ -1991,42 +1823,56 @@ export const TeamInformation: coreClient.CompositeMapper = { } }; -export const TeamProperties: coreClient.CompositeMapper = { +export const IncidentPropertiesAction: coreClient.CompositeMapper = { type: { name: "Composite", - className: "TeamProperties", + className: "IncidentPropertiesAction", modelProperties: { - teamName: { - serializedName: "teamName", - required: true, + severity: { + serializedName: "severity", + type: { + name: "String" + } + }, + status: { + serializedName: "status", type: { name: "String" } }, - teamDescription: { - serializedName: "teamDescription", + classification: { + serializedName: "classification", type: { name: "String" } }, - memberIds: { - serializedName: "memberIds", + classificationReason: { + serializedName: "classificationReason", type: { - name: "Sequence", - element: { - type: { - name: "Uuid" - } - } + name: "String" + } + }, + classificationComment: { + serializedName: "classificationComment", + type: { + name: "String" + } + }, + owner: { + serializedName: "owner", + type: { + name: "Composite", + className: "IncidentOwnerInfo" } }, - groupIds: { - serializedName: "groupIds", + labels: { + serializedName: "labels", type: { name: "Sequence", element: { type: { - name: "Uuid" + name: "Composite", + className: "IncidentLabel" } } } @@ -2035,20 +1881,30 @@ export const TeamProperties: coreClient.CompositeMapper = { } }; -export const IncidentAlertList: coreClient.CompositeMapper = { +export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentAlertList", + className: "AutomationRulePropertyValuesCondition", modelProperties: { - value: { - serializedName: "value", - required: true, + propertyName: { + serializedName: "propertyName", + type: { + name: "String" + } + }, + operator: { + serializedName: "operator", + type: { + name: "String" + } + }, + propertyValues: { + serializedName: "propertyValues", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "SecurityAlert" + name: "String" } } } @@ -2057,154 +1913,98 @@ export const IncidentAlertList: coreClient.CompositeMapper = { } }; -export const SecurityAlertPropertiesConfidenceReasonsItem: coreClient.CompositeMapper = { +export const PlaybookActionProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem", + className: "PlaybookActionProperties", modelProperties: { - reason: { - serializedName: "reason", - readOnly: true, + logicAppResourceId: { + serializedName: "logicAppResourceId", + required: true, type: { name: "String" } }, - reasonType: { - serializedName: "reasonType", - readOnly: true, + tenantId: { + serializedName: "tenantId", type: { - name: "String" + name: "Uuid" } } } } }; -export const EntityCommonProperties: coreClient.CompositeMapper = { +export const AlertsDataTypeOfDataConnector: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityCommonProperties", + className: "AlertsDataTypeOfDataConnector", modelProperties: { - additionalData: { - serializedName: "additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "friendlyName", - readOnly: true, + alerts: { + serializedName: "alerts", type: { - name: "String" + name: "Composite", + className: "DataConnectorDataTypeCommon" } } } } }; -export const IncidentBookmarkList: coreClient.CompositeMapper = { +export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentBookmarkList", + className: "DataConnectorDataTypeCommon", modelProperties: { - value: { - serializedName: "value", - required: true, + state: { + serializedName: "state", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "HuntingBookmark" - } - } + name: "String" } } } } }; -export const IncidentCommentList: coreClient.CompositeMapper = { +export const DataConnectorWithAlertsProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentCommentList", + className: "DataConnectorWithAlertsProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", - required: true, + dataTypes: { + serializedName: "dataTypes", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentComment" - } - } + name: "Composite", + className: "AlertsDataTypeOfDataConnector" } } } } }; -export const IncidentEntitiesResponse: coreClient.CompositeMapper = { +export const AwsCloudTrailDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentEntitiesResponse", + className: "AwsCloudTrailDataConnectorDataTypes", modelProperties: { - entities: { - serializedName: "entities", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Entity" - } - } - } - }, - metaData: { - serializedName: "metaData", + logs: { + serializedName: "logs", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentEntitiesResultsMetadata" - } - } + name: "Composite", + className: "AwsCloudTrailDataConnectorDataTypesLogs" } } } } }; -export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { +export const DataConnectorTenantId: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentEntitiesResultsMetadata", + className: "DataConnectorTenantId", modelProperties: { - count: { - serializedName: "count", - required: true, - type: { - name: "Number" - } - }, - entityKind: { - serializedName: "entityKind", - required: true, + tenantId: { + serializedName: "tenantId", type: { name: "String" } @@ -2213,116 +2013,102 @@ export const IncidentEntitiesResultsMetadata: coreClient.CompositeMapper = { } }; -export const MetadataList: coreClient.CompositeMapper = { +export const TIDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataList", + className: "TIDataConnectorDataTypes", modelProperties: { - value: { - serializedName: "value", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "MetadataModel" - } - } - } - }, - nextLink: { - serializedName: "nextLink", - readOnly: true, + indicators: { + serializedName: "indicators", type: { - name: "String" + name: "Composite", + className: "TIDataConnectorDataTypesIndicators" } } } } }; -export const MetadataSource: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataSource", + className: "OfficeDataConnectorDataTypes", modelProperties: { - kind: { - serializedName: "kind", - required: true, + exchange: { + serializedName: "exchange", type: { - name: "String" + name: "Composite", + className: "OfficeDataConnectorDataTypesExchange" } }, - name: { - serializedName: "name", + sharePoint: { + serializedName: "sharePoint", type: { - name: "String" + name: "Composite", + className: "OfficeDataConnectorDataTypesSharePoint" } }, - sourceId: { - serializedName: "sourceId", + teams: { + serializedName: "teams", type: { - name: "String" + name: "Composite", + className: "OfficeDataConnectorDataTypesTeams" } } } } }; -export const MetadataAuthor: coreClient.CompositeMapper = { +export const GeoLocation: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataAuthor", + className: "GeoLocation", modelProperties: { - name: { - serializedName: "name", + asn: { + serializedName: "asn", + readOnly: true, type: { - name: "String" + name: "Number" } }, - email: { - serializedName: "email", + city: { + serializedName: "city", + readOnly: true, type: { name: "String" } }, - link: { - serializedName: "link", + countryCode: { + serializedName: "countryCode", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const MetadataSupport: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataSupport", - modelProperties: { - tier: { - serializedName: "tier", - required: true, + }, + countryName: { + serializedName: "countryName", + readOnly: true, type: { name: "String" } }, - name: { - serializedName: "name", + latitude: { + serializedName: "latitude", + readOnly: true, type: { - name: "String" + name: "Number" } }, - email: { - serializedName: "email", + longitude: { + serializedName: "longitude", + readOnly: true, type: { - name: "String" + name: "Number" } }, - link: { - serializedName: "link", + state: { + serializedName: "state", + readOnly: true, type: { name: "String" } @@ -2331,640 +2117,578 @@ export const MetadataSupport: coreClient.CompositeMapper = { } }; -export const MetadataDependencies: coreClient.CompositeMapper = { +export const ThreatIntelligence: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataDependencies", + className: "ThreatIntelligence", modelProperties: { - contentId: { - serializedName: "contentId", + confidence: { + serializedName: "confidence", + readOnly: true, type: { - name: "String" + name: "Number" } }, - kind: { - serializedName: "kind", + providerName: { + serializedName: "providerName", + readOnly: true, type: { name: "String" } }, - version: { - serializedName: "version", + reportLink: { + serializedName: "reportLink", + readOnly: true, type: { name: "String" } }, - name: { - serializedName: "name", + threatDescription: { + serializedName: "threatDescription", + readOnly: true, type: { name: "String" } }, - operator: { - serializedName: "operator", + threatName: { + serializedName: "threatName", + readOnly: true, type: { name: "String" } }, - criteria: { - serializedName: "criteria", + threatType: { + serializedName: "threatType", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "MetadataDependencies" - } - } + name: "String" } } } } }; -export const MetadataCategories: coreClient.CompositeMapper = { +export const ResourceWithEtag: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MetadataCategories", + className: "ResourceWithEtag", modelProperties: { - domains: { - serializedName: "domains", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - verticals: { - serializedName: "verticals", + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } } } } }; -export const OfficeConsentList: coreClient.CompositeMapper = { +export const ActionResponse: coreClient.CompositeMapper = { type: { name: "Composite", - className: "OfficeConsentList", + className: "ActionResponse", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + ...Resource.type.modelProperties, + etag: { + serializedName: "etag", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "OfficeConsent" - } - } + name: "String" } - } - } - } -}; + }, + workflowId: { + serializedName: "properties.workflowId", + type: { + name: "String" + } + } + } + } +}; -export const SentinelOnboardingStatesList: coreClient.CompositeMapper = { +export const AlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "AlertRuleTemplate", type: { name: "Composite", - className: "SentinelOnboardingStatesList", + className: "AlertRuleTemplate", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - value: { - serializedName: "value", + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SentinelOnboardingState" - } - } + name: "String" } } } } }; -export const SecurityMLAnalyticsSettingsList: coreClient.CompositeMapper = { +export const Entity: coreClient.CompositeMapper = { + serializedName: "Entity", type: { name: "Composite", - className: "SecurityMLAnalyticsSettingsList", + className: "Entity", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", + ...Resource.type.modelProperties, + kind: { + serializedName: "kind", required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityMLAnalyticsSetting" - } - } + name: "String" } } } } }; -export const SettingList: coreClient.CompositeMapper = { +export const ActionResponseProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SettingList", + className: "ActionResponseProperties", modelProperties: { - value: { - serializedName: "value", - required: true, + ...ActionPropertiesBase.type.modelProperties, + workflowId: { + serializedName: "workflowId", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Settings" - } - } + name: "String" } } } } }; -export const RepoList: coreClient.CompositeMapper = { +export const ActionRequestProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "RepoList", + className: "ActionRequestProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, - type: { - name: "String" - } - }, - value: { - serializedName: "value", + ...ActionPropertiesBase.type.modelProperties, + triggerUri: { + serializedName: "triggerUri", required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Repo" - } - } + name: "String" } } } } }; -export const Repo: coreClient.CompositeMapper = { +export const PropertyConditionProperties: coreClient.CompositeMapper = { + serializedName: "Property", type: { name: "Composite", - className: "Repo", + className: "PropertyConditionProperties", + uberParent: "AutomationRuleCondition", + polymorphicDiscriminator: + AutomationRuleCondition.type.polymorphicDiscriminator, modelProperties: { - url: { - serializedName: "url", - type: { - name: "String" - } - }, - fullName: { - serializedName: "fullName", - type: { - name: "String" - } - }, - branches: { - serializedName: "branches", + ...AutomationRuleCondition.type.modelProperties, + conditionProperties: { + serializedName: "conditionProperties", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "AutomationRulePropertyValuesCondition" } } } } }; -export const SourceControlList: coreClient.CompositeMapper = { +export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { + serializedName: "ModifyProperties", type: { name: "Composite", - className: "SourceControlList", + className: "AutomationRuleModifyPropertiesAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: + AutomationRuleAction.type.polymorphicDiscriminator, modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + ...AutomationRuleAction.type.modelProperties, + actionConfiguration: { + serializedName: "actionConfiguration", type: { - name: "String" + name: "Composite", + className: "IncidentPropertiesAction" } - }, - value: { - serializedName: "value", - required: true, + } + } + } +}; + +export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { + serializedName: "RunPlaybook", + type: { + name: "Composite", + className: "AutomationRuleRunPlaybookAction", + uberParent: "AutomationRuleAction", + polymorphicDiscriminator: + AutomationRuleAction.type.polymorphicDiscriminator, + modelProperties: { + ...AutomationRuleAction.type.modelProperties, + actionConfiguration: { + serializedName: "actionConfiguration", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SourceControl" - } - } + name: "Composite", + className: "PlaybookActionProperties" } } } } }; -export const Repository: coreClient.CompositeMapper = { +export const SecurityAlertProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "Repository", + className: "SecurityAlertProperties", modelProperties: { - url: { - serializedName: "url", + ...EntityCommonProperties.type.modelProperties, + alertDisplayName: { + serializedName: "alertDisplayName", + readOnly: true, type: { name: "String" } }, - branch: { - serializedName: "branch", + alertType: { + serializedName: "alertType", + readOnly: true, type: { name: "String" } }, - displayUrl: { - serializedName: "displayUrl", + compromisedEntity: { + serializedName: "compromisedEntity", + readOnly: true, type: { name: "String" } }, - deploymentLogsUrl: { - serializedName: "deploymentLogsUrl", + confidenceLevel: { + serializedName: "confidenceLevel", + readOnly: true, type: { name: "String" } }, - pathMapping: { - serializedName: "pathMapping", + confidenceReasons: { + serializedName: "confidenceReasons", + readOnly: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "ContentPathMap" + className: "SecurityAlertPropertiesConfidenceReasonsItem" } } } - } - } - } -}; - -export const ContentPathMap: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ContentPathMap", - modelProperties: { - contentType: { - serializedName: "contentType", + }, + confidenceScore: { + serializedName: "confidenceScore", + readOnly: true, type: { - name: "String" + name: "Number" } }, - path: { - serializedName: "path", + confidenceScoreStatus: { + serializedName: "confidenceScoreStatus", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const RepositoryResourceInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RepositoryResourceInfo", - modelProperties: { - webhook: { - serializedName: "webhook", + }, + description: { + serializedName: "description", + readOnly: true, type: { - name: "Composite", - className: "Webhook" + name: "String" } }, - gitHubResourceInfo: { - serializedName: "gitHubResourceInfo", + endTimeUtc: { + serializedName: "endTimeUtc", + readOnly: true, type: { - name: "Composite", - className: "GitHubResourceInfo" + name: "DateTime" } }, - azureDevOpsResourceInfo: { - serializedName: "azureDevOpsResourceInfo", + intent: { + serializedName: "intent", + readOnly: true, type: { - name: "Composite", - className: "AzureDevOpsResourceInfo" + name: "String" } - } - } - } -}; - -export const Webhook: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Webhook", - modelProperties: { - webhookId: { - serializedName: "webhookId", + }, + providerAlertId: { + serializedName: "providerAlertId", + readOnly: true, type: { name: "String" } }, - webhookUrl: { - serializedName: "webhookUrl", + processingEndTime: { + serializedName: "processingEndTime", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - webhookSecretUpdateTime: { - serializedName: "webhookSecretUpdateTime", + productComponentName: { + serializedName: "productComponentName", + readOnly: true, type: { name: "String" } }, - rotateWebhookSecret: { - serializedName: "rotateWebhookSecret", + productName: { + serializedName: "productName", + readOnly: true, type: { - name: "Boolean" + name: "String" } - } - } - } -}; - -export const GitHubResourceInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GitHubResourceInfo", - modelProperties: { - appInstallationId: { - serializedName: "appInstallationId", + }, + productVersion: { + serializedName: "productVersion", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const AzureDevOpsResourceInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AzureDevOpsResourceInfo", - modelProperties: { - pipelineId: { - serializedName: "pipelineId", + }, + remediationSteps: { + serializedName: "remediationSteps", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - serviceConnectionId: { - serializedName: "serviceConnectionId", + severity: { + serializedName: "severity", type: { name: "String" } - } - } - } -}; - -export const DeploymentInfo: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DeploymentInfo", - modelProperties: { - deploymentFetchStatus: { - serializedName: "deploymentFetchStatus", + }, + startTimeUtc: { + serializedName: "startTimeUtc", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - deployment: { - serializedName: "deployment", + status: { + serializedName: "status", + readOnly: true, type: { - name: "Composite", - className: "Deployment" + name: "String" } }, - message: { - serializedName: "message", + systemAlertId: { + serializedName: "systemAlertId", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const Deployment: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Deployment", - modelProperties: { - deploymentId: { - serializedName: "deploymentId", + }, + tactics: { + serializedName: "tactics", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - deploymentState: { - serializedName: "deploymentState", + timeGenerated: { + serializedName: "timeGenerated", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - deploymentResult: { - serializedName: "deploymentResult", + vendorName: { + serializedName: "vendorName", + readOnly: true, type: { name: "String" } }, - deploymentTime: { - serializedName: "deploymentTime", + alertLink: { + serializedName: "alertLink", + readOnly: true, type: { - name: "DateTime" + name: "String" } }, - deploymentLogsUrl: { - serializedName: "deploymentLogsUrl", + resourceIdentifiers: { + serializedName: "resourceIdentifiers", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } } } } } }; -export const ThreatIntelligenceKillChainPhase: coreClient.CompositeMapper = { +export const HuntingBookmarkProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceKillChainPhase", + className: "HuntingBookmarkProperties", modelProperties: { - killChainName: { - serializedName: "killChainName", + ...EntityCommonProperties.type.modelProperties, + created: { + serializedName: "created", type: { - name: "String" + name: "DateTime" } }, - phaseName: { - serializedName: "phaseName", + createdBy: { + serializedName: "createdBy", type: { - name: "String" + name: "Composite", + className: "UserInfo" } - } - } - } -}; - -export const ThreatIntelligenceParsedPattern: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern", - modelProperties: { - patternTypeKey: { - serializedName: "patternTypeKey", + }, + displayName: { + serializedName: "displayName", + required: true, type: { name: "String" } }, - patternTypeValues: { - serializedName: "patternTypeValues", + eventTime: { + serializedName: "eventTime", + type: { + name: "DateTime" + } + }, + labels: { + serializedName: "labels", type: { name: "Sequence", element: { type: { - name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue" + name: "String" } } } - } - } - } -}; - -export const ThreatIntelligenceParsedPatternTypeValue: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPatternTypeValue", - modelProperties: { - valueType: { - serializedName: "valueType", - type: { - name: "String" - } }, - value: { - serializedName: "value", + notes: { + serializedName: "notes", type: { name: "String" } - } - } - } -}; - -export const ThreatIntelligenceExternalReference: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference", - modelProperties: { - description: { - serializedName: "description", + }, + query: { + serializedName: "query", + required: true, type: { name: "String" } }, - externalId: { - serializedName: "externalId", + queryResult: { + serializedName: "queryResult", type: { name: "String" } }, - sourceName: { - serializedName: "sourceName", + updated: { + serializedName: "updated", type: { - name: "String" + name: "DateTime" } }, - url: { - serializedName: "url", + updatedBy: { + serializedName: "updatedBy", type: { - name: "String" + name: "Composite", + className: "UserInfo" } }, - hashes: { - serializedName: "hashes", + incidentInfo: { + serializedName: "incidentInfo", type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "Composite", + className: "IncidentInfo" } } } } }; -export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper = { +export const ThreatIntelligenceIndicatorProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel", + className: "ThreatIntelligenceIndicatorProperties", modelProperties: { - language: { - serializedName: "language", + ...EntityCommonProperties.type.modelProperties, + threatIntelligenceTags: { + serializedName: "threatIntelligenceTags", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + lastUpdatedTimeUtc: { + serializedName: "lastUpdatedTimeUtc", type: { name: "String" } }, - markingRef: { - serializedName: "markingRef", + source: { + serializedName: "source", type: { - name: "Number" + name: "String" } }, - selectors: { - serializedName: "selectors", + displayName: { + serializedName: "displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "description", + type: { + name: "String" + } + }, + indicatorTypes: { + serializedName: "indicatorTypes", type: { name: "Sequence", element: { @@ -2973,106 +2697,99 @@ export const ThreatIntelligenceGranularMarkingModel: coreClient.CompositeMapper } } } - } - } - } -}; - -export const ThreatIntelligenceInformationList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceInformationList", - modelProperties: { - nextLink: { - serializedName: "nextLink", - readOnly: true, + }, + pattern: { + serializedName: "pattern", type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + patternType: { + serializedName: "patternType", + type: { + name: "String" + } + }, + patternVersion: { + serializedName: "patternVersion", + type: { + name: "String" + } + }, + killChainPhases: { + serializedName: "killChainPhases", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ThreatIntelligenceInformation" + className: "ThreatIntelligenceKillChainPhase" } } } - } - } - } -}; - -export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceFilteringCriteria", - modelProperties: { - pageSize: { - serializedName: "pageSize", - type: { - name: "Number" - } }, - minConfidence: { - serializedName: "minConfidence", + parsedPattern: { + serializedName: "parsedPattern", type: { - name: "Number" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } } }, - maxConfidence: { - serializedName: "maxConfidence", + externalId: { + serializedName: "externalId", type: { - name: "Number" + name: "String" } }, - minValidUntil: { - serializedName: "minValidUntil", + createdByRef: { + serializedName: "createdByRef", type: { name: "String" } }, - maxValidUntil: { - serializedName: "maxValidUntil", + defanged: { + serializedName: "defanged", type: { - name: "String" + name: "Boolean" } }, - includeDisabled: { - serializedName: "includeDisabled", + externalLastUpdatedTimeUtc: { + serializedName: "externalLastUpdatedTimeUtc", type: { - name: "Boolean" + name: "String" } }, - sortBy: { - serializedName: "sortBy", + externalReferences: { + serializedName: "externalReferences", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ThreatIntelligenceSortingCriteria" + className: "ThreatIntelligenceExternalReference" } } } }, - sources: { - serializedName: "sources", + granularMarkings: { + serializedName: "granularMarkings", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" } } } }, - patternTypes: { - serializedName: "patternTypes", + labels: { + serializedName: "labels", type: { name: "Sequence", element: { @@ -3082,19 +2799,20 @@ export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { } } }, - threatTypes: { - serializedName: "threatTypes", + revoked: { + serializedName: "revoked", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Boolean" } }, - ids: { - serializedName: "ids", + confidence: { + serializedName: "confidence", + type: { + name: "Number" + } + }, + objectMarkingRefs: { + serializedName: "objectMarkingRefs", type: { name: "Sequence", element: { @@ -3104,8 +2822,14 @@ export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { } } }, - keywords: { - serializedName: "keywords", + language: { + serializedName: "language", + type: { + name: "String" + } + }, + threatTypes: { + serializedName: "threatTypes", type: { name: "Sequence", element: { @@ -3115,217 +2839,225 @@ export const ThreatIntelligenceFilteringCriteria: coreClient.CompositeMapper = { } } }, - skipToken: { - serializedName: "skipToken", + validFrom: { + serializedName: "validFrom", type: { name: "String" } - } - } - } -}; - -export const ThreatIntelligenceSortingCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceSortingCriteria", - modelProperties: { - itemKey: { - serializedName: "itemKey", + }, + validUntil: { + serializedName: "validUntil", type: { name: "String" } }, - sortOrder: { - serializedName: "sortOrder", + created: { + serializedName: "created", type: { name: "String" } - } - } - } -}; - -export const ThreatIntelligenceMetricsList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricsList", - modelProperties: { - value: { - serializedName: "value", - required: true, + }, + modified: { + serializedName: "modified", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics" - } - } + name: "String" } - } - } - } -}; - -export const ThreatIntelligenceMetrics: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetrics", - modelProperties: { - properties: { - serializedName: "properties", + }, + extensions: { + serializedName: "extensions", type: { - name: "Composite", - className: "ThreatIntelligenceMetric" + name: "Dictionary", + value: { type: { name: "any" } } } } } } }; -export const ThreatIntelligenceMetric: coreClient.CompositeMapper = { +export const AccountEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceMetric", + className: "AccountEntityProperties", modelProperties: { - lastUpdatedTimeUtc: { - serializedName: "lastUpdatedTimeUtc", + ...EntityCommonProperties.type.modelProperties, + aadTenantId: { + serializedName: "aadTenantId", + readOnly: true, type: { name: "String" } }, - threatTypeMetrics: { - serializedName: "threatTypeMetrics", + aadUserId: { + serializedName: "aadUserId", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } + name: "String" } }, - patternTypeMetrics: { - serializedName: "patternTypeMetrics", + accountName: { + serializedName: "accountName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } + name: "String" } }, - sourceMetrics: { - serializedName: "sourceMetrics", + displayName: { + serializedName: "displayName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity" - } - } + name: "String" } - } - } - } -}; - -export const ThreatIntelligenceMetricEntity: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceMetricEntity", - modelProperties: { - metricName: { - serializedName: "metricName", + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, type: { name: "String" } }, - metricValue: { - serializedName: "metricValue", + isDomainJoined: { + serializedName: "isDomainJoined", + readOnly: true, type: { - name: "Number" + name: "Boolean" + } + }, + ntDomain: { + serializedName: "ntDomain", + readOnly: true, + type: { + name: "String" + } + }, + objectGuid: { + serializedName: "objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + puid: { + serializedName: "puid", + readOnly: true, + type: { + name: "String" + } + }, + sid: { + serializedName: "sid", + readOnly: true, + type: { + name: "String" + } + }, + upnSuffix: { + serializedName: "upnSuffix", + readOnly: true, + type: { + name: "String" + } + }, + dnsDomain: { + serializedName: "dnsDomain", + readOnly: true, + type: { + name: "String" } } } } }; -export const ThreatIntelligenceAppendTags: coreClient.CompositeMapper = { +export const AzureResourceEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ThreatIntelligenceAppendTags", + className: "AzureResourceEntityProperties", modelProperties: { - threatIntelligenceTags: { - serializedName: "threatIntelligenceTags", + ...EntityCommonProperties.type.modelProperties, + resourceId: { + serializedName: "resourceId", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" + } + }, + subscriptionId: { + serializedName: "subscriptionId", + readOnly: true, + type: { + name: "String" } } } } }; -export const WatchlistList: coreClient.CompositeMapper = { +export const CloudApplicationEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistList", + className: "CloudApplicationEntityProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", + ...EntityCommonProperties.type.modelProperties, + appId: { + serializedName: "appId", + readOnly: true, + type: { + name: "Number" + } + }, + appName: { + serializedName: "appName", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + instanceName: { + serializedName: "instanceName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Watchlist" - } - } + name: "String" } } } } }; -export const WatchlistItemList: coreClient.CompositeMapper = { +export const DnsEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "WatchlistItemList", + className: "DnsEntityProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", + ...EntityCommonProperties.type.modelProperties, + dnsServerIpEntityId: { + serializedName: "dnsServerIpEntityId", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + domainName: { + serializedName: "domainName", + readOnly: true, + type: { + name: "String" + } + }, + hostIpAddressEntityId: { + serializedName: "hostIpAddressEntityId", + readOnly: true, + type: { + name: "String" + } + }, + ipAddressEntityIds: { + serializedName: "ipAddressEntityIds", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "WatchlistItem" + name: "String" } } } @@ -3334,267 +3066,273 @@ export const WatchlistItemList: coreClient.CompositeMapper = { } }; -export const DataConnectorList: coreClient.CompositeMapper = { +export const FileEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorList", + className: "FileEntityProperties", modelProperties: { - nextLink: { - serializedName: "nextLink", + ...EntityCommonProperties.type.modelProperties, + directory: { + serializedName: "directory", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + fileHashEntityIds: { + serializedName: "fileHashEntityIds", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "DataConnector" + name: "String" } } } + }, + fileName: { + serializedName: "fileName", + readOnly: true, + type: { + name: "String" + } + }, + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, + type: { + name: "String" + } } } } }; -export const DataConnectorConnectBody: coreClient.CompositeMapper = { +export const FileHashEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorConnectBody", + className: "FileHashEntityProperties", modelProperties: { - kind: { - serializedName: "kind", + ...EntityCommonProperties.type.modelProperties, + algorithm: { + serializedName: "algorithm", + readOnly: true, type: { name: "String" } }, - apiKey: { - serializedName: "apiKey", + hashValue: { + serializedName: "hashValue", + readOnly: true, type: { name: "String" } - }, - dataCollectionEndpoint: { - serializedName: "dataCollectionEndpoint", + } + } + } +}; + +export const HostEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "HostEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + azureID: { + serializedName: "azureID", + readOnly: true, type: { name: "String" } }, - dataCollectionRuleImmutableId: { - serializedName: "dataCollectionRuleImmutableId", + dnsDomain: { + serializedName: "dnsDomain", + readOnly: true, type: { name: "String" } }, - outputStream: { - serializedName: "outputStream", + hostName: { + serializedName: "hostName", + readOnly: true, type: { name: "String" } }, - clientSecret: { - serializedName: "clientSecret", + isDomainJoined: { + serializedName: "isDomainJoined", + readOnly: true, type: { - name: "String" + name: "Boolean" } }, - clientId: { - serializedName: "clientId", + netBiosName: { + serializedName: "netBiosName", + readOnly: true, type: { name: "String" } }, - authorizationCode: { - serializedName: "authorizationCode", + ntDomain: { + serializedName: "ntDomain", + readOnly: true, type: { name: "String" } }, - userName: { - serializedName: "userName", + omsAgentID: { + serializedName: "omsAgentID", + readOnly: true, type: { name: "String" } }, - password: { - serializedName: "password", + osFamily: { + serializedName: "osFamily", type: { - name: "String" + name: "Enum", + allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] } }, - requestConfigUserInputValues: { - serializedName: "requestConfigUserInputValues", + osVersion: { + serializedName: "osVersion", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } + name: "String" } } } } }; -export const DataConnectorsCheckRequirements: coreClient.CompositeMapper = { +export const IoTDeviceEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorsCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, + className: "IoTDeviceEntityProperties", modelProperties: { - kind: { - serializedName: "kind", - required: true, + ...EntityCommonProperties.type.modelProperties, + deviceId: { + serializedName: "deviceId", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const DataConnectorRequirementsState: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DataConnectorRequirementsState", - modelProperties: { - authorizationState: { - serializedName: "authorizationState", + }, + deviceName: { + serializedName: "deviceName", + readOnly: true, type: { name: "String" } }, - licenseState: { - serializedName: "licenseState", + source: { + serializedName: "source", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const OperationsList: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OperationsList", - modelProperties: { - nextLink: { - serializedName: "nextLink", + }, + iotSecurityAgentId: { + serializedName: "iotSecurityAgentId", + readOnly: true, + type: { + name: "Uuid" + } + }, + deviceType: { + serializedName: "deviceType", readOnly: true, type: { name: "String" } }, - value: { - serializedName: "value", - required: true, + vendor: { + serializedName: "vendor", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "Operation" - } - } + name: "String" } - } - } - } -}; - -export const Operation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Operation", - modelProperties: { - display: { - serializedName: "display", + }, + edgeId: { + serializedName: "edgeId", + readOnly: true, type: { - name: "Composite", - className: "OperationDisplay" + name: "String" } }, - name: { - serializedName: "name", + macAddress: { + serializedName: "macAddress", + readOnly: true, type: { name: "String" } }, - origin: { - serializedName: "origin", + model: { + serializedName: "model", + readOnly: true, type: { name: "String" } }, - isDataAction: { - serializedName: "isDataAction", + serialNumber: { + serializedName: "serialNumber", + readOnly: true, type: { - name: "Boolean" + name: "String" } - } - } - } -}; - -export const OperationDisplay: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OperationDisplay", - modelProperties: { - description: { - serializedName: "description", + }, + firmwareVersion: { + serializedName: "firmwareVersion", + readOnly: true, type: { name: "String" } }, - operation: { - serializedName: "operation", + operatingSystem: { + serializedName: "operatingSystem", + readOnly: true, type: { name: "String" } }, - provider: { - serializedName: "provider", + iotHubEntityId: { + serializedName: "iotHubEntityId", + readOnly: true, type: { name: "String" } }, - resource: { - serializedName: "resource", + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource", - modelProperties: { - connectorId: { - serializedName: "connectorId", + }, + ipAddressEntityId: { + serializedName: "ipAddressEntityId", + readOnly: true, type: { name: "String" } }, - dataTypes: { - serializedName: "dataTypes", + threatIntelligence: { + serializedName: "threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + }, + protocols: { + serializedName: "protocols", + readOnly: true, type: { name: "Sequence", element: { @@ -3608,191 +3346,201 @@ export const AlertRuleTemplateDataSource: coreClient.CompositeMapper = { } }; -export const AlertRuleTemplatePropertiesBase: coreClient.CompositeMapper = { +export const IpEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AlertRuleTemplatePropertiesBase", + className: "IpEntityProperties", modelProperties: { - alertRulesCreatedByTemplateCount: { - serializedName: "alertRulesCreatedByTemplateCount", + ...EntityCommonProperties.type.modelProperties, + address: { + serializedName: "address", + readOnly: true, type: { - name: "Number" + name: "String" } }, - lastUpdatedDateUTC: { - serializedName: "lastUpdatedDateUTC", - readOnly: true, + location: { + serializedName: "location", type: { - name: "DateTime" + name: "Composite", + className: "GeoLocation" } }, - createdDateUTC: { - serializedName: "createdDateUTC", + threatIntelligence: { + serializedName: "threatIntelligence", readOnly: true, type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } } - }, - description: { - serializedName: "description", + } + } + } +}; + +export const MailboxEntityProperties: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "MailboxEntityProperties", + modelProperties: { + ...EntityCommonProperties.type.modelProperties, + mailboxPrimaryAddress: { + serializedName: "mailboxPrimaryAddress", + readOnly: true, type: { name: "String" } }, displayName: { serializedName: "displayName", + readOnly: true, type: { name: "String" } }, - requiredDataConnectors: { - serializedName: "requiredDataConnectors", + upn: { + serializedName: "upn", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } + name: "String" } }, - status: { - serializedName: "status", + externalDirectoryObjectId: { + serializedName: "externalDirectoryObjectId", + readOnly: true, type: { - name: "String" + name: "Uuid" } } } } }; -export const QueryBasedAlertRuleTemplateProperties: coreClient.CompositeMapper = { +export const MailClusterEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "QueryBasedAlertRuleTemplateProperties", + className: "MailClusterEntityProperties", modelProperties: { - query: { - serializedName: "query", + ...EntityCommonProperties.type.modelProperties, + networkMessageIds: { + serializedName: "networkMessageIds", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - severity: { - serializedName: "severity", + countByDeliveryStatus: { + serializedName: "countByDeliveryStatus", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { type: { name: "any" } } } }, - version: { - serializedName: "version", + countByThreatType: { + serializedName: "countByThreatType", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { type: { name: "any" } } } }, - customDetails: { - serializedName: "customDetails", + countByProtectionStatus: { + serializedName: "countByProtectionStatus", + readOnly: true, type: { name: "Dictionary", - value: { type: { name: "String" } } + value: { type: { name: "any" } } } }, - entityMappings: { - serializedName: "entityMappings", + threats: { + serializedName: "threats", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityMapping" + name: "String" } } } }, - alertDetailsOverride: { - serializedName: "alertDetailsOverride", + query: { + serializedName: "query", + readOnly: true, type: { - name: "Composite", - className: "AlertDetailsOverride" + name: "String" } - } - } - } -}; - -export const EntityMapping: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityMapping", - modelProperties: { - entityType: { - serializedName: "entityType", + }, + queryTime: { + serializedName: "queryTime", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - fieldMappings: { - serializedName: "fieldMappings", + mailCount: { + serializedName: "mailCount", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FieldMapping" - } - } + name: "Number" } - } - } - } -}; - -export const FieldMapping: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FieldMapping", - modelProperties: { - identifier: { - serializedName: "identifier", + }, + isVolumeAnomaly: { + serializedName: "isVolumeAnomaly", + readOnly: true, type: { - name: "String" + name: "Boolean" } }, - columnName: { - serializedName: "columnName", + source: { + serializedName: "source", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const AlertDetailsOverride: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertDetailsOverride", - modelProperties: { - alertDisplayNameFormat: { - serializedName: "alertDisplayNameFormat", + }, + clusterSourceIdentifier: { + serializedName: "clusterSourceIdentifier", + readOnly: true, type: { name: "String" } }, - alertDescriptionFormat: { - serializedName: "alertDescriptionFormat", + clusterSourceType: { + serializedName: "clusterSourceType", + readOnly: true, type: { name: "String" } }, - alertTacticsColumnName: { - serializedName: "alertTacticsColumnName", + clusterQueryStartTime: { + serializedName: "clusterQueryStartTime", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - alertSeverityColumnName: { - serializedName: "alertSeverityColumnName", + clusterQueryEndTime: { + serializedName: "clusterQueryEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterGroup: { + serializedName: "clusterGroup", + readOnly: true, type: { name: "String" } @@ -3801,224 +3549,142 @@ export const AlertDetailsOverride: coreClient.CompositeMapper = { } }; -export const FusionSourceSettings: coreClient.CompositeMapper = { +export const MailMessageEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "FusionSourceSettings", + className: "MailMessageEntityProperties", modelProperties: { - enabled: { - serializedName: "enabled", - required: true, + ...EntityCommonProperties.type.modelProperties, + fileEntityIds: { + serializedName: "fileEntityIds", + readOnly: true, type: { - name: "Boolean" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - sourceName: { - serializedName: "sourceName", - required: true, + recipient: { + serializedName: "recipient", + readOnly: true, type: { name: "String" } }, - sourceSubTypes: { - serializedName: "sourceSubTypes", + urls: { + serializedName: "urls", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "FusionSourceSubTypeSetting" + name: "String" } } } - } - } - } -}; - -export const FusionSourceSubTypeSetting: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionSourceSubTypeSetting", - modelProperties: { - enabled: { - serializedName: "enabled", - required: true, + }, + threats: { + serializedName: "threats", + readOnly: true, type: { - name: "Boolean" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - sourceSubTypeName: { - serializedName: "sourceSubTypeName", - required: true, + p1Sender: { + serializedName: "p1Sender", + readOnly: true, type: { name: "String" } }, - sourceSubTypeDisplayName: { - serializedName: "sourceSubTypeDisplayName", + p1SenderDisplayName: { + serializedName: "p1SenderDisplayName", readOnly: true, type: { name: "String" } }, - severityFilters: { - serializedName: "severityFilters", - type: { - name: "Composite", - className: "FusionSubTypeSeverityFilter" - } - } - } - } -}; - -export const FusionSubTypeSeverityFilter: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionSubTypeSeverityFilter", - modelProperties: { - isSupported: { - serializedName: "isSupported", + p1SenderDomain: { + serializedName: "p1SenderDomain", readOnly: true, type: { - name: "Boolean" + name: "String" } }, - filters: { - serializedName: "filters", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FusionSubTypeSeverityFiltersItem" - } - } - } - } - } - } -}; - -export const FusionSubTypeSeverityFiltersItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionSubTypeSeverityFiltersItem", - modelProperties: { - severity: { - serializedName: "severity", - required: true, + senderIP: { + serializedName: "senderIP", + readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "enabled", - required: true, + p2Sender: { + serializedName: "p2Sender", + readOnly: true, type: { - name: "Boolean" + name: "String" } - } - } - } -}; - -export const FusionScenarioExclusionPattern: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionScenarioExclusionPattern", - modelProperties: { - exclusionPattern: { - serializedName: "exclusionPattern", - required: true, + }, + p2SenderDisplayName: { + serializedName: "p2SenderDisplayName", + readOnly: true, type: { name: "String" } }, - dateAddedInUTC: { - serializedName: "dateAddedInUTC", - required: true, + p2SenderDomain: { + serializedName: "p2SenderDomain", + readOnly: true, type: { name: "String" } - } - } - } -}; - -export const FusionTemplateSourceSetting: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionTemplateSourceSetting", - modelProperties: { - sourceName: { - serializedName: "sourceName", - required: true, + }, + receiveDate: { + serializedName: "receiveDate", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - sourceSubTypes: { - serializedName: "sourceSubTypes", + networkMessageId: { + serializedName: "networkMessageId", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FusionTemplateSourceSubType" - } - } + name: "Uuid" } - } - } - } -}; - -export const FusionTemplateSourceSubType: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionTemplateSourceSubType", - modelProperties: { - sourceSubTypeName: { - serializedName: "sourceSubTypeName", - required: true, + }, + internetMessageId: { + serializedName: "internetMessageId", + readOnly: true, type: { name: "String" } }, - sourceSubTypeDisplayName: { - serializedName: "sourceSubTypeDisplayName", + subject: { + serializedName: "subject", readOnly: true, type: { name: "String" } }, - severityFilter: { - serializedName: "severityFilter", + language: { + serializedName: "language", + readOnly: true, type: { - name: "Composite", - className: "FusionTemplateSubTypeSeverityFilter" - } - } - } - } -}; - -export const FusionTemplateSubTypeSeverityFilter: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FusionTemplateSubTypeSeverityFilter", - modelProperties: { - isSupported: { - serializedName: "isSupported", - required: true, - type: { - name: "Boolean" + name: "String" } }, - severityFilters: { - serializedName: "severityFilters", + threatDetectionMethods: { + serializedName: "threatDetectionMethods", + readOnly: true, type: { name: "Sequence", element: { @@ -4027,118 +3693,93 @@ export const FusionTemplateSubTypeSeverityFilter: coreClient.CompositeMapper = { } } } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleCommonProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", - modelProperties: { - displayNamesFilter: { - serializedName: "displayNamesFilter", + }, + bodyFingerprintBin1: { + serializedName: "bodyFingerprintBin1", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Number" } }, - displayNamesExcludeFilter: { - serializedName: "displayNamesExcludeFilter", + bodyFingerprintBin2: { + serializedName: "bodyFingerprintBin2", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Number" } }, - productFilter: { - serializedName: "productFilter", - required: true, + bodyFingerprintBin3: { + serializedName: "bodyFingerprintBin3", type: { - name: "String" + name: "Number" } }, - severitiesFilter: { - serializedName: "severitiesFilter", + bodyFingerprintBin4: { + serializedName: "bodyFingerprintBin4", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Number" } - } - } - } -}; - -export const IncidentConfiguration: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentConfiguration", - modelProperties: { - createIncident: { - serializedName: "createIncident", - required: true, + }, + bodyFingerprintBin5: { + serializedName: "bodyFingerprintBin5", type: { - name: "Boolean" + name: "Number" } }, - groupingConfiguration: { - serializedName: "groupingConfiguration", + antispamDirection: { + serializedName: "antispamDirection", type: { - name: "Composite", - className: "GroupingConfiguration" + name: "String" + } + }, + deliveryAction: { + serializedName: "deliveryAction", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ] + } + }, + deliveryLocation: { + serializedName: "deliveryLocation", + type: { + name: "Enum", + allowedValues: [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ] } } } } }; -export const GroupingConfiguration: coreClient.CompositeMapper = { +export const MalwareEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "GroupingConfiguration", + className: "MalwareEntityProperties", modelProperties: { - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - reopenClosedIncident: { - serializedName: "reopenClosedIncident", - required: true, - type: { - name: "Boolean" - } - }, - lookbackDuration: { - serializedName: "lookbackDuration", - required: true, - type: { - name: "TimeSpan" - } - }, - matchingMethod: { - serializedName: "matchingMethod", - required: true, + ...EntityCommonProperties.type.modelProperties, + category: { + serializedName: "category", + readOnly: true, type: { name: "String" } }, - groupByEntities: { - serializedName: "groupByEntities", + fileEntityIds: { + serializedName: "fileEntityIds", + readOnly: true, type: { name: "Sequence", element: { @@ -4148,19 +3789,16 @@ export const GroupingConfiguration: coreClient.CompositeMapper = { } } }, - groupByAlertDetails: { - serializedName: "groupByAlertDetails", + malwareName: { + serializedName: "malwareName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - groupByCustomDetails: { - serializedName: "groupByCustomDetails", + processEntityIds: { + serializedName: "processEntityIds", + readOnly: true, type: { name: "Sequence", element: { @@ -4174,92 +3812,95 @@ export const GroupingConfiguration: coreClient.CompositeMapper = { } }; -export const ScheduledAlertRuleCommonProperties: coreClient.CompositeMapper = { +export const ProcessEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ScheduledAlertRuleCommonProperties", + className: "ProcessEntityProperties", modelProperties: { - query: { - serializedName: "query", + ...EntityCommonProperties.type.modelProperties, + accountEntityId: { + serializedName: "accountEntityId", + readOnly: true, type: { name: "String" } }, - queryFrequency: { - serializedName: "queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "queryPeriod", + commandLine: { + serializedName: "commandLine", + readOnly: true, type: { - name: "TimeSpan" + name: "String" } }, - severity: { - serializedName: "severity", + creationTimeUtc: { + serializedName: "creationTimeUtc", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - triggerOperator: { - serializedName: "triggerOperator", + elevationToken: { + serializedName: "elevationToken", type: { name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + allowedValues: ["Default", "Full", "Limited"] } }, - triggerThreshold: { - serializedName: "triggerThreshold", + hostEntityId: { + serializedName: "hostEntityId", + readOnly: true, type: { - name: "Number" + name: "String" } }, - eventGroupingSettings: { - serializedName: "eventGroupingSettings", + hostLogonSessionEntityId: { + serializedName: "hostLogonSessionEntityId", + readOnly: true, type: { - name: "Composite", - className: "EventGroupingSettings" + name: "String" } }, - customDetails: { - serializedName: "customDetails", + imageFileEntityId: { + serializedName: "imageFileEntityId", + readOnly: true, type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "String" } }, - entityMappings: { - serializedName: "entityMappings", + parentProcessEntityId: { + serializedName: "parentProcessEntityId", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } + name: "String" } }, - alertDetailsOverride: { - serializedName: "alertDetailsOverride", + processId: { + serializedName: "processId", + readOnly: true, type: { - name: "Composite", - className: "AlertDetailsOverride" + name: "String" } } } } }; -export const EventGroupingSettings: coreClient.CompositeMapper = { +export const RegistryKeyEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EventGroupingSettings", + className: "RegistryKeyEntityProperties", modelProperties: { - aggregationKind: { - serializedName: "aggregationKind", + ...EntityCommonProperties.type.modelProperties, + hive: { + serializedName: "hive", + readOnly: true, + type: { + name: "String" + } + }, + key: { + serializedName: "key", + readOnly: true, type: { name: "String" } @@ -4268,77 +3909,67 @@ export const EventGroupingSettings: coreClient.CompositeMapper = { } }; -export const IncidentPropertiesAction: coreClient.CompositeMapper = { +export const RegistryValueEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "IncidentPropertiesAction", + className: "RegistryValueEntityProperties", modelProperties: { - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - status: { - serializedName: "status", + ...EntityCommonProperties.type.modelProperties, + keyEntityId: { + serializedName: "keyEntityId", + readOnly: true, type: { name: "String" } }, - classification: { - serializedName: "classification", + valueData: { + serializedName: "valueData", + readOnly: true, type: { name: "String" } }, - classificationReason: { - serializedName: "classificationReason", + valueName: { + serializedName: "valueName", + readOnly: true, type: { name: "String" } }, - classificationComment: { - serializedName: "classificationComment", + valueType: { + serializedName: "valueType", + readOnly: true, type: { name: "String" } - }, - owner: { - serializedName: "owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } } } } }; -export const AutomationRulePropertyArrayChangedValuesCondition: coreClient.CompositeMapper = { +export const SecurityGroupEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRulePropertyArrayChangedValuesCondition", + className: "SecurityGroupEntityProperties", modelProperties: { - arrayType: { - serializedName: "arrayType", + ...EntityCommonProperties.type.modelProperties, + distinguishedName: { + serializedName: "distinguishedName", + readOnly: true, type: { name: "String" } }, - changeType: { - serializedName: "changeType", + objectGuid: { + serializedName: "objectGuid", + readOnly: true, + type: { + name: "Uuid" + } + }, + sid: { + serializedName: "sid", + readOnly: true, type: { name: "String" } @@ -4347,154 +3978,95 @@ export const AutomationRulePropertyArrayChangedValuesCondition: coreClient.Compo } }; -export const AutomationRulePropertyValuesChangedCondition: coreClient.CompositeMapper = { +export const SubmissionMailEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AutomationRulePropertyValuesChangedCondition", + className: "SubmissionMailEntityProperties", modelProperties: { - propertyName: { - serializedName: "propertyName", + ...EntityCommonProperties.type.modelProperties, + networkMessageId: { + serializedName: "networkMessageId", + readOnly: true, type: { - name: "String" + name: "Uuid" } }, - changeType: { - serializedName: "changeType", + submissionId: { + serializedName: "submissionId", + readOnly: true, type: { - name: "String" + name: "Uuid" } }, - operator: { - serializedName: "operator", + submitter: { + serializedName: "submitter", + readOnly: true, type: { name: "String" } }, - propertyValues: { - serializedName: "propertyValues", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const AutomationRulePropertyValuesCondition: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRulePropertyValuesCondition", - modelProperties: { - propertyName: { - serializedName: "propertyName", + submissionDate: { + serializedName: "submissionDate", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - operator: { - serializedName: "operator", + timestamp: { + serializedName: "timestamp", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - propertyValues: { - serializedName: "propertyValues", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const PlaybookActionProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "PlaybookActionProperties", - modelProperties: { - logicAppResourceId: { - serializedName: "logicAppResourceId", + recipient: { + serializedName: "recipient", + readOnly: true, type: { name: "String" } }, - tenantId: { - serializedName: "tenantId", - type: { - name: "Uuid" - } - } - } - } -}; - -export const EntityQueryItemProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "EntityQueryItemProperties", - modelProperties: { - dataTypes: { - serializedName: "dataTypes", + sender: { + serializedName: "sender", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem" - } - } + name: "String" } }, - inputEntityType: { - serializedName: "inputEntityType", + senderIp: { + serializedName: "senderIp", + readOnly: true, type: { name: "String" } }, - requiredInputFieldsSets: { - serializedName: "requiredInputFieldsSets", + subject: { + serializedName: "subject", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } + name: "String" } }, - entitiesFilter: { - serializedName: "entitiesFilter", + reportType: { + serializedName: "reportType", + readOnly: true, type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } } } } }; -export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper = { +export const UrlEntityProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "EntityQueryItemPropertiesDataTypesItem", + className: "UrlEntityProperties", modelProperties: { - dataType: { - serializedName: "dataType", + ...EntityCommonProperties.type.modelProperties, + url: { + serializedName: "url", + readOnly: true, type: { name: "String" } @@ -4503,319 +4075,239 @@ export const EntityQueryItemPropertiesDataTypesItem: coreClient.CompositeMapper } }; -export const InsightQueryItemPropertiesTableQuery: coreClient.CompositeMapper = { +export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "InsightQueryItemPropertiesTableQuery", + className: "MicrosoftSecurityIncidentCreationAlertRuleProperties", modelProperties: { - columnsDefinitions: { - serializedName: "columnsDefinitions", + ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type + .modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" - } - } + name: "String" } }, - queriesDefinitions: { - serializedName: "queriesDefinitions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem" - } - } - } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem", - modelProperties: { - header: { - serializedName: "header", + description: { + serializedName: "description", type: { name: "String" } }, - outputType: { - serializedName: "outputType", + displayName: { + serializedName: "displayName", + required: true, type: { name: "String" } }, - supportDeepLink: { - serializedName: "supportDeepLink", + enabled: { + serializedName: "enabled", + required: true, type: { name: "Boolean" } + }, + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, + type: { + name: "DateTime" + } } } } }; -export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem: coreClient.CompositeMapper = { +export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem", + className: "ScheduledAlertRuleProperties", modelProperties: { - filter: { - serializedName: "filter", + ...ScheduledAlertRuleCommonProperties.type.modelProperties, + alertRuleTemplateName: { + serializedName: "alertRuleTemplateName", type: { name: "String" } }, - summarize: { - serializedName: "summarize", + templateVersion: { + serializedName: "templateVersion", type: { name: "String" } }, - project: { - serializedName: "project", + description: { + serializedName: "description", type: { name: "String" } }, - linkColumnsDefinitions: { - serializedName: "linkColumnsDefinitions", + displayName: { + serializedName: "displayName", + required: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem" - } - } + name: "String" } - } - } - } -}; - -export const InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", - modelProperties: { - projectedName: { - serializedName: "projectedName", + }, + enabled: { + serializedName: "enabled", + required: true, type: { - name: "String" + name: "Boolean" } }, - query: { - serializedName: "Query", + lastModifiedUtc: { + serializedName: "lastModifiedUtc", + readOnly: true, type: { - name: "String" + name: "DateTime" } - } - } - } -}; - -export const InsightQueryItemPropertiesAdditionalQuery: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesAdditionalQuery", - modelProperties: { - query: { - serializedName: "query", + }, + suppressionDuration: { + serializedName: "suppressionDuration", + required: true, type: { - name: "String" + name: "TimeSpan" } }, - text: { - serializedName: "text", + suppressionEnabled: { + serializedName: "suppressionEnabled", + required: true, type: { - name: "String" + name: "Boolean" } - } - } - } -}; - -export const InsightQueryItemPropertiesDefaultTimeRange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesDefaultTimeRange", - modelProperties: { - beforeRange: { - serializedName: "beforeRange", + }, + tactics: { + serializedName: "tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - afterRange: { - serializedName: "afterRange", + techniques: { + serializedName: "techniques", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - } - } - } -}; - -export const InsightQueryItemPropertiesReferenceTimeRange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemPropertiesReferenceTimeRange", - modelProperties: { - beforeRange: { - serializedName: "beforeRange", + }, + incidentConfiguration: { + serializedName: "incidentConfiguration", type: { - name: "String" + name: "Composite", + className: "IncidentConfiguration" } } } } }; -export const ActivityEntityQueriesPropertiesQueryDefinitions: coreClient.CompositeMapper = { +export const McasDataConnectorDataTypes: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions", + className: "McasDataConnectorDataTypes", modelProperties: { - query: { - serializedName: "query", + ...AlertsDataTypeOfDataConnector.type.modelProperties, + discoveryLogs: { + serializedName: "discoveryLogs", type: { - name: "String" + name: "Composite", + className: "DataConnectorDataTypeCommon" } } } } }; -export const ActivityEntityQueryTemplatePropertiesQueryDefinitions: coreClient.CompositeMapper = { +export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { type: { name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + className: "AwsCloudTrailDataConnectorDataTypesLogs", modelProperties: { - query: { - serializedName: "query", - type: { - name: "String" - } - }, - summarizeBy: { - serializedName: "summarizeBy", - type: { - name: "String" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const DataTypeDefinitions: coreClient.CompositeMapper = { +export const TIDataConnectorDataTypesIndicators: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataTypeDefinitions", + className: "TIDataConnectorDataTypesIndicators", modelProperties: { - dataType: { - serializedName: "dataType", - type: { - name: "String" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const SecurityMLAnalyticsSettingsDataSource: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SecurityMLAnalyticsSettingsDataSource", + className: "OfficeDataConnectorDataTypesExchange", modelProperties: { - connectorId: { - serializedName: "connectorId", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const DataConnectorTenantId: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypesSharePoint: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorTenantId", + className: "OfficeDataConnectorDataTypesSharePoint", modelProperties: { - tenantId: { - serializedName: "tenantId", - required: true, - type: { - name: "String" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const DataConnectorWithAlertsProperties: coreClient.CompositeMapper = { +export const OfficeDataConnectorDataTypesTeams: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DataConnectorWithAlertsProperties", + className: "OfficeDataConnectorDataTypesTeams", modelProperties: { - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" - } - } + ...DataConnectorDataTypeCommon.type.modelProperties } } }; -export const AlertsDataTypeOfDataConnector: coreClient.CompositeMapper = { +export const ASCDataConnectorProperties: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AlertsDataTypeOfDataConnector", + className: "ASCDataConnectorProperties", modelProperties: { - alerts: { - serializedName: "alerts", + ...DataConnectorWithAlertsProperties.type.modelProperties, + subscriptionId: { + serializedName: "subscriptionId", type: { - name: "Composite", - className: "DataConnectorDataTypeCommon" + name: "String" } } } } }; -export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { +export const AlertRule: coreClient.CompositeMapper = { + serializedName: "AlertRule", type: { name: "Composite", - className: "DataConnectorDataTypeCommon", + className: "AlertRule", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, modelProperties: { - state: { - serializedName: "state", + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", required: true, type: { name: "String" @@ -4825,6948 +4317,328 @@ export const DataConnectorDataTypeCommon: coreClient.CompositeMapper = { } }; -export const MstiDataConnectorDataTypes: coreClient.CompositeMapper = { +export const ActionRequest: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MstiDataConnectorDataTypes", + className: "ActionRequest", modelProperties: { - bingSafetyPhishingURL: { - serializedName: "bingSafetyPhishingURL", + ...ResourceWithEtag.type.modelProperties, + logicAppResourceId: { + serializedName: "properties.logicAppResourceId", type: { - name: "Composite", - className: "MstiDataConnectorDataTypesBingSafetyPhishingURL" + name: "String" } }, - microsoftEmergingThreatFeed: { - serializedName: "microsoftEmergingThreatFeed", + triggerUri: { + serializedName: "properties.triggerUri", type: { - name: "Composite", - className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed" + name: "String" } } } } }; -export const MTPDataConnectorDataTypes: coreClient.CompositeMapper = { +export const AutomationRule: coreClient.CompositeMapper = { type: { name: "Composite", - className: "MTPDataConnectorDataTypes", + className: "AutomationRule", modelProperties: { - incidents: { - serializedName: "incidents", + ...ResourceWithEtag.type.modelProperties, + displayName: { + constraints: { + MaxLength: 500 + }, + serializedName: "properties.displayName", + required: true, type: { - name: "Composite", - className: "MTPDataConnectorDataTypesIncidents" + name: "String" } - } - } - } -}; - -export const AwsCloudTrailDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", + }, + order: { + constraints: { + InclusiveMaximum: 1000, + InclusiveMinimum: 1 + }, + serializedName: "properties.order", + required: true, + type: { + name: "Number" + } + }, + triggeringLogic: { + serializedName: "properties.triggeringLogic", type: { name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypesLogs" - } - } - } - } -}; - -export const AwsS3DataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypesLogs" - } - } - } - } -}; - -export const Dynamics365DataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypes", - modelProperties: { - dynamics365CdsActivities: { - serializedName: "dynamics365CdsActivities", - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities" - } - } - } - } -}; - -export const Office365ProjectConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Office365ProjectConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", - type: { - name: "Composite", - className: "Office365ProjectConnectorDataTypesLogs" - } - } - } - } -}; - -export const OfficePowerBIConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficePowerBIConnectorDataTypes", - modelProperties: { - logs: { - serializedName: "logs", - type: { - name: "Composite", - className: "OfficePowerBIConnectorDataTypesLogs" - } - } - } - } -}; - -export const OfficeDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes", - modelProperties: { - exchange: { - serializedName: "exchange", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesExchange" - } - }, - sharePoint: { - serializedName: "sharePoint", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesSharePoint" - } - }, - teams: { - serializedName: "teams", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesTeams" - } - } - } - } -}; - -export const TIDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorDataTypes", - modelProperties: { - indicators: { - serializedName: "indicators", - type: { - name: "Composite", - className: "TIDataConnectorDataTypesIndicators" - } - } - } - } -}; - -export const TiTaxiiDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes", - modelProperties: { - taxiiClient: { - serializedName: "taxiiClient", - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypesTaxiiClient" - } - } - } - } -}; - -export const CodelessUiConnectorConfigProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties", - modelProperties: { - title: { - serializedName: "title", - required: true, - type: { - name: "String" - } - }, - publisher: { - serializedName: "publisher", - required: true, - type: { - name: "String" - } - }, - descriptionMarkdown: { - serializedName: "descriptionMarkdown", - required: true, - type: { - name: "String" - } - }, - customImage: { - serializedName: "customImage", - type: { - name: "String" - } - }, - graphQueriesTableName: { - serializedName: "graphQueriesTableName", - required: true, - type: { - name: "String" - } - }, - graphQueries: { - serializedName: "graphQueries", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem" - } - } - } - }, - sampleQueries: { - serializedName: "sampleQueries", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem" - } - } - } - }, - dataTypes: { - serializedName: "dataTypes", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesDataTypesItem" - } - } - } - }, - connectivityCriteria: { - serializedName: "connectivityCriteria", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem" - } - } - } - }, - availability: { - serializedName: "availability", - type: { - name: "Composite", - className: "Availability" - } - }, - permissions: { - serializedName: "permissions", - type: { - name: "Composite", - className: "Permissions" - } - }, - instructionSteps: { - serializedName: "instructionSteps", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: - "CodelessUiConnectorConfigPropertiesInstructionStepsItem" - } - } - } - } - } - } -}; - -export const GraphQueries: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GraphQueries", - modelProperties: { - metricName: { - serializedName: "metricName", - type: { - name: "String" - } - }, - legend: { - serializedName: "legend", - type: { - name: "String" - } - }, - baseQuery: { - serializedName: "baseQuery", - type: { - name: "String" - } - } - } - } -}; - -export const SampleQueries: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SampleQueries", - modelProperties: { - description: { - serializedName: "description", - type: { - name: "String" - } - }, - query: { - serializedName: "query", - type: { - name: "String" - } - } - } - } -}; - -export const LastDataReceivedDataType: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "LastDataReceivedDataType", - modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - lastDataReceivedQuery: { - serializedName: "lastDataReceivedQuery", - type: { - name: "String" - } - } - } - } -}; - -export const ConnectivityCriteria: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ConnectivityCriteria", - modelProperties: { - type: { - serializedName: "type", - type: { - name: "String" - } - }, - value: { - serializedName: "value", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const Availability: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Availability", - modelProperties: { - status: { - defaultValue: 1, - isConstant: true, - serializedName: "status", - type: { - name: "Number" - } - }, - isPreview: { - serializedName: "isPreview", - type: { - name: "Boolean" - } - } - } - } -}; - -export const Permissions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Permissions", - modelProperties: { - resourceProvider: { - serializedName: "resourceProvider", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "PermissionsResourceProviderItem" - } - } - } - }, - customs: { - serializedName: "customs", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "PermissionsCustomsItem" - } - } - } - } - } - } -}; - -export const ResourceProvider: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ResourceProvider", - modelProperties: { - provider: { - serializedName: "provider", - type: { - name: "String" - } - }, - permissionsDisplayText: { - serializedName: "permissionsDisplayText", - type: { - name: "String" - } - }, - providerDisplayName: { - serializedName: "providerDisplayName", - type: { - name: "String" - } - }, - scope: { - serializedName: "scope", - type: { - name: "String" - } - }, - requiredPermissions: { - serializedName: "requiredPermissions", - type: { - name: "Composite", - className: "RequiredPermissions" - } - } - } - } -}; - -export const RequiredPermissions: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RequiredPermissions", - modelProperties: { - action: { - serializedName: "action", - type: { - name: "Boolean" - } - }, - write: { - serializedName: "write", - type: { - name: "Boolean" - } - }, - read: { - serializedName: "read", - type: { - name: "Boolean" - } - }, - delete: { - serializedName: "delete", - type: { - name: "Boolean" - } - } - } - } -}; - -export const CustomsPermission: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CustomsPermission", - modelProperties: { - name: { - serializedName: "name", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - } - } - } -}; - -export const InstructionSteps: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InstructionSteps", - modelProperties: { - title: { - serializedName: "title", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - instructions: { - serializedName: "instructions", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "InstructionStepsInstructionsItem" - } - } - } - } - } - } -}; - -export const ConnectorInstructionModelBase: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ConnectorInstructionModelBase", - modelProperties: { - parameters: { - serializedName: "parameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - type: { - serializedName: "type", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingConfigProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingConfigProperties", - modelProperties: { - isActive: { - serializedName: "isActive", - type: { - name: "Boolean" - } - }, - auth: { - serializedName: "auth", - type: { - name: "Composite", - className: "CodelessConnectorPollingAuthProperties" - } - }, - request: { - serializedName: "request", - type: { - name: "Composite", - className: "CodelessConnectorPollingRequestProperties" - } - }, - paging: { - serializedName: "paging", - type: { - name: "Composite", - className: "CodelessConnectorPollingPagingProperties" - } - }, - response: { - serializedName: "response", - type: { - name: "Composite", - className: "CodelessConnectorPollingResponseProperties" - } - } - } - } -}; - -export const CodelessConnectorPollingAuthProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingAuthProperties", - modelProperties: { - authType: { - serializedName: "authType", - required: true, - type: { - name: "String" - } - }, - apiKeyName: { - serializedName: "apiKeyName", - type: { - name: "String" - } - }, - apiKeyIdentifier: { - serializedName: "apiKeyIdentifier", - type: { - name: "String" - } - }, - isApiKeyInPostPayload: { - serializedName: "isApiKeyInPostPayload", - type: { - name: "String" - } - }, - flowName: { - serializedName: "flowName", - type: { - name: "String" - } - }, - tokenEndpoint: { - serializedName: "tokenEndpoint", - type: { - name: "String" - } - }, - authorizationEndpoint: { - serializedName: "authorizationEndpoint", - type: { - name: "String" - } - }, - authorizationEndpointQueryParameters: { - serializedName: "authorizationEndpointQueryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - redirectionEndpoint: { - serializedName: "redirectionEndpoint", - type: { - name: "String" - } - }, - tokenEndpointHeaders: { - serializedName: "tokenEndpointHeaders", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - tokenEndpointQueryParameters: { - serializedName: "tokenEndpointQueryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - isClientSecretInHeader: { - serializedName: "isClientSecretInHeader", - type: { - name: "Boolean" - } - }, - scope: { - serializedName: "scope", - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingRequestProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingRequestProperties", - modelProperties: { - apiEndpoint: { - serializedName: "apiEndpoint", - required: true, - type: { - name: "String" - } - }, - rateLimitQps: { - serializedName: "rateLimitQps", - type: { - name: "Number" - } - }, - queryWindowInMin: { - serializedName: "queryWindowInMin", - required: true, - type: { - name: "Number" - } - }, - httpMethod: { - serializedName: "httpMethod", - required: true, - type: { - name: "String" - } - }, - queryTimeFormat: { - serializedName: "queryTimeFormat", - required: true, - type: { - name: "String" - } - }, - retryCount: { - serializedName: "retryCount", - type: { - name: "Number" - } - }, - timeoutInSeconds: { - serializedName: "timeoutInSeconds", - type: { - name: "Number" - } - }, - headers: { - serializedName: "headers", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - queryParameters: { - serializedName: "queryParameters", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - queryParametersTemplate: { - serializedName: "queryParametersTemplate", - type: { - name: "String" - } - }, - startTimeAttributeName: { - serializedName: "startTimeAttributeName", - type: { - name: "String" - } - }, - endTimeAttributeName: { - serializedName: "endTimeAttributeName", - type: { - name: "String" - } - } - } - } -}; - -export const CodelessConnectorPollingPagingProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingPagingProperties", - modelProperties: { - pagingType: { - serializedName: "pagingType", - required: true, - type: { - name: "String" - } - }, - nextPageParaName: { - serializedName: "nextPageParaName", - type: { - name: "String" - } - }, - nextPageTokenJsonPath: { - serializedName: "nextPageTokenJsonPath", - type: { - name: "String" - } - }, - pageCountAttributePath: { - serializedName: "pageCountAttributePath", - type: { - name: "String" - } - }, - pageTotalCountAttributePath: { - serializedName: "pageTotalCountAttributePath", - type: { - name: "String" - } - }, - pageTimeStampAttributePath: { - serializedName: "pageTimeStampAttributePath", - type: { - name: "String" - } - }, - searchTheLatestTimeStampFromEventsList: { - serializedName: "searchTheLatestTimeStampFromEventsList", - type: { - name: "String" - } - }, - pageSizeParaName: { - serializedName: "pageSizeParaName", - type: { - name: "String" - } - }, - pageSize: { - serializedName: "pageSize", - type: { - name: "Number" - } - } - } - } -}; - -export const CodelessConnectorPollingResponseProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessConnectorPollingResponseProperties", - modelProperties: { - eventsJsonPaths: { - serializedName: "eventsJsonPaths", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - successStatusJsonPath: { - serializedName: "successStatusJsonPath", - type: { - name: "String" - } - }, - successStatusValue: { - serializedName: "successStatusValue", - type: { - name: "String" - } - }, - isGzipCompressed: { - serializedName: "isGzipCompressed", - type: { - name: "Boolean" - } - } - } - } -}; - -export const ThreatIntelligence: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligence", - modelProperties: { - confidence: { - serializedName: "confidence", - readOnly: true, - type: { - name: "Number" - } - }, - providerName: { - serializedName: "providerName", - readOnly: true, - type: { - name: "String" - } - }, - reportLink: { - serializedName: "reportLink", - readOnly: true, - type: { - name: "String" - } - }, - threatDescription: { - serializedName: "threatDescription", - readOnly: true, - type: { - name: "String" - } - }, - threatName: { - serializedName: "threatName", - readOnly: true, - type: { - name: "String" - } - }, - threatType: { - serializedName: "threatType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const GeoLocation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "GeoLocation", - modelProperties: { - asn: { - serializedName: "asn", - readOnly: true, - type: { - name: "Number" - } - }, - city: { - serializedName: "city", - readOnly: true, - type: { - name: "String" - } - }, - countryCode: { - serializedName: "countryCode", - readOnly: true, - type: { - name: "String" - } - }, - countryName: { - serializedName: "countryName", - readOnly: true, - type: { - name: "String" - } - }, - latitude: { - serializedName: "latitude", - readOnly: true, - type: { - name: "Number" - } - }, - longitude: { - serializedName: "longitude", - readOnly: true, - type: { - name: "Number" - } - }, - state: { - serializedName: "state", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const ResourceWithEtag: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ResourceWithEtag", - modelProperties: { - ...Resource.type.modelProperties, - etag: { - serializedName: "etag", - type: { - name: "String" - } - } - } - } -}; - -export const AlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "AlertRuleTemplate", - type: { - name: "Composite", - className: "AlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Entity: coreClient.CompositeMapper = { - serializedName: "Entity", - type: { - name: "Composite", - className: "Entity", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const EntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "EntityQueryTemplate", - type: { - name: "Composite", - className: "EntityQueryTemplate", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...Resource.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const OfficeConsent: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeConsent", - modelProperties: { - ...Resource.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - consentId: { - serializedName: "properties.consentId", - type: { - name: "String" - } - } - } - } -}; - -export const ActionResponseProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionResponseProperties", - modelProperties: { - ...ActionPropertiesBase.type.modelProperties, - workflowId: { - serializedName: "workflowId", - type: { - name: "String" - } - } - } - } -}; - -export const ActionRequestProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionRequestProperties", - modelProperties: { - ...ActionPropertiesBase.type.modelProperties, - triggerUri: { - serializedName: "triggerUri", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const PropertyArrayChangedConditionProperties: coreClient.CompositeMapper = { - serializedName: "PropertyArrayChanged", - type: { - name: "Composite", - className: "PropertyArrayChangedConditionProperties", - uberParent: "AutomationRuleCondition", - polymorphicDiscriminator: - AutomationRuleCondition.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", - type: { - name: "Composite", - className: "AutomationRulePropertyArrayChangedValuesCondition" - } - } - } - } -}; - -export const PropertyChangedConditionProperties: coreClient.CompositeMapper = { - serializedName: "PropertyChanged", - type: { - name: "Composite", - className: "PropertyChangedConditionProperties", - uberParent: "AutomationRuleCondition", - polymorphicDiscriminator: - AutomationRuleCondition.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", - type: { - name: "Composite", - className: "AutomationRulePropertyValuesChangedCondition" - } - } - } - } -}; - -export const PropertyConditionProperties: coreClient.CompositeMapper = { - serializedName: "Property", - type: { - name: "Composite", - className: "PropertyConditionProperties", - uberParent: "AutomationRuleCondition", - polymorphicDiscriminator: - AutomationRuleCondition.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleCondition.type.modelProperties, - conditionProperties: { - serializedName: "conditionProperties", - type: { - name: "Composite", - className: "AutomationRulePropertyValuesCondition" - } - } - } - } -}; - -export const AutomationRuleModifyPropertiesAction: coreClient.CompositeMapper = { - serializedName: "ModifyProperties", - type: { - name: "Composite", - className: "AutomationRuleModifyPropertiesAction", - uberParent: "AutomationRuleAction", - polymorphicDiscriminator: - AutomationRuleAction.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", - type: { - name: "Composite", - className: "IncidentPropertiesAction" - } - } - } - } -}; - -export const AutomationRuleRunPlaybookAction: coreClient.CompositeMapper = { - serializedName: "RunPlaybook", - type: { - name: "Composite", - className: "AutomationRuleRunPlaybookAction", - uberParent: "AutomationRuleAction", - polymorphicDiscriminator: - AutomationRuleAction.type.polymorphicDiscriminator, - modelProperties: { - ...AutomationRuleAction.type.modelProperties, - actionConfiguration: { - serializedName: "actionConfiguration", - type: { - name: "Composite", - className: "PlaybookActionProperties" - } - } - } - } -}; - -export const ActivityTimelineItem: coreClient.CompositeMapper = { - serializedName: "Activity", - type: { - name: "Composite", - className: "ActivityTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - queryId: { - serializedName: "queryId", - required: true, - type: { - name: "String" - } - }, - bucketStartTimeUTC: { - serializedName: "bucketStartTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - bucketEndTimeUTC: { - serializedName: "bucketEndTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - firstActivityTimeUTC: { - serializedName: "firstActivityTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - lastActivityTimeUTC: { - serializedName: "lastActivityTimeUTC", - required: true, - type: { - name: "DateTime" - } - }, - content: { - serializedName: "content", - required: true, - type: { - name: "String" - } - }, - title: { - serializedName: "title", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const BookmarkTimelineItem: coreClient.CompositeMapper = { - serializedName: "Bookmark", - type: { - name: "Composite", - className: "BookmarkTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - azureResourceId: { - serializedName: "azureResourceId", - required: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - notes: { - serializedName: "notes", - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - type: { - name: "DateTime" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - type: { - name: "DateTime" - } - }, - eventTime: { - serializedName: "eventTime", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const AnomalyTimelineItem: coreClient.CompositeMapper = { - serializedName: "Anomaly", - type: { - name: "Composite", - className: "AnomalyTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - azureResourceId: { - serializedName: "azureResourceId", - required: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "productName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - timeGenerated: { - serializedName: "timeGenerated", - required: true, - type: { - name: "DateTime" - } - }, - vendor: { - serializedName: "vendor", - type: { - name: "String" - } - }, - intent: { - serializedName: "intent", - type: { - name: "String" - } - }, - techniques: { - serializedName: "techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - reasons: { - serializedName: "reasons", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const SecurityAlertTimelineItem: coreClient.CompositeMapper = { - serializedName: "SecurityAlert", - type: { - name: "Composite", - className: "SecurityAlertTimelineItem", - uberParent: "EntityTimelineItem", - polymorphicDiscriminator: EntityTimelineItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityTimelineItem.type.modelProperties, - azureResourceId: { - serializedName: "azureResourceId", - required: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "productName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - required: true, - type: { - name: "DateTime" - } - }, - timeGenerated: { - serializedName: "timeGenerated", - required: true, - type: { - name: "DateTime" - } - }, - alertType: { - serializedName: "alertType", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const InsightQueryItem: coreClient.CompositeMapper = { - serializedName: "Insight", - type: { - name: "Composite", - className: "InsightQueryItem", - uberParent: "EntityQueryItem", - polymorphicDiscriminator: EntityQueryItem.type.polymorphicDiscriminator, - modelProperties: { - ...EntityQueryItem.type.modelProperties, - properties: { - serializedName: "properties", - type: { - name: "Composite", - className: "InsightQueryItemProperties" - } - } - } - } -}; - -export const SecurityAlertProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SecurityAlertProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - alertDisplayName: { - serializedName: "alertDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - alertType: { - serializedName: "alertType", - readOnly: true, - type: { - name: "String" - } - }, - compromisedEntity: { - serializedName: "compromisedEntity", - readOnly: true, - type: { - name: "String" - } - }, - confidenceLevel: { - serializedName: "confidenceLevel", - readOnly: true, - type: { - name: "String" - } - }, - confidenceReasons: { - serializedName: "confidenceReasons", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem" - } - } - } - }, - confidenceScore: { - serializedName: "confidenceScore", - readOnly: true, - type: { - name: "Number" - } - }, - confidenceScoreStatus: { - serializedName: "confidenceScoreStatus", - readOnly: true, - type: { - name: "String" - } - }, - description: { - serializedName: "description", - readOnly: true, - type: { - name: "String" - } - }, - endTimeUtc: { - serializedName: "endTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - intent: { - serializedName: "intent", - readOnly: true, - type: { - name: "String" - } - }, - providerAlertId: { - serializedName: "providerAlertId", - readOnly: true, - type: { - name: "String" - } - }, - processingEndTime: { - serializedName: "processingEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - productComponentName: { - serializedName: "productComponentName", - readOnly: true, - type: { - name: "String" - } - }, - productName: { - serializedName: "productName", - readOnly: true, - type: { - name: "String" - } - }, - productVersion: { - serializedName: "productVersion", - readOnly: true, - type: { - name: "String" - } - }, - remediationSteps: { - serializedName: "remediationSteps", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "severity", - type: { - name: "String" - } - }, - startTimeUtc: { - serializedName: "startTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - status: { - serializedName: "status", - readOnly: true, - type: { - name: "String" - } - }, - systemAlertId: { - serializedName: "systemAlertId", - readOnly: true, - type: { - name: "String" - } - }, - tactics: { - serializedName: "tactics", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - timeGenerated: { - serializedName: "timeGenerated", - readOnly: true, - type: { - name: "DateTime" - } - }, - vendorName: { - serializedName: "vendorName", - readOnly: true, - type: { - name: "String" - } - }, - alertLink: { - serializedName: "alertLink", - readOnly: true, - type: { - name: "String" - } - }, - resourceIdentifiers: { - serializedName: "resourceIdentifiers", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } - } - } -}; - -export const HuntingBookmarkProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "HuntingBookmarkProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - created: { - serializedName: "created", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - eventTime: { - serializedName: "eventTime", - type: { - name: "DateTime" - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - notes: { - serializedName: "notes", - type: { - name: "String" - } - }, - query: { - serializedName: "query", - required: true, - type: { - name: "String" - } - }, - queryResult: { - serializedName: "queryResult", - type: { - name: "String" - } - }, - updated: { - serializedName: "updated", - type: { - name: "DateTime" - } - }, - updatedBy: { - serializedName: "updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - incidentInfo: { - serializedName: "incidentInfo", - type: { - name: "Composite", - className: "IncidentInfo" - } - } - } - } -}; - -export const ThreatIntelligenceIndicatorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceIndicatorProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - threatIntelligenceTags: { - serializedName: "threatIntelligenceTags", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - lastUpdatedTimeUtc: { - serializedName: "lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "source", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - indicatorTypes: { - serializedName: "indicatorTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - pattern: { - serializedName: "pattern", - type: { - name: "String" - } - }, - patternType: { - serializedName: "patternType", - type: { - name: "String" - } - }, - patternVersion: { - serializedName: "patternVersion", - type: { - name: "String" - } - }, - killChainPhases: { - serializedName: "killChainPhases", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase" - } - } - } - }, - parsedPattern: { - serializedName: "parsedPattern", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern" - } - } - } - }, - externalId: { - serializedName: "externalId", - type: { - name: "String" - } - }, - createdByRef: { - serializedName: "createdByRef", - type: { - name: "String" - } - }, - defanged: { - serializedName: "defanged", - type: { - name: "Boolean" - } - }, - externalLastUpdatedTimeUtc: { - serializedName: "externalLastUpdatedTimeUtc", - type: { - name: "String" - } - }, - externalReferences: { - serializedName: "externalReferences", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference" - } - } - } - }, - granularMarkings: { - serializedName: "granularMarkings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel" - } - } - } - }, - labels: { - serializedName: "labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - revoked: { - serializedName: "revoked", - type: { - name: "Boolean" - } - }, - confidence: { - serializedName: "confidence", - type: { - name: "Number" - } - }, - objectMarkingRefs: { - serializedName: "objectMarkingRefs", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - language: { - serializedName: "language", - type: { - name: "String" - } - }, - threatTypes: { - serializedName: "threatTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - validFrom: { - serializedName: "validFrom", - type: { - name: "String" - } - }, - validUntil: { - serializedName: "validUntil", - type: { - name: "String" - } - }, - created: { - serializedName: "created", - type: { - name: "String" - } - }, - modified: { - serializedName: "modified", - type: { - name: "String" - } - }, - extensions: { - serializedName: "extensions", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const AccountEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AccountEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - aadTenantId: { - serializedName: "aadTenantId", - readOnly: true, - type: { - name: "String" - } - }, - aadUserId: { - serializedName: "aadUserId", - readOnly: true, - type: { - name: "String" - } - }, - accountName: { - serializedName: "accountName", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - ntDomain: { - serializedName: "ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - puid: { - serializedName: "puid", - readOnly: true, - type: { - name: "String" - } - }, - sid: { - serializedName: "sid", - readOnly: true, - type: { - name: "String" - } - }, - upnSuffix: { - serializedName: "upnSuffix", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "dnsDomain", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const AzureResourceEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AzureResourceEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - resourceId: { - serializedName: "resourceId", - readOnly: true, - type: { - name: "String" - } - }, - subscriptionId: { - serializedName: "subscriptionId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const CloudApplicationEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CloudApplicationEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - appId: { - serializedName: "appId", - readOnly: true, - type: { - name: "Number" - } - }, - appName: { - serializedName: "appName", - readOnly: true, - type: { - name: "String" - } - }, - instanceName: { - serializedName: "instanceName", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const DnsEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "DnsEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - dnsServerIpEntityId: { - serializedName: "dnsServerIpEntityId", - readOnly: true, - type: { - name: "String" - } - }, - domainName: { - serializedName: "domainName", - readOnly: true, - type: { - name: "String" - } - }, - hostIpAddressEntityId: { - serializedName: "hostIpAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityIds: { - serializedName: "ipAddressEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const FileEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FileEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - directory: { - serializedName: "directory", - readOnly: true, - type: { - name: "String" - } - }, - fileHashEntityIds: { - serializedName: "fileHashEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - fileName: { - serializedName: "fileName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const FileHashEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "FileHashEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - algorithm: { - serializedName: "algorithm", - readOnly: true, - type: { - name: "String" - } - }, - hashValue: { - serializedName: "hashValue", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const HostEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "HostEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - azureID: { - serializedName: "azureID", - readOnly: true, - type: { - name: "String" - } - }, - dnsDomain: { - serializedName: "dnsDomain", - readOnly: true, - type: { - name: "String" - } - }, - hostName: { - serializedName: "hostName", - readOnly: true, - type: { - name: "String" - } - }, - isDomainJoined: { - serializedName: "isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - netBiosName: { - serializedName: "netBiosName", - readOnly: true, - type: { - name: "String" - } - }, - ntDomain: { - serializedName: "ntDomain", - readOnly: true, - type: { - name: "String" - } - }, - omsAgentID: { - serializedName: "omsAgentID", - readOnly: true, - type: { - name: "String" - } - }, - osFamily: { - serializedName: "osFamily", - type: { - name: "Enum", - allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] - } - }, - osVersion: { - serializedName: "osVersion", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const IoTDeviceEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IoTDeviceEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - deviceId: { - serializedName: "deviceId", - readOnly: true, - type: { - name: "String" - } - }, - deviceName: { - serializedName: "deviceName", - readOnly: true, - type: { - name: "String" - } - }, - source: { - serializedName: "source", - readOnly: true, - type: { - name: "String" - } - }, - iotSecurityAgentId: { - serializedName: "iotSecurityAgentId", - readOnly: true, - type: { - name: "Uuid" - } - }, - deviceType: { - serializedName: "deviceType", - readOnly: true, - type: { - name: "String" - } - }, - vendor: { - serializedName: "vendor", - readOnly: true, - type: { - name: "String" - } - }, - edgeId: { - serializedName: "edgeId", - readOnly: true, - type: { - name: "String" - } - }, - macAddress: { - serializedName: "macAddress", - readOnly: true, - type: { - name: "String" - } - }, - model: { - serializedName: "model", - readOnly: true, - type: { - name: "String" - } - }, - serialNumber: { - serializedName: "serialNumber", - readOnly: true, - type: { - name: "String" - } - }, - firmwareVersion: { - serializedName: "firmwareVersion", - readOnly: true, - type: { - name: "String" - } - }, - operatingSystem: { - serializedName: "operatingSystem", - readOnly: true, - type: { - name: "String" - } - }, - iotHubEntityId: { - serializedName: "iotHubEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityId: { - serializedName: "ipAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligence: { - serializedName: "threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - }, - protocols: { - serializedName: "protocols", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - owners: { - serializedName: "owners", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - nicEntityIds: { - serializedName: "nicEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - site: { - serializedName: "site", - readOnly: true, - type: { - name: "String" - } - }, - zone: { - serializedName: "zone", - readOnly: true, - type: { - name: "String" - } - }, - sensor: { - serializedName: "sensor", - readOnly: true, - type: { - name: "String" - } - }, - deviceSubType: { - serializedName: "deviceSubType", - readOnly: true, - type: { - name: "String" - } - }, - importance: { - serializedName: "importance", - type: { - name: "String" - } - }, - purdueLayer: { - serializedName: "purdueLayer", - readOnly: true, - type: { - name: "String" - } - }, - isAuthorized: { - serializedName: "isAuthorized", - readOnly: true, - type: { - name: "Boolean" - } - }, - isProgramming: { - serializedName: "isProgramming", - readOnly: true, - type: { - name: "Boolean" - } - }, - isScanner: { - serializedName: "isScanner", - readOnly: true, - type: { - name: "Boolean" - } - } - } - } -}; - -export const IpEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IpEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - address: { - serializedName: "address", - readOnly: true, - type: { - name: "String" - } - }, - location: { - serializedName: "location", - type: { - name: "Composite", - className: "GeoLocation" - } - }, - threatIntelligence: { - serializedName: "threatIntelligence", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligence" - } - } - } - } - } - } -}; - -export const MailboxEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailboxEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - mailboxPrimaryAddress: { - serializedName: "mailboxPrimaryAddress", - readOnly: true, - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - readOnly: true, - type: { - name: "String" - } - }, - upn: { - serializedName: "upn", - readOnly: true, - type: { - name: "String" - } - }, - externalDirectoryObjectId: { - serializedName: "externalDirectoryObjectId", - readOnly: true, - type: { - name: "Uuid" - } - } - } - } -}; - -export const MailClusterEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailClusterEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - networkMessageIds: { - serializedName: "networkMessageIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - countByDeliveryStatus: { - serializedName: "countByDeliveryStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByThreatType: { - serializedName: "countByThreatType", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - countByProtectionStatus: { - serializedName: "countByProtectionStatus", - readOnly: true, - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - threats: { - serializedName: "threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - query: { - serializedName: "query", - readOnly: true, - type: { - name: "String" - } - }, - queryTime: { - serializedName: "queryTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - mailCount: { - serializedName: "mailCount", - readOnly: true, - type: { - name: "Number" - } - }, - isVolumeAnomaly: { - serializedName: "isVolumeAnomaly", - readOnly: true, - type: { - name: "Boolean" - } - }, - source: { - serializedName: "source", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceIdentifier: { - serializedName: "clusterSourceIdentifier", - readOnly: true, - type: { - name: "String" - } - }, - clusterSourceType: { - serializedName: "clusterSourceType", - readOnly: true, - type: { - name: "String" - } - }, - clusterQueryStartTime: { - serializedName: "clusterQueryStartTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterQueryEndTime: { - serializedName: "clusterQueryEndTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - clusterGroup: { - serializedName: "clusterGroup", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const MailMessageEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MailMessageEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - fileEntityIds: { - serializedName: "fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - recipient: { - serializedName: "recipient", - readOnly: true, - type: { - name: "String" - } - }, - urls: { - serializedName: "urls", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threats: { - serializedName: "threats", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - p1Sender: { - serializedName: "p1Sender", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDisplayName: { - serializedName: "p1SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p1SenderDomain: { - serializedName: "p1SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - senderIP: { - serializedName: "senderIP", - readOnly: true, - type: { - name: "String" - } - }, - p2Sender: { - serializedName: "p2Sender", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDisplayName: { - serializedName: "p2SenderDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - p2SenderDomain: { - serializedName: "p2SenderDomain", - readOnly: true, - type: { - name: "String" - } - }, - receiveDate: { - serializedName: "receiveDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - networkMessageId: { - serializedName: "networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - internetMessageId: { - serializedName: "internetMessageId", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "subject", - readOnly: true, - type: { - name: "String" - } - }, - language: { - serializedName: "language", - readOnly: true, - type: { - name: "String" - } - }, - threatDetectionMethods: { - serializedName: "threatDetectionMethods", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - bodyFingerprintBin1: { - serializedName: "bodyFingerprintBin1", - type: { - name: "Number" - } - }, - bodyFingerprintBin2: { - serializedName: "bodyFingerprintBin2", - type: { - name: "Number" - } - }, - bodyFingerprintBin3: { - serializedName: "bodyFingerprintBin3", - type: { - name: "Number" - } - }, - bodyFingerprintBin4: { - serializedName: "bodyFingerprintBin4", - type: { - name: "Number" - } - }, - bodyFingerprintBin5: { - serializedName: "bodyFingerprintBin5", - type: { - name: "Number" - } - }, - antispamDirection: { - serializedName: "antispamDirection", - type: { - name: "String" - } - }, - deliveryAction: { - serializedName: "deliveryAction", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "DeliveredAsSpam", - "Delivered", - "Blocked", - "Replaced" - ] - } - }, - deliveryLocation: { - serializedName: "deliveryLocation", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "Inbox", - "JunkFolder", - "DeletedFolder", - "Quarantine", - "External", - "Failed", - "Dropped", - "Forwarded" - ] - } - } - } - } -}; - -export const MalwareEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MalwareEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - category: { - serializedName: "category", - readOnly: true, - type: { - name: "String" - } - }, - fileEntityIds: { - serializedName: "fileEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - malwareName: { - serializedName: "malwareName", - readOnly: true, - type: { - name: "String" - } - }, - processEntityIds: { - serializedName: "processEntityIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ProcessEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ProcessEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - accountEntityId: { - serializedName: "accountEntityId", - readOnly: true, - type: { - name: "String" - } - }, - commandLine: { - serializedName: "commandLine", - readOnly: true, - type: { - name: "String" - } - }, - creationTimeUtc: { - serializedName: "creationTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - elevationToken: { - serializedName: "elevationToken", - type: { - name: "Enum", - allowedValues: ["Default", "Full", "Limited"] - } - }, - hostEntityId: { - serializedName: "hostEntityId", - readOnly: true, - type: { - name: "String" - } - }, - hostLogonSessionEntityId: { - serializedName: "hostLogonSessionEntityId", - readOnly: true, - type: { - name: "String" - } - }, - imageFileEntityId: { - serializedName: "imageFileEntityId", - readOnly: true, - type: { - name: "String" - } - }, - parentProcessEntityId: { - serializedName: "parentProcessEntityId", - readOnly: true, - type: { - name: "String" - } - }, - processId: { - serializedName: "processId", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryKeyEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RegistryKeyEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - hive: { - serializedName: "hive", - readOnly: true, - type: { - name: "String" - } - }, - key: { - serializedName: "key", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const RegistryValueEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "RegistryValueEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - keyEntityId: { - serializedName: "keyEntityId", - readOnly: true, - type: { - name: "String" - } - }, - valueData: { - serializedName: "valueData", - readOnly: true, - type: { - name: "String" - } - }, - valueName: { - serializedName: "valueName", - readOnly: true, - type: { - name: "String" - } - }, - valueType: { - serializedName: "valueType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SecurityGroupEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SecurityGroupEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - distinguishedName: { - serializedName: "distinguishedName", - readOnly: true, - type: { - name: "String" - } - }, - objectGuid: { - serializedName: "objectGuid", - readOnly: true, - type: { - name: "Uuid" - } - }, - sid: { - serializedName: "sid", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const SubmissionMailEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SubmissionMailEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - networkMessageId: { - serializedName: "networkMessageId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submissionId: { - serializedName: "submissionId", - readOnly: true, - type: { - name: "Uuid" - } - }, - submitter: { - serializedName: "submitter", - readOnly: true, - type: { - name: "String" - } - }, - submissionDate: { - serializedName: "submissionDate", - readOnly: true, - type: { - name: "DateTime" - } - }, - timestamp: { - serializedName: "timestamp", - readOnly: true, - type: { - name: "DateTime" - } - }, - recipient: { - serializedName: "recipient", - readOnly: true, - type: { - name: "String" - } - }, - sender: { - serializedName: "sender", - readOnly: true, - type: { - name: "String" - } - }, - senderIp: { - serializedName: "senderIp", - readOnly: true, - type: { - name: "String" - } - }, - subject: { - serializedName: "subject", - readOnly: true, - type: { - name: "String" - } - }, - reportType: { - serializedName: "reportType", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const UrlEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "UrlEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - url: { - serializedName: "url", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const NicEntityProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "NicEntityProperties", - modelProperties: { - ...EntityCommonProperties.type.modelProperties, - macAddress: { - serializedName: "macAddress", - readOnly: true, - type: { - name: "String" - } - }, - ipAddressEntityId: { - serializedName: "ipAddressEntityId", - readOnly: true, - type: { - name: "String" - } - }, - vlans: { - serializedName: "vlans", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const AADCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", - type: { - name: "Composite", - className: "AADCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const AatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureAdvancedThreatProtection", - type: { - name: "Composite", - className: "AatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const ASCCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AzureSecurityCenter", - type: { - name: "Composite", - className: "ASCCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AwsCloudTrailCheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesCloudTrail", - type: { - name: "Composite", - className: "AwsCloudTrailCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const AwsS3CheckRequirements: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirements: coreClient.CompositeMapper = { - serializedName: "Dynamics365", - type: { - name: "Composite", - className: "Dynamics365CheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const McasCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftCloudAppSecurity", - type: { - name: "Composite", - className: "McasCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MdatpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MstiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const MtpCheckRequirements: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", - type: { - name: "Composite", - className: "MtpCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeATPCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeATP", - type: { - name: "Composite", - className: "OfficeATPCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficeIRMCheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const Office365ProjectCheckRequirements: coreClient.CompositeMapper = { - serializedName: "Office365Project", - type: { - name: "Composite", - className: "Office365ProjectCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const OfficePowerBICheckRequirements: coreClient.CompositeMapper = { - serializedName: "OfficePowerBI", - type: { - name: "Composite", - className: "OfficePowerBICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TICheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TICheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const TiTaxiiCheckRequirements: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - } - } - } -}; - -export const IoTCheckRequirements: coreClient.CompositeMapper = { - serializedName: "IOT", - type: { - name: "Composite", - className: "IoTCheckRequirements", - uberParent: "DataConnectorsCheckRequirements", - polymorphicDiscriminator: - DataConnectorsCheckRequirements.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnectorsCheckRequirements.type.modelProperties, - subscriptionId: { - serializedName: "properties.subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const AlertRuleTemplateWithMitreProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AlertRuleTemplateWithMitreProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplatePropertiesBase.type.modelProperties, - displayNamesFilter: { - serializedName: "displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "displayNamesExcludeFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - productFilter: { - serializedName: "productFilter", - type: { - name: "String" - } - }, - severitiesFilter: { - serializedName: "severitiesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const NrtAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "NrtAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplateWithMitreProperties.type.modelProperties, - ...QueryBasedAlertRuleTemplateProperties.type.modelProperties - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleProperties", - modelProperties: { - ...MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.type - .modelProperties, - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - } - } - } -}; - -export const ScheduledAlertRuleProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ScheduledAlertRuleProperties", - modelProperties: { - ...ScheduledAlertRuleCommonProperties.type.modelProperties, - alertRuleTemplateName: { - serializedName: "alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "templateVersion", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "displayName", - required: true, - type: { - name: "String" - } - }, - enabled: { - serializedName: "enabled", - required: true, - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "lastModifiedUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - suppressionDuration: { - serializedName: "suppressionDuration", - required: true, - type: { - name: "TimeSpan" - } - }, - suppressionEnabled: { - serializedName: "suppressionEnabled", - required: true, - type: { - name: "Boolean" - } - }, - tactics: { - serializedName: "tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - incidentConfiguration: { - serializedName: "incidentConfiguration", - type: { - name: "Composite", - className: "IncidentConfiguration" - } - } - } - } -}; - -export const InsightQueryItemProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InsightQueryItemProperties", - modelProperties: { - ...EntityQueryItemProperties.type.modelProperties, - displayName: { - serializedName: "displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "description", - type: { - name: "String" - } - }, - baseQuery: { - serializedName: "baseQuery", - type: { - name: "String" - } - }, - tableQuery: { - serializedName: "tableQuery", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesTableQuery" - } - }, - chartQuery: { - serializedName: "chartQuery", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - additionalQuery: { - serializedName: "additionalQuery", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesAdditionalQuery" - } - }, - defaultTimeRange: { - serializedName: "defaultTimeRange", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesDefaultTimeRange" - } - }, - referenceTimeRange: { - serializedName: "referenceTimeRange", - type: { - name: "Composite", - className: "InsightQueryItemPropertiesReferenceTimeRange" - } - } - } - } -}; - -export const AADCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AADCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const AatpCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AatpCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const Dynamics365CheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365CheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const McasCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MdatpCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MdatpCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MstiCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const MTPCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const OfficeATPCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeATPCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const OfficeIRMCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeIRMCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const Office365ProjectCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Office365ProjectCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const OfficePowerBICheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficePowerBICheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const TICheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TICheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const TiTaxiiCheckRequirementsProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiCheckRequirementsProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties - } - } -}; - -export const AADDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AADDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const MstiDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "MstiDataConnectorDataTypes" - } - } - } - } -}; - -export const MTPDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "MTPDataConnectorDataTypes" - } - } - } - } -}; - -export const AatpDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AatpDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const McasDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "McasDataConnectorDataTypes" - } - } - } - } -}; - -export const Dynamics365DataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypes" - } - } - } - } -}; - -export const OfficeATPDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeATPDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const Office365ProjectDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Office365ProjectDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "Office365ProjectConnectorDataTypes" - } - } - } - } -}; - -export const OfficePowerBIDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficePowerBIDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "OfficePowerBIConnectorDataTypes" - } - } - } - } -}; - -export const OfficeIRMDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeIRMDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const MdatpDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MdatpDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - ...DataConnectorWithAlertsProperties.type.modelProperties - } - } -}; - -export const OfficeDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes" - } - } - } - } -}; - -export const TIDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - tipLookbackPeriod: { - serializedName: "tipLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "TIDataConnectorDataTypes" - } - } - } - } -}; - -export const TiTaxiiDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorProperties", - modelProperties: { - ...DataConnectorTenantId.type.modelProperties, - workspaceId: { - serializedName: "workspaceId", - type: { - name: "String" - } - }, - friendlyName: { - serializedName: "friendlyName", - type: { - name: "String" - } - }, - taxiiServer: { - serializedName: "taxiiServer", - type: { - name: "String" - } - }, - collectionId: { - serializedName: "collectionId", - type: { - name: "String" - } - }, - userName: { - serializedName: "userName", - type: { - name: "String" - } - }, - password: { - serializedName: "password", - type: { - name: "String" - } - }, - taxiiLookbackPeriod: { - serializedName: "taxiiLookbackPeriod", - nullable: true, - type: { - name: "DateTime" - } - }, - pollingFrequency: { - serializedName: "pollingFrequency", - required: true, - nullable: true, - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "dataTypes", - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes" - } - } - } - } -}; - -export const ASCDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ASCDataConnectorProperties", - modelProperties: { - ...DataConnectorWithAlertsProperties.type.modelProperties, - subscriptionId: { - serializedName: "subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const IoTDataConnectorProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IoTDataConnectorProperties", - modelProperties: { - ...DataConnectorWithAlertsProperties.type.modelProperties, - subscriptionId: { - serializedName: "subscriptionId", - type: { - name: "String" - } - } - } - } -}; - -export const McasDataConnectorDataTypes: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "McasDataConnectorDataTypes", - modelProperties: { - ...AlertsDataTypeOfDataConnector.type.modelProperties, - discoveryLogs: { - serializedName: "discoveryLogs", - type: { - name: "Composite", - className: "DataConnectorDataTypeCommon" - } - } - } - } -}; - -export const MstiDataConnectorDataTypesBingSafetyPhishingURL: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesBingSafetyPhishingURL", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties, - lookbackPeriod: { - serializedName: "lookbackPeriod", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties, - lookbackPeriod: { - serializedName: "lookbackPeriod", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MTPDataConnectorDataTypesIncidents: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MTPDataConnectorDataTypesIncidents", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const AwsCloudTrailDataConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsCloudTrailDataConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const AwsS3DataConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const Dynamics365DataConnectorDataTypesDynamics365CdsActivities: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const Office365ProjectConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Office365ProjectConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficePowerBIConnectorDataTypesLogs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficePowerBIConnectorDataTypesLogs", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesExchange: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesExchange", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesSharePoint: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesSharePoint", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const OfficeDataConnectorDataTypesTeams: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypesTeams", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const TIDataConnectorDataTypesIndicators: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TIDataConnectorDataTypesIndicators", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const TiTaxiiDataConnectorDataTypesTaxiiClient: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypesTaxiiClient", - modelProperties: { - ...DataConnectorDataTypeCommon.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesGraphQueriesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesGraphQueriesItem", - modelProperties: { - ...GraphQueries.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesSampleQueriesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesSampleQueriesItem", - modelProperties: { - ...SampleQueries.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesDataTypesItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesDataTypesItem", - modelProperties: { - ...LastDataReceivedDataType.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem", - modelProperties: { - ...ConnectivityCriteria.type.modelProperties - } - } -}; - -export const PermissionsResourceProviderItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "PermissionsResourceProviderItem", - modelProperties: { - ...ResourceProvider.type.modelProperties - } - } -}; - -export const Customs: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Customs", - modelProperties: { - ...CustomsPermission.type.modelProperties - } - } -}; - -export const CodelessUiConnectorConfigPropertiesInstructionStepsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "CodelessUiConnectorConfigPropertiesInstructionStepsItem", - modelProperties: { - ...InstructionSteps.type.modelProperties - } - } -}; - -export const InstructionStepsInstructionsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "InstructionStepsInstructionsItem", - modelProperties: { - ...ConnectorInstructionModelBase.type.modelProperties - } - } -}; - -export const AlertRule: coreClient.CompositeMapper = { - serializedName: "AlertRule", - type: { - name: "Composite", - className: "AlertRule", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const ActionResponse: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionResponse", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - logicAppResourceId: { - serializedName: "properties.logicAppResourceId", - type: { - name: "String" - } - }, - workflowId: { - serializedName: "properties.workflowId", - type: { - name: "String" - } - } - } - } -}; - -export const ActionRequest: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ActionRequest", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - logicAppResourceId: { - serializedName: "properties.logicAppResourceId", - type: { - name: "String" - } - }, - triggerUri: { - serializedName: "properties.triggerUri", - type: { - name: "String" - } - } - } - } -}; - -export const AutomationRule: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "AutomationRule", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - displayName: { - constraints: { - MaxLength: 500 - }, - serializedName: "properties.displayName", - required: true, - type: { - name: "String" - } - }, - order: { - constraints: { - InclusiveMaximum: 1000, - InclusiveMinimum: 1 - }, - serializedName: "properties.order", - required: true, - type: { - name: "Number" - } - }, - triggeringLogic: { - serializedName: "properties.triggeringLogic", - type: { - name: "Composite", - className: "AutomationRuleTriggeringLogic" - } - }, - actions: { - constraints: { - MaxItems: 20 - }, - serializedName: "properties.actions", - required: true, - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AutomationRuleAction" - } - } - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedBy: { - serializedName: "properties.lastModifiedBy", - type: { - name: "Composite", - className: "ClientInfo" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "ClientInfo" - } - } - } - } -}; - -export const Bookmark: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Bookmark", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - notes: { - serializedName: "properties.notes", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - queryResult: { - serializedName: "properties.queryResult", - type: { - name: "String" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - eventTime: { - serializedName: "properties.eventTime", - type: { - name: "DateTime" - } - }, - queryStartTime: { - serializedName: "properties.queryStartTime", - type: { - name: "DateTime" - } - }, - queryEndTime: { - serializedName: "properties.queryEndTime", - type: { - name: "DateTime" - } - }, - incidentInfo: { - serializedName: "properties.incidentInfo", - type: { - name: "Composite", - className: "IncidentInfo" - } - }, - entityMappings: { - serializedName: "properties.entityMappings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "BookmarkEntityMappings" - } - } - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const Relation: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Relation", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - relatedResourceId: { - serializedName: "properties.relatedResourceId", - type: { - name: "String" - } - }, - relatedResourceName: { - serializedName: "properties.relatedResourceName", - readOnly: true, - type: { - name: "String" - } - }, - relatedResourceType: { - serializedName: "properties.relatedResourceType", - readOnly: true, - type: { - name: "String" - } - }, - relatedResourceKind: { - serializedName: "properties.relatedResourceKind", - readOnly: true, - type: { - name: "String" - } - } - } - } -}; - -export const EntityQuery: coreClient.CompositeMapper = { - serializedName: "EntityQuery", - type: { - name: "Composite", - className: "EntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const CustomEntityQuery: coreClient.CompositeMapper = { - serializedName: "CustomEntityQuery", - type: { - name: "Composite", - className: "CustomEntityQuery", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Incident: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Incident", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - type: { - name: "Composite", - className: "IncidentAdditionalData" - } - }, - classification: { - serializedName: "properties.classification", - type: { - name: "String" - } - }, - classificationComment: { - serializedName: "properties.classificationComment", - type: { - name: "String" - } - }, - classificationReason: { - serializedName: "properties.classificationReason", - type: { - name: "String" - } - }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - firstActivityTimeUtc: { - serializedName: "properties.firstActivityTimeUtc", - type: { - name: "DateTime" - } - }, - incidentUrl: { - serializedName: "properties.incidentUrl", - readOnly: true, - type: { - name: "String" - } - }, - incidentNumber: { - serializedName: "properties.incidentNumber", - readOnly: true, - type: { - name: "Number" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "IncidentLabel" - } - } - } - }, - providerName: { - serializedName: "properties.providerName", - type: { - name: "String" - } - }, - providerIncidentId: { - serializedName: "properties.providerIncidentId", - type: { - name: "String" - } - }, - lastActivityTimeUtc: { - serializedName: "properties.lastActivityTimeUtc", - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - owner: { - serializedName: "properties.owner", - type: { - name: "Composite", - className: "IncidentOwnerInfo" - } - }, - relatedAnalyticRuleIds: { - serializedName: "properties.relatedAnalyticRuleIds", - readOnly: true, - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - teamInformation: { - serializedName: "properties.teamInformation", - type: { - name: "Composite", - className: "TeamInformation" - } - }, - title: { - serializedName: "properties.title", - type: { - name: "String" - } - } - } - } -}; - -export const IncidentComment: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "IncidentComment", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", - readOnly: true, - type: { - name: "DateTime" - } - }, - message: { - serializedName: "properties.message", - type: { - name: "String" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "ClientInfo" - } - } - } - } -}; - -export const MetadataModel: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataModel", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - contentId: { - serializedName: "properties.contentId", - type: { - name: "String" - } - }, - parentId: { - serializedName: "properties.parentId", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - kind: { - serializedName: "properties.kind", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "Composite", - className: "MetadataSource" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "MetadataAuthor" - } - }, - support: { - serializedName: "properties.support", - type: { - name: "Composite", - className: "MetadataSupport" - } - }, - dependencies: { - serializedName: "properties.dependencies", - type: { - name: "Composite", - className: "MetadataDependencies" - } - }, - categories: { - serializedName: "properties.categories", - type: { - name: "Composite", - className: "MetadataCategories" - } - }, - providers: { - serializedName: "properties.providers", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - firstPublishDate: { - serializedName: "properties.firstPublishDate", - type: { - name: "Date" - } - }, - lastPublishDate: { - serializedName: "properties.lastPublishDate", - type: { - name: "Date" - } - }, - customVersion: { - serializedName: "properties.customVersion", - type: { - name: "String" - } - }, - contentSchemaVersion: { - serializedName: "properties.contentSchemaVersion", - type: { - name: "String" - } - }, - icon: { - serializedName: "properties.icon", - type: { - name: "String" - } - }, - threatAnalysisTactics: { - serializedName: "properties.threatAnalysisTactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threatAnalysisTechniques: { - serializedName: "properties.threatAnalysisTechniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - previewImages: { - serializedName: "properties.previewImages", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - previewImagesDark: { - serializedName: "properties.previewImagesDark", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const MetadataPatch: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MetadataPatch", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - contentId: { - serializedName: "properties.contentId", - type: { - name: "String" - } - }, - parentId: { - serializedName: "properties.parentId", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - kind: { - serializedName: "properties.kind", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "Composite", - className: "MetadataSource" - } - }, - author: { - serializedName: "properties.author", - type: { - name: "Composite", - className: "MetadataAuthor" - } - }, - support: { - serializedName: "properties.support", - type: { - name: "Composite", - className: "MetadataSupport" - } - }, - dependencies: { - serializedName: "properties.dependencies", - type: { - name: "Composite", - className: "MetadataDependencies" - } - }, - categories: { - serializedName: "properties.categories", - type: { - name: "Composite", - className: "MetadataCategories" - } - }, - providers: { - serializedName: "properties.providers", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - firstPublishDate: { - serializedName: "properties.firstPublishDate", - type: { - name: "Date" - } - }, - lastPublishDate: { - serializedName: "properties.lastPublishDate", - type: { - name: "Date" - } - }, - customVersion: { - serializedName: "properties.customVersion", - type: { - name: "String" - } - }, - contentSchemaVersion: { - serializedName: "properties.contentSchemaVersion", - type: { - name: "String" - } - }, - icon: { - serializedName: "properties.icon", - type: { - name: "String" - } - }, - threatAnalysisTactics: { - serializedName: "properties.threatAnalysisTactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - threatAnalysisTechniques: { - serializedName: "properties.threatAnalysisTechniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - previewImages: { - serializedName: "properties.previewImages", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - previewImagesDark: { - serializedName: "properties.previewImagesDark", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const SentinelOnboardingState: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SentinelOnboardingState", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - customerManagedKey: { - serializedName: "properties.customerManagedKey", - type: { - name: "Boolean" - } - } - } - } -}; - -export const SecurityMLAnalyticsSetting: coreClient.CompositeMapper = { - serializedName: "SecurityMLAnalyticsSetting", - type: { - name: "Composite", - className: "SecurityMLAnalyticsSetting", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Settings: coreClient.CompositeMapper = { - serializedName: "Settings", - type: { - name: "Composite", - className: "Settings", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const SourceControl: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "SourceControl", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - idPropertiesId: { - serializedName: "properties.id", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - repoType: { - serializedName: "properties.repoType", - type: { - name: "String" - } - }, - contentTypes: { - serializedName: "properties.contentTypes", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - repository: { - serializedName: "properties.repository", - type: { - name: "Composite", - className: "Repository" - } - }, - repositoryResourceInfo: { - serializedName: "properties.repositoryResourceInfo", - type: { - name: "Composite", - className: "RepositoryResourceInfo" - } - }, - lastDeploymentInfo: { - serializedName: "properties.lastDeploymentInfo", - type: { - name: "Composite", - className: "DeploymentInfo" - } - } - } - } -}; - -export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceInformation", - type: { - name: "Composite", - className: "ThreatIntelligenceInformation", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const Watchlist: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "Watchlist", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - watchlistId: { - serializedName: "properties.watchlistId", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - provider: { - serializedName: "properties.provider", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "String" - } - }, - sourceType: { - serializedName: "properties.sourceType", - type: { - name: "String" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - watchlistType: { - serializedName: "properties.watchlistType", - type: { - name: "String" - } - }, - watchlistAlias: { - serializedName: "properties.watchlistAlias", - type: { - name: "String" - } - }, - isDeleted: { - serializedName: "properties.isDeleted", - type: { - name: "Boolean" - } - }, - labels: { - serializedName: "properties.labels", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - defaultDuration: { - serializedName: "properties.defaultDuration", - type: { - name: "TimeSpan" - } - }, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - numberOfLinesToSkip: { - serializedName: "properties.numberOfLinesToSkip", - type: { - name: "Number" - } - }, - rawContent: { - serializedName: "properties.rawContent", - type: { - name: "String" - } - }, - itemsSearchKey: { - serializedName: "properties.itemsSearchKey", - type: { - name: "String" - } - }, - contentType: { - serializedName: "properties.contentType", - type: { - name: "String" - } - }, - uploadStatus: { - serializedName: "properties.uploadStatus", - type: { - name: "String" - } - } - } - } -}; - -export const WatchlistItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "WatchlistItem", - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - watchlistItemType: { - serializedName: "properties.watchlistItemType", - type: { - name: "String" - } - }, - watchlistItemId: { - serializedName: "properties.watchlistItemId", - type: { - name: "String" - } - }, - tenantId: { - serializedName: "properties.tenantId", - type: { - name: "String" - } - }, - isDeleted: { - serializedName: "properties.isDeleted", - type: { - name: "Boolean" - } - }, - created: { - serializedName: "properties.created", - type: { - name: "DateTime" - } - }, - updated: { - serializedName: "properties.updated", - type: { - name: "DateTime" - } - }, - createdBy: { - serializedName: "properties.createdBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - updatedBy: { - serializedName: "properties.updatedBy", - type: { - name: "Composite", - className: "UserInfo" - } - }, - itemsKeyValue: { - serializedName: "properties.itemsKeyValue", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - entityMapping: { - serializedName: "properties.entityMapping", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - } - } - } -}; - -export const DataConnector: coreClient.CompositeMapper = { - serializedName: "DataConnector", - type: { - name: "Composite", - className: "DataConnector", - uberParent: "Resource", - polymorphicDiscriminator: { - serializedName: "kind", - clientName: "kind" - }, - modelProperties: { - ...ResourceWithEtag.type.modelProperties, - kind: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const MLBehaviorAnalyticsAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "MLBehaviorAnalytics", - type: { - name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - } - } - } -}; - -export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "Fusion", - type: { - name: "Composite", - className: "FusionAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - sourceSettings: { - serializedName: "properties.sourceSettings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FusionTemplateSourceSetting" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - } - } - } -}; - -export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "MicrosoftSecurityIncidentCreation", - type: { - name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - displayNamesFilter: { - serializedName: "properties.displayNamesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayNamesExcludeFilter: { - serializedName: "properties.displayNamesExcludeFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - productFilter: { - serializedName: "properties.productFilter", - type: { - name: "String" - } - }, - severitiesFilter: { - serializedName: "properties.severitiesFilter", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } - } - } -}; - -export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "Scheduled", - type: { - name: "Composite", - className: "ScheduledAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", - readOnly: true, - type: { - name: "DateTime" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - queryFrequency: { - serializedName: "properties.queryFrequency", - type: { - name: "TimeSpan" - } - }, - queryPeriod: { - serializedName: "properties.queryPeriod", - type: { - name: "TimeSpan" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - triggerOperator: { - serializedName: "properties.triggerOperator", - type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] - } - }, - triggerThreshold: { - serializedName: "properties.triggerThreshold", - type: { - name: "Number" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - eventGroupingSettings: { - serializedName: "properties.eventGroupingSettings", - type: { - name: "Composite", - className: "EventGroupingSettings" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } + className: "AutomationRuleTriggeringLogic" } }, - entityMappings: { - serializedName: "properties.entityMappings", + actions: { + constraints: { + MaxItems: 20 + }, + serializedName: "properties.actions", + required: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "EntityMapping" + className: "AutomationRuleAction" } } } }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - } - } - } -}; - -export const NrtAlertRuleTemplate: coreClient.CompositeMapper = { - serializedName: "NRT", - type: { - name: "Composite", - className: "NrtAlertRuleTemplate", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRuleTemplate.type.modelProperties, - alertRulesCreatedByTemplateCount: { - serializedName: "properties.alertRulesCreatedByTemplateCount", - type: { - name: "Number" - } - }, - lastUpdatedDateUTC: { - serializedName: "properties.lastUpdatedDateUTC", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", readOnly: true, type: { name: "DateTime" } }, - createdDateUTC: { - serializedName: "properties.createdDateUTC", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { name: "DateTime" } }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "AlertRuleTemplateDataSource" - } - } - } - }, - status: { - serializedName: "properties.status", - type: { - name: "String" - } - }, - tactics: { - serializedName: "properties.tactics", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - techniques: { - serializedName: "properties.techniques", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - query: { - serializedName: "properties.query", - type: { - name: "String" - } - }, - severity: { - serializedName: "properties.severity", - type: { - name: "String" - } - }, - version: { - serializedName: "properties.version", - type: { - name: "String" - } - }, - customDetails: { - serializedName: "properties.customDetails", - type: { - name: "Dictionary", - value: { type: { name: "String" } } - } - }, - entityMappings: { - serializedName: "properties.entityMappings", + lastModifiedBy: { + serializedName: "properties.lastModifiedBy", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } + name: "Composite", + className: "ClientInfo" } }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", + createdBy: { + serializedName: "properties.createdBy", type: { name: "Composite", - className: "AlertDetailsOverride" + className: "ClientInfo" } } } } }; -export const SecurityAlert: coreClient.CompositeMapper = { - serializedName: "SecurityAlert", +export const Bookmark: coreClient.CompositeMapper = { type: { name: "Composite", - className: "SecurityAlert", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + className: "Bookmark", modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } - }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - alertDisplayName: { - serializedName: "properties.alertDisplayName", - readOnly: true, - type: { - name: "String" - } - }, - alertType: { - serializedName: "properties.alertType", - readOnly: true, + ...ResourceWithEtag.type.modelProperties, + created: { + serializedName: "properties.created", type: { - name: "String" + name: "DateTime" } }, - compromisedEntity: { - serializedName: "properties.compromisedEntity", - readOnly: true, + createdBy: { + serializedName: "properties.createdBy", type: { - name: "String" + name: "Composite", + className: "UserInfo" } }, - confidenceLevel: { - serializedName: "properties.confidenceLevel", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - confidenceReasons: { - serializedName: "properties.confidenceReasons", - readOnly: true, + labels: { + serializedName: "properties.labels", type: { name: "Sequence", element: { - type: { - name: "Composite", - className: "SecurityAlertPropertiesConfidenceReasonsItem" + type: { + name: "String" } } } }, - confidenceScore: { - serializedName: "properties.confidenceScore", - readOnly: true, + notes: { + serializedName: "properties.notes", type: { - name: "Number" + name: "String" } }, - confidenceScoreStatus: { - serializedName: "properties.confidenceScoreStatus", - readOnly: true, + query: { + serializedName: "properties.query", type: { name: "String" } }, - description: { - serializedName: "properties.description", - readOnly: true, + queryResult: { + serializedName: "properties.queryResult", type: { name: "String" } }, - endTimeUtc: { - serializedName: "properties.endTimeUtc", - readOnly: true, + updated: { + serializedName: "properties.updated", type: { name: "DateTime" } }, - intent: { - serializedName: "properties.intent", - readOnly: true, + updatedBy: { + serializedName: "properties.updatedBy", type: { - name: "String" + name: "Composite", + className: "UserInfo" } }, - providerAlertId: { - serializedName: "properties.providerAlertId", - readOnly: true, + eventTime: { + serializedName: "properties.eventTime", type: { - name: "String" + name: "DateTime" } }, - processingEndTime: { - serializedName: "properties.processingEndTime", - readOnly: true, + queryStartTime: { + serializedName: "properties.queryStartTime", type: { name: "DateTime" } }, - productComponentName: { - serializedName: "properties.productComponentName", - readOnly: true, + queryEndTime: { + serializedName: "properties.queryEndTime", type: { - name: "String" + name: "DateTime" } }, - productName: { - serializedName: "properties.productName", - readOnly: true, + incidentInfo: { + serializedName: "properties.incidentInfo", type: { - name: "String" + name: "Composite", + className: "IncidentInfo" } - }, - productVersion: { - serializedName: "properties.productVersion", - readOnly: true, + } + } + } +}; + +export const DataConnector: coreClient.CompositeMapper = { + serializedName: "DataConnector", + type: { + name: "Composite", + className: "DataConnector", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, type: { name: "String" } - }, - remediationSteps: { - serializedName: "properties.remediationSteps", - readOnly: true, + } + } + } +}; + +export const Incident: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Incident", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Composite", + className: "IncidentAdditionalData" } }, - severity: { - serializedName: "properties.severity", + classification: { + serializedName: "properties.classification", type: { name: "String" } }, - startTimeUtc: { - serializedName: "properties.startTimeUtc", - readOnly: true, + classificationComment: { + serializedName: "properties.classificationComment", type: { - name: "DateTime" + name: "String" } }, - status: { - serializedName: "properties.status", - readOnly: true, + classificationReason: { + serializedName: "properties.classificationReason", type: { name: "String" } }, - systemAlertId: { - serializedName: "properties.systemAlertId", + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - tactics: { - serializedName: "properties.tactics", - readOnly: true, + description: { + serializedName: "properties.description", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - timeGenerated: { - serializedName: "properties.timeGenerated", - readOnly: true, + firstActivityTimeUtc: { + serializedName: "properties.firstActivityTimeUtc", type: { name: "DateTime" } }, - vendorName: { - serializedName: "properties.vendorName", + incidentUrl: { + serializedName: "properties.incidentUrl", readOnly: true, type: { name: "String" } }, - alertLink: { - serializedName: "properties.alertLink", + incidentNumber: { + serializedName: "properties.incidentNumber", readOnly: true, type: { - name: "String" + name: "Number" } }, - resourceIdentifiers: { - serializedName: "properties.resourceIdentifiers", - readOnly: true, + labels: { + serializedName: "properties.labels", type: { name: "Sequence", element: { type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "Composite", + className: "IncidentLabel" } } } - } - } - } -}; - -export const HuntingBookmark: coreClient.CompositeMapper = { - serializedName: "Bookmark", - type: { - name: "Composite", - className: "HuntingBookmark", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + lastActivityTimeUtc: { + serializedName: "properties.lastActivityTimeUtc", type: { - name: "String" + name: "DateTime" } }, - created: { - serializedName: "properties.created", + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, type: { name: "DateTime" } }, - createdBy: { - serializedName: "properties.createdBy", + owner: { + serializedName: "properties.owner", type: { name: "Composite", - className: "UserInfo" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - eventTime: { - serializedName: "properties.eventTime", - type: { - name: "DateTime" + className: "IncidentOwnerInfo" } }, - labels: { - serializedName: "properties.labels", + relatedAnalyticRuleIds: { + serializedName: "properties.relatedAnalyticRuleIds", + readOnly: true, type: { name: "Sequence", element: { @@ -11776,249 +4648,270 @@ export const HuntingBookmark: coreClient.CompositeMapper = { } } }, - notes: { - serializedName: "properties.notes", + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - query: { - serializedName: "properties.query", + status: { + serializedName: "properties.status", type: { name: "String" } }, - queryResult: { - serializedName: "properties.queryResult", + title: { + serializedName: "properties.title", type: { name: "String" } - }, - updated: { - serializedName: "properties.updated", + } + } + } +}; + +export const IncidentComment: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "IncidentComment", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + createdTimeUtc: { + serializedName: "properties.createdTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + lastModifiedTimeUtc: { + serializedName: "properties.lastModifiedTimeUtc", + readOnly: true, type: { name: "DateTime" } }, - updatedBy: { - serializedName: "properties.updatedBy", + message: { + serializedName: "properties.message", type: { - name: "Composite", - className: "UserInfo" + name: "String" } }, - incidentInfo: { - serializedName: "properties.incidentInfo", + author: { + serializedName: "properties.author", type: { name: "Composite", - className: "IncidentInfo" + className: "ClientInfo" } } } } }; -export const AccountEntity: coreClient.CompositeMapper = { - serializedName: "Account", +export const Relation: coreClient.CompositeMapper = { type: { name: "Composite", - className: "AccountEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + className: "Relation", modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + ...ResourceWithEtag.type.modelProperties, + relatedResourceId: { + serializedName: "properties.relatedResourceId", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "String" } }, - friendlyName: { - serializedName: "properties.friendlyName", + relatedResourceName: { + serializedName: "properties.relatedResourceName", readOnly: true, type: { name: "String" } }, - aadTenantId: { - serializedName: "properties.aadTenantId", + relatedResourceType: { + serializedName: "properties.relatedResourceType", readOnly: true, type: { name: "String" } }, - aadUserId: { - serializedName: "properties.aadUserId", + relatedResourceKind: { + serializedName: "properties.relatedResourceKind", readOnly: true, type: { name: "String" } - }, - accountName: { - serializedName: "properties.accountName", - readOnly: true, + } + } + } +}; + +export const SentinelOnboardingState: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "SentinelOnboardingState", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + customerManagedKey: { + serializedName: "properties.customerManagedKey", + type: { + name: "Boolean" + } + } + } + } +}; + +export const ThreatIntelligenceInformation: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligenceInformation", + type: { + name: "Composite", + className: "ThreatIntelligenceInformation", + uberParent: "Resource", + polymorphicDiscriminator: { + serializedName: "kind", + clientName: "kind" + }, + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + kind: { + serializedName: "kind", + required: true, + type: { + name: "String" + } + } + } + } +}; + +export const Watchlist: coreClient.CompositeMapper = { + type: { + name: "Composite", + className: "Watchlist", + modelProperties: { + ...ResourceWithEtag.type.modelProperties, + watchlistId: { + serializedName: "properties.watchlistId", type: { name: "String" } }, displayName: { serializedName: "properties.displayName", - readOnly: true, type: { name: "String" } }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, + provider: { + serializedName: "properties.provider", type: { name: "String" } }, - isDomainJoined: { - serializedName: "properties.isDomainJoined", - readOnly: true, + source: { + serializedName: "properties.source", type: { - name: "Boolean" + name: "String" } }, - ntDomain: { - serializedName: "properties.ntDomain", - readOnly: true, + created: { + serializedName: "properties.created", type: { - name: "String" + name: "DateTime" } }, - objectGuid: { - serializedName: "properties.objectGuid", - readOnly: true, + updated: { + serializedName: "properties.updated", type: { - name: "Uuid" + name: "DateTime" } }, - puid: { - serializedName: "properties.puid", - readOnly: true, + createdBy: { + serializedName: "properties.createdBy", type: { - name: "String" + name: "Composite", + className: "UserInfo" } }, - sid: { - serializedName: "properties.sid", - readOnly: true, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + description: { + serializedName: "properties.description", type: { name: "String" } }, - upnSuffix: { - serializedName: "properties.upnSuffix", - readOnly: true, + watchlistType: { + serializedName: "properties.watchlistType", type: { name: "String" } }, - dnsDomain: { - serializedName: "properties.dnsDomain", - readOnly: true, + watchlistAlias: { + serializedName: "properties.watchlistAlias", type: { name: "String" } - } - } - } -}; - -export const AzureResourceEntity: coreClient.CompositeMapper = { - serializedName: "AzureResource", - type: { - name: "Composite", - className: "AzureResourceEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + }, + isDeleted: { + serializedName: "properties.isDeleted", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "Boolean" } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + labels: { + serializedName: "properties.labels", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - resourceId: { - serializedName: "properties.resourceId", - readOnly: true, + defaultDuration: { + serializedName: "properties.defaultDuration", type: { - name: "String" + name: "TimeSpan" } }, - subscriptionId: { - serializedName: "properties.subscriptionId", - readOnly: true, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } - } - } - } -}; - -export const CloudApplicationEntity: coreClient.CompositeMapper = { - serializedName: "CloudApplication", - type: { - name: "Composite", - className: "CloudApplicationEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + }, + numberOfLinesToSkip: { + serializedName: "properties.numberOfLinesToSkip", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "Number" } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + rawContent: { + serializedName: "properties.rawContent", type: { name: "String" } }, - appId: { - serializedName: "properties.appId", - readOnly: true, + itemsSearchKey: { + serializedName: "properties.itemsSearchKey", type: { - name: "Number" + name: "String" } }, - appName: { - serializedName: "properties.appName", - readOnly: true, + contentType: { + serializedName: "properties.contentType", type: { name: "String" } - }, - instanceName: { - serializedName: "properties.instanceName", - readOnly: true, + }, + uploadStatus: { + serializedName: "properties.uploadStatus", type: { name: "String" } @@ -12027,635 +4920,665 @@ export const CloudApplicationEntity: coreClient.CompositeMapper = { } }; -export const DnsEntity: coreClient.CompositeMapper = { - serializedName: "DnsResolution", +export const WatchlistItem: coreClient.CompositeMapper = { type: { name: "Composite", - className: "DnsEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + className: "WatchlistItem", modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + ...ResourceWithEtag.type.modelProperties, + watchlistItemType: { + serializedName: "properties.watchlistItemType", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "String" } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + watchlistItemId: { + serializedName: "properties.watchlistItemId", type: { name: "String" } }, - dnsServerIpEntityId: { - serializedName: "properties.dnsServerIpEntityId", - readOnly: true, + tenantId: { + serializedName: "properties.tenantId", type: { name: "String" } }, - domainName: { - serializedName: "properties.domainName", - readOnly: true, + isDeleted: { + serializedName: "properties.isDeleted", type: { - name: "String" + name: "Boolean" } }, - hostIpAddressEntityId: { - serializedName: "properties.hostIpAddressEntityId", - readOnly: true, + created: { + serializedName: "properties.created", type: { - name: "String" + name: "DateTime" } }, - ipAddressEntityIds: { - serializedName: "properties.ipAddressEntityIds", - readOnly: true, + updated: { + serializedName: "properties.updated", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "DateTime" + } + }, + createdBy: { + serializedName: "properties.createdBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + updatedBy: { + serializedName: "properties.updatedBy", + type: { + name: "Composite", + className: "UserInfo" + } + }, + itemsKeyValue: { + serializedName: "properties.itemsKeyValue", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + }, + entityMapping: { + serializedName: "properties.entityMapping", + type: { + name: "Dictionary", + value: { type: { name: "any" } } } } } } }; -export const FileEntity: coreClient.CompositeMapper = { - serializedName: "File", +export const FusionAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Fusion", type: { name: "Composite", - className: "FileEntity", + className: "FusionAlertRuleTemplate", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", + type: { + name: "Number" + } + }, + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "DateTime" } }, - friendlyName: { - serializedName: "properties.friendlyName", + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", readOnly: true, + type: { + name: "DateTime" + } + }, + description: { + serializedName: "properties.description", type: { name: "String" } }, - directory: { - serializedName: "properties.directory", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - fileHashEntityIds: { - serializedName: "properties.fileHashEntityIds", - readOnly: true, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "AlertRuleTemplateDataSource" } } } }, - fileName: { - serializedName: "properties.fileName", - readOnly: true, - type: { - name: "String" - } - }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, + status: { + serializedName: "properties.status", type: { name: "String" } - } - } - } -}; - -export const FileHashEntity: coreClient.CompositeMapper = { - serializedName: "FileHash", - type: { - name: "Composite", - className: "FileHashEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - algorithm: { - serializedName: "properties.algorithm", - readOnly: true, + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - hashValue: { - serializedName: "properties.hashValue", - readOnly: true, + techniques: { + serializedName: "properties.techniques", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } } } } }; -export const HostEntity: coreClient.CompositeMapper = { - serializedName: "Host", +export const MicrosoftSecurityIncidentCreationAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", type: { name: "Composite", - className: "HostEntity", + className: "MicrosoftSecurityIncidentCreationAlertRuleTemplate", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "Number" } }, - friendlyName: { - serializedName: "properties.friendlyName", + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - azureID: { - serializedName: "properties.azureID", + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - dnsDomain: { - serializedName: "properties.dnsDomain", - readOnly: true, + description: { + serializedName: "properties.description", type: { name: "String" } }, - hostName: { - serializedName: "properties.hostName", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - isDomainJoined: { - serializedName: "properties.isDomainJoined", - readOnly: true, - type: { - name: "Boolean" - } - }, - netBiosName: { - serializedName: "properties.netBiosName", - readOnly: true, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } } }, - ntDomain: { - serializedName: "properties.ntDomain", - readOnly: true, + status: { + serializedName: "properties.status", type: { name: "String" } }, - omsAgentID: { - serializedName: "properties.omsAgentID", - readOnly: true, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - osFamily: { - serializedName: "properties.osFamily", + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", type: { - name: "Enum", - allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - osVersion: { - serializedName: "properties.osVersion", - readOnly: true, + productFilter: { + serializedName: "properties.productFilter", type: { name: "String" } + }, + severitiesFilter: { + serializedName: "properties.severitiesFilter", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } } } } }; -export const IoTDeviceEntity: coreClient.CompositeMapper = { - serializedName: "IoTDevice", +export const ScheduledAlertRuleTemplate: coreClient.CompositeMapper = { + serializedName: "Scheduled", type: { name: "Composite", - className: "IoTDeviceEntity", + className: "ScheduledAlertRuleTemplate", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + ...AlertRuleTemplate.type.modelProperties, + alertRulesCreatedByTemplateCount: { + serializedName: "properties.alertRulesCreatedByTemplateCount", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "Number" } }, - friendlyName: { - serializedName: "properties.friendlyName", + createdDateUTC: { + serializedName: "properties.createdDateUTC", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - deviceId: { - serializedName: "properties.deviceId", + lastUpdatedDateUTC: { + serializedName: "properties.lastUpdatedDateUTC", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - deviceName: { - serializedName: "properties.deviceName", - readOnly: true, + description: { + serializedName: "properties.description", type: { name: "String" } }, - source: { - serializedName: "properties.source", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - iotSecurityAgentId: { - serializedName: "properties.iotSecurityAgentId", - readOnly: true, + requiredDataConnectors: { + serializedName: "properties.requiredDataConnectors", type: { - name: "Uuid" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "AlertRuleTemplateDataSource" + } + } } }, - deviceType: { - serializedName: "properties.deviceType", - readOnly: true, + status: { + serializedName: "properties.status", type: { name: "String" } }, - vendor: { - serializedName: "properties.vendor", - readOnly: true, + query: { + serializedName: "properties.query", type: { name: "String" } }, - edgeId: { - serializedName: "properties.edgeId", - readOnly: true, + queryFrequency: { + serializedName: "properties.queryFrequency", type: { - name: "String" + name: "TimeSpan" } }, - macAddress: { - serializedName: "properties.macAddress", - readOnly: true, + queryPeriod: { + serializedName: "properties.queryPeriod", type: { - name: "String" + name: "TimeSpan" } }, - model: { - serializedName: "properties.model", - readOnly: true, + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - serialNumber: { - serializedName: "properties.serialNumber", - readOnly: true, + triggerOperator: { + serializedName: "properties.triggerOperator", type: { - name: "String" + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] } }, - firmwareVersion: { - serializedName: "properties.firmwareVersion", - readOnly: true, + triggerThreshold: { + serializedName: "properties.triggerThreshold", type: { - name: "String" + name: "Number" } }, - operatingSystem: { - serializedName: "properties.operatingSystem", - readOnly: true, + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - iotHubEntityId: { - serializedName: "properties.iotHubEntityId", - readOnly: true, + techniques: { + serializedName: "properties.techniques", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - hostEntityId: { - serializedName: "properties.hostEntityId", - readOnly: true, + version: { + serializedName: "properties.version", type: { name: "String" } }, - ipAddressEntityId: { - serializedName: "properties.ipAddressEntityId", - readOnly: true, + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", type: { - name: "String" + name: "Composite", + className: "EventGroupingSettings" } }, - threatIntelligence: { - serializedName: "properties.threatIntelligence", - readOnly: true, + customDetails: { + serializedName: "properties.customDetails", + type: { + name: "Dictionary", + value: { type: { name: "String" } } + } + }, + entityMappings: { + serializedName: "properties.entityMappings", type: { name: "Sequence", element: { type: { name: "Composite", - className: "ThreatIntelligence" + className: "EntityMapping" } } } }, - protocols: { - serializedName: "properties.protocols", + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", + type: { + name: "Composite", + className: "AlertDetailsOverride" + } + } + } + } +}; + +export const SecurityAlert: coreClient.CompositeMapper = { + serializedName: "SecurityAlert", + type: { + name: "Composite", + className: "SecurityAlert", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - owners: { - serializedName: "properties.owners", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + alertDisplayName: { + serializedName: "properties.alertDisplayName", + readOnly: true, + type: { + name: "String" + } + }, + alertType: { + serializedName: "properties.alertType", + readOnly: true, + type: { + name: "String" + } + }, + compromisedEntity: { + serializedName: "properties.compromisedEntity", + readOnly: true, + type: { + name: "String" + } + }, + confidenceLevel: { + serializedName: "properties.confidenceLevel", + readOnly: true, + type: { + name: "String" + } + }, + confidenceReasons: { + serializedName: "properties.confidenceReasons", readOnly: true, type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "SecurityAlertPropertiesConfidenceReasonsItem" } } } }, - nicEntityIds: { - serializedName: "properties.nicEntityIds", + confidenceScore: { + serializedName: "properties.confidenceScore", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Number" } }, - site: { - serializedName: "properties.site", + confidenceScoreStatus: { + serializedName: "properties.confidenceScoreStatus", readOnly: true, type: { name: "String" } }, - zone: { - serializedName: "properties.zone", + description: { + serializedName: "properties.description", readOnly: true, type: { name: "String" } }, - sensor: { - serializedName: "properties.sensor", + endTimeUtc: { + serializedName: "properties.endTimeUtc", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - deviceSubType: { - serializedName: "properties.deviceSubType", + intent: { + serializedName: "properties.intent", readOnly: true, type: { name: "String" } }, - importance: { - serializedName: "properties.importance", + providerAlertId: { + serializedName: "properties.providerAlertId", + readOnly: true, type: { name: "String" } }, - purdueLayer: { - serializedName: "properties.purdueLayer", + processingEndTime: { + serializedName: "properties.processingEndTime", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - isAuthorized: { - serializedName: "properties.isAuthorized", + productComponentName: { + serializedName: "properties.productComponentName", readOnly: true, type: { - name: "Boolean" + name: "String" } }, - isProgramming: { - serializedName: "properties.isProgramming", + productName: { + serializedName: "properties.productName", readOnly: true, type: { - name: "Boolean" + name: "String" } }, - isScanner: { - serializedName: "properties.isScanner", + productVersion: { + serializedName: "properties.productVersion", readOnly: true, type: { - name: "Boolean" + name: "String" } - } - } - } -}; - -export const IpEntity: coreClient.CompositeMapper = { - serializedName: "Ip", - type: { - name: "Composite", - className: "IpEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", + }, + remediationSteps: { + serializedName: "properties.remediationSteps", readOnly: true, type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } + name: "Sequence", + element: { + type: { + name: "String" + } } } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - address: { - serializedName: "properties.address", + startTimeUtc: { + serializedName: "properties.startTimeUtc", + readOnly: true, + type: { + name: "DateTime" + } + }, + status: { + serializedName: "properties.status", readOnly: true, type: { name: "String" } }, - location: { - serializedName: "properties.location", + systemAlertId: { + serializedName: "properties.systemAlertId", + readOnly: true, type: { - name: "Composite", - className: "GeoLocation" + name: "String" } }, - threatIntelligence: { - serializedName: "properties.threatIntelligence", + tactics: { + serializedName: "properties.tactics", readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "ThreatIntelligence" + name: "String" } } } - } - } - } -}; - -export const MailboxEntity: coreClient.CompositeMapper = { - serializedName: "Mailbox", - type: { - name: "Composite", - className: "MailboxEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - mailboxPrimaryAddress: { - serializedName: "properties.mailboxPrimaryAddress", + timeGenerated: { + serializedName: "properties.timeGenerated", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - displayName: { - serializedName: "properties.displayName", + vendorName: { + serializedName: "properties.vendorName", readOnly: true, type: { name: "String" } }, - upn: { - serializedName: "properties.upn", + alertLink: { + serializedName: "properties.alertLink", readOnly: true, type: { name: "String" } }, - externalDirectoryObjectId: { - serializedName: "properties.externalDirectoryObjectId", + resourceIdentifiers: { + serializedName: "properties.resourceIdentifiers", readOnly: true, type: { - name: "Uuid" + name: "Sequence", + element: { + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } + } } } } } }; -export const MailClusterEntity: coreClient.CompositeMapper = { - serializedName: "MailCluster", +export const HuntingBookmark: coreClient.CompositeMapper = { + serializedName: "Bookmark", type: { name: "Composite", - className: "MailClusterEntity", + className: "HuntingBookmark", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -12677,45 +5600,33 @@ export const MailClusterEntity: coreClient.CompositeMapper = { name: "String" } }, - networkMessageIds: { - serializedName: "properties.networkMessageIds", - readOnly: true, + created: { + serializedName: "properties.created", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "DateTime" } }, - countByDeliveryStatus: { - serializedName: "properties.countByDeliveryStatus", - readOnly: true, + createdBy: { + serializedName: "properties.createdBy", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "Composite", + className: "UserInfo" } }, - countByThreatType: { - serializedName: "properties.countByThreatType", - readOnly: true, + displayName: { + serializedName: "properties.displayName", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "String" } }, - countByProtectionStatus: { - serializedName: "properties.countByProtectionStatus", - readOnly: true, + eventTime: { + serializedName: "properties.eventTime", type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "DateTime" } }, - threats: { - serializedName: "properties.threats", - readOnly: true, + labels: { + serializedName: "properties.labels", type: { name: "Sequence", element: { @@ -12725,85 +5636,53 @@ export const MailClusterEntity: coreClient.CompositeMapper = { } } }, - query: { - serializedName: "properties.query", - readOnly: true, - type: { - name: "String" - } - }, - queryTime: { - serializedName: "properties.queryTime", - readOnly: true, - type: { - name: "DateTime" - } - }, - mailCount: { - serializedName: "properties.mailCount", - readOnly: true, - type: { - name: "Number" - } - }, - isVolumeAnomaly: { - serializedName: "properties.isVolumeAnomaly", - readOnly: true, - type: { - name: "Boolean" - } - }, - source: { - serializedName: "properties.source", - readOnly: true, + notes: { + serializedName: "properties.notes", type: { name: "String" } }, - clusterSourceIdentifier: { - serializedName: "properties.clusterSourceIdentifier", - readOnly: true, + query: { + serializedName: "properties.query", type: { name: "String" } }, - clusterSourceType: { - serializedName: "properties.clusterSourceType", - readOnly: true, + queryResult: { + serializedName: "properties.queryResult", type: { name: "String" } }, - clusterQueryStartTime: { - serializedName: "properties.clusterQueryStartTime", - readOnly: true, + updated: { + serializedName: "properties.updated", type: { name: "DateTime" } }, - clusterQueryEndTime: { - serializedName: "properties.clusterQueryEndTime", - readOnly: true, + updatedBy: { + serializedName: "properties.updatedBy", type: { - name: "DateTime" + name: "Composite", + className: "UserInfo" } }, - clusterGroup: { - serializedName: "properties.clusterGroup", - readOnly: true, + incidentInfo: { + serializedName: "properties.incidentInfo", type: { - name: "String" + name: "Composite", + className: "IncidentInfo" } } } } }; -export const MailMessageEntity: coreClient.CompositeMapper = { - serializedName: "MailMessage", +export const AccountEntity: coreClient.CompositeMapper = { + serializedName: "Account", type: { name: "Composite", - className: "MailMessageEntity", + className: "AccountEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -12825,220 +5704,194 @@ export const MailMessageEntity: coreClient.CompositeMapper = { name: "String" } }, - fileEntityIds: { - serializedName: "properties.fileEntityIds", + aadTenantId: { + serializedName: "properties.aadTenantId", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - recipient: { - serializedName: "properties.recipient", + aadUserId: { + serializedName: "properties.aadUserId", readOnly: true, type: { name: "String" } }, - urls: { - serializedName: "properties.urls", + accountName: { + serializedName: "properties.accountName", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - threats: { - serializedName: "properties.threats", + displayName: { + serializedName: "properties.displayName", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - p1Sender: { - serializedName: "properties.p1Sender", + hostEntityId: { + serializedName: "properties.hostEntityId", readOnly: true, type: { name: "String" } }, - p1SenderDisplayName: { - serializedName: "properties.p1SenderDisplayName", + isDomainJoined: { + serializedName: "properties.isDomainJoined", readOnly: true, type: { - name: "String" + name: "Boolean" } }, - p1SenderDomain: { - serializedName: "properties.p1SenderDomain", + ntDomain: { + serializedName: "properties.ntDomain", readOnly: true, type: { name: "String" } }, - senderIP: { - serializedName: "properties.senderIP", + objectGuid: { + serializedName: "properties.objectGuid", readOnly: true, type: { - name: "String" + name: "Uuid" } }, - p2Sender: { - serializedName: "properties.p2Sender", + puid: { + serializedName: "properties.puid", readOnly: true, type: { name: "String" } }, - p2SenderDisplayName: { - serializedName: "properties.p2SenderDisplayName", + sid: { + serializedName: "properties.sid", readOnly: true, type: { name: "String" } }, - p2SenderDomain: { - serializedName: "properties.p2SenderDomain", + upnSuffix: { + serializedName: "properties.upnSuffix", readOnly: true, type: { name: "String" } }, - receiveDate: { - serializedName: "properties.receiveDate", + dnsDomain: { + serializedName: "properties.dnsDomain", readOnly: true, type: { - name: "DateTime" + name: "String" } - }, - networkMessageId: { - serializedName: "properties.networkMessageId", + } + } + } +}; + +export const AzureResourceEntity: coreClient.CompositeMapper = { + serializedName: "AzureResource", + type: { + name: "Composite", + className: "AzureResourceEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "Uuid" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - internetMessageId: { - serializedName: "properties.internetMessageId", + friendlyName: { + serializedName: "properties.friendlyName", readOnly: true, type: { name: "String" } }, - subject: { - serializedName: "properties.subject", + resourceId: { + serializedName: "properties.resourceId", readOnly: true, type: { name: "String" } }, - language: { - serializedName: "properties.language", + subscriptionId: { + serializedName: "properties.subscriptionId", readOnly: true, type: { name: "String" } - }, - threatDetectionMethods: { - serializedName: "properties.threatDetectionMethods", + } + } + } +}; + +export const CloudApplicationEntity: coreClient.CompositeMapper = { + serializedName: "CloudApplication", + type: { + name: "Composite", + className: "CloudApplicationEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - bodyFingerprintBin1: { - serializedName: "properties.bodyFingerprintBin1", - type: { - name: "Number" - } - }, - bodyFingerprintBin2: { - serializedName: "properties.bodyFingerprintBin2", - type: { - name: "Number" - } - }, - bodyFingerprintBin3: { - serializedName: "properties.bodyFingerprintBin3", - type: { - name: "Number" - } - }, - bodyFingerprintBin4: { - serializedName: "properties.bodyFingerprintBin4", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { - name: "Number" + name: "String" } }, - bodyFingerprintBin5: { - serializedName: "properties.bodyFingerprintBin5", + appId: { + serializedName: "properties.appId", + readOnly: true, type: { name: "Number" } }, - antispamDirection: { - serializedName: "properties.antispamDirection", + appName: { + serializedName: "properties.appName", + readOnly: true, type: { name: "String" } }, - deliveryAction: { - serializedName: "properties.deliveryAction", - type: { - name: "Enum", - allowedValues: [ - "Unknown", - "DeliveredAsSpam", - "Delivered", - "Blocked", - "Replaced" - ] - } - }, - deliveryLocation: { - serializedName: "properties.deliveryLocation", + instanceName: { + serializedName: "properties.instanceName", + readOnly: true, type: { - name: "Enum", - allowedValues: [ - "Unknown", - "Inbox", - "JunkFolder", - "DeletedFolder", - "Quarantine", - "External", - "Failed", - "Dropped", - "Forwarded" - ] + name: "String" } } } } }; -export const MalwareEntity: coreClient.CompositeMapper = { - serializedName: "Malware", +export const DnsEntity: coreClient.CompositeMapper = { + serializedName: "DnsResolution", type: { name: "Composite", - className: "MalwareEntity", + className: "DnsEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -13060,34 +5913,29 @@ export const MalwareEntity: coreClient.CompositeMapper = { name: "String" } }, - category: { - serializedName: "properties.category", + dnsServerIpEntityId: { + serializedName: "properties.dnsServerIpEntityId", readOnly: true, type: { name: "String" } }, - fileEntityIds: { - serializedName: "properties.fileEntityIds", + domainName: { + serializedName: "properties.domainName", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - malwareName: { - serializedName: "properties.malwareName", + hostIpAddressEntityId: { + serializedName: "properties.hostIpAddressEntityId", readOnly: true, type: { name: "String" } }, - processEntityIds: { - serializedName: "properties.processEntityIds", + ipAddressEntityIds: { + serializedName: "properties.ipAddressEntityIds", readOnly: true, type: { name: "Sequence", @@ -13102,11 +5950,11 @@ export const MalwareEntity: coreClient.CompositeMapper = { } }; -export const ProcessEntity: coreClient.CompositeMapper = { - serializedName: "Process", +export const FileEntity: coreClient.CompositeMapper = { + serializedName: "File", type: { name: "Composite", - className: "ProcessEntity", + className: "FileEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -13128,32 +5976,30 @@ export const ProcessEntity: coreClient.CompositeMapper = { name: "String" } }, - accountEntityId: { - serializedName: "properties.accountEntityId", + directory: { + serializedName: "properties.directory", readOnly: true, type: { name: "String" } }, - commandLine: { - serializedName: "properties.commandLine", + fileHashEntityIds: { + serializedName: "properties.fileHashEntityIds", readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - creationTimeUtc: { - serializedName: "properties.creationTimeUtc", + fileName: { + serializedName: "properties.fileName", readOnly: true, type: { - name: "DateTime" - } - }, - elevationToken: { - serializedName: "properties.elevationToken", - type: { - name: "Enum", - allowedValues: ["Default", "Full", "Limited"] + name: "String" } }, hostEntityId: { @@ -13162,44 +6008,16 @@ export const ProcessEntity: coreClient.CompositeMapper = { type: { name: "String" } - }, - hostLogonSessionEntityId: { - serializedName: "properties.hostLogonSessionEntityId", - readOnly: true, - type: { - name: "String" - } - }, - imageFileEntityId: { - serializedName: "properties.imageFileEntityId", - readOnly: true, - type: { - name: "String" - } - }, - parentProcessEntityId: { - serializedName: "properties.parentProcessEntityId", - readOnly: true, - type: { - name: "String" - } - }, - processId: { - serializedName: "properties.processId", - readOnly: true, - type: { - name: "String" - } } } } }; -export const RegistryKeyEntity: coreClient.CompositeMapper = { - serializedName: "RegistryKey", +export const FileHashEntity: coreClient.CompositeMapper = { + serializedName: "FileHash", type: { name: "Composite", - className: "RegistryKeyEntity", + className: "FileHashEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -13221,15 +6039,15 @@ export const RegistryKeyEntity: coreClient.CompositeMapper = { name: "String" } }, - hive: { - serializedName: "properties.hive", + algorithm: { + serializedName: "properties.algorithm", readOnly: true, type: { name: "String" } }, - key: { - serializedName: "properties.key", + hashValue: { + serializedName: "properties.hashValue", readOnly: true, type: { name: "String" @@ -13239,11 +6057,11 @@ export const RegistryKeyEntity: coreClient.CompositeMapper = { } }; -export const RegistryValueEntity: coreClient.CompositeMapper = { - serializedName: "RegistryValue", +export const HostEntity: coreClient.CompositeMapper = { + serializedName: "Host", type: { name: "Composite", - className: "RegistryValueEntity", + className: "HostEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -13265,80 +6083,64 @@ export const RegistryValueEntity: coreClient.CompositeMapper = { name: "String" } }, - keyEntityId: { - serializedName: "properties.keyEntityId", + azureID: { + serializedName: "properties.azureID", readOnly: true, type: { name: "String" } }, - valueData: { - serializedName: "properties.valueData", + dnsDomain: { + serializedName: "properties.dnsDomain", readOnly: true, type: { name: "String" } }, - valueName: { - serializedName: "properties.valueName", + hostName: { + serializedName: "properties.hostName", readOnly: true, type: { name: "String" } }, - valueType: { - serializedName: "properties.valueType", + isDomainJoined: { + serializedName: "properties.isDomainJoined", readOnly: true, type: { - name: "String" + name: "Boolean" } - } - } - } -}; - -export const SecurityGroupEntity: coreClient.CompositeMapper = { - serializedName: "SecurityGroup", - type: { - name: "Composite", - className: "SecurityGroupEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", + }, + netBiosName: { + serializedName: "properties.netBiosName", readOnly: true, type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } + name: "String" } }, - friendlyName: { - serializedName: "properties.friendlyName", + ntDomain: { + serializedName: "properties.ntDomain", readOnly: true, type: { name: "String" } }, - distinguishedName: { - serializedName: "properties.distinguishedName", + omsAgentID: { + serializedName: "properties.omsAgentID", readOnly: true, type: { name: "String" } }, - objectGuid: { - serializedName: "properties.objectGuid", - readOnly: true, + osFamily: { + serializedName: "properties.osFamily", type: { - name: "Uuid" + name: "Enum", + allowedValues: ["Linux", "Windows", "Android", "IOS", "Unknown"] } }, - sid: { - serializedName: "properties.sid", + osVersion: { + serializedName: "properties.osVersion", readOnly: true, type: { name: "String" @@ -13348,11 +6150,11 @@ export const SecurityGroupEntity: coreClient.CompositeMapper = { } }; -export const SubmissionMailEntity: coreClient.CompositeMapper = { - serializedName: "SubmissionMail", +export const IoTDeviceEntity: coreClient.CompositeMapper = { + serializedName: "IoTDevice", type: { name: "Composite", - className: "SubmissionMailEntity", + className: "IoTDeviceEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -13374,145 +6176,99 @@ export const SubmissionMailEntity: coreClient.CompositeMapper = { name: "String" } }, - networkMessageId: { - serializedName: "properties.networkMessageId", + deviceId: { + serializedName: "properties.deviceId", readOnly: true, type: { - name: "Uuid" + name: "String" } }, - submissionId: { - serializedName: "properties.submissionId", + deviceName: { + serializedName: "properties.deviceName", readOnly: true, type: { - name: "Uuid" + name: "String" } }, - submitter: { - serializedName: "properties.submitter", + source: { + serializedName: "properties.source", readOnly: true, type: { name: "String" } }, - submissionDate: { - serializedName: "properties.submissionDate", + iotSecurityAgentId: { + serializedName: "properties.iotSecurityAgentId", readOnly: true, type: { - name: "DateTime" + name: "Uuid" } }, - timestamp: { - serializedName: "properties.timestamp", + deviceType: { + serializedName: "properties.deviceType", readOnly: true, type: { - name: "DateTime" + name: "String" } }, - recipient: { - serializedName: "properties.recipient", + vendor: { + serializedName: "properties.vendor", readOnly: true, type: { name: "String" } }, - sender: { - serializedName: "properties.sender", + edgeId: { + serializedName: "properties.edgeId", readOnly: true, type: { name: "String" } }, - senderIp: { - serializedName: "properties.senderIp", + macAddress: { + serializedName: "properties.macAddress", readOnly: true, type: { name: "String" } }, - subject: { - serializedName: "properties.subject", + model: { + serializedName: "properties.model", readOnly: true, type: { name: "String" } }, - reportType: { - serializedName: "properties.reportType", + serialNumber: { + serializedName: "properties.serialNumber", readOnly: true, type: { name: "String" } - } - } - } -}; - -export const UrlEntity: coreClient.CompositeMapper = { - serializedName: "Url", - type: { - name: "Composite", - className: "UrlEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } }, - friendlyName: { - serializedName: "properties.friendlyName", + firmwareVersion: { + serializedName: "properties.firmwareVersion", readOnly: true, type: { name: "String" } }, - url: { - serializedName: "properties.url", + operatingSystem: { + serializedName: "properties.operatingSystem", readOnly: true, type: { name: "String" } - } - } - } -}; - -export const NicEntity: coreClient.CompositeMapper = { - serializedName: "Nic", - type: { - name: "Composite", - className: "NicEntity", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Entity.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, - type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - } }, - friendlyName: { - serializedName: "properties.friendlyName", + iotHubEntityId: { + serializedName: "properties.iotHubEntityId", readOnly: true, type: { name: "String" } }, - macAddress: { - serializedName: "properties.macAddress", + hostEntityId: { + serializedName: "properties.hostEntityId", readOnly: true, type: { name: "String" @@ -13525,8 +6281,21 @@ export const NicEntity: coreClient.CompositeMapper = { name: "String" } }, - vlans: { - serializedName: "properties.vlans", + threatIntelligence: { + serializedName: "properties.threatIntelligence", + readOnly: true, + type: { + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligence" + } + } + } + }, + protocols: { + serializedName: "properties.protocols", readOnly: true, type: { name: "Sequence", @@ -13541,408 +6310,298 @@ export const NicEntity: coreClient.CompositeMapper = { } }; -export const ActivityEntityQueryTemplate: coreClient.CompositeMapper = { - serializedName: "Activity", +export const IpEntity: coreClient.CompositeMapper = { + serializedName: "Ip", type: { name: "Composite", - className: "ActivityEntityQueryTemplate", + className: "IpEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...EntityQueryTemplate.type.modelProperties, - title: { - serializedName: "properties.title", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - content: { - serializedName: "properties.content", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - description: { - serializedName: "properties.description", + address: { + serializedName: "properties.address", + readOnly: true, type: { name: "String" } }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", + location: { + serializedName: "properties.location", type: { name: "Composite", - className: "ActivityEntityQueryTemplatePropertiesQueryDefinitions" + className: "GeoLocation" } }, - dataTypes: { - serializedName: "properties.dataTypes", + threatIntelligence: { + serializedName: "properties.threatIntelligence", + readOnly: true, type: { name: "Sequence", element: { type: { name: "Composite", - className: "DataTypeDefinitions" - } - } - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", - type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + className: "ThreatIntelligence" } } } - }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", - type: { - name: "Dictionary", - value: { - type: { name: "Sequence", element: { type: { name: "String" } } } - } - } - } - } - } -}; - -export const MLBehaviorAnalyticsAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "MLBehaviorAnalyticsAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplateWithMitreProperties.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } - } - } - } -}; - -export const ThreatIntelligenceAlertRuleTemplateProperties: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRuleTemplateProperties", - modelProperties: { - ...AlertRuleTemplateWithMitreProperties.type.modelProperties, - severity: { - serializedName: "severity", - required: true, - type: { - name: "String" - } } } } }; -export const PermissionsCustomsItem: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "PermissionsCustomsItem", - modelProperties: { - ...Customs.type.modelProperties - } - } -}; - -export const MLBehaviorAnalyticsAlertRule: coreClient.CompositeMapper = { - serializedName: "MLBehaviorAnalytics", +export const MailboxEntity: coreClient.CompositeMapper = { + serializedName: "Mailbox", type: { name: "Composite", - className: "MLBehaviorAnalyticsAlertRule", + className: "MailboxEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - displayName: { - serializedName: "properties.displayName", + friendlyName: { + serializedName: "properties.friendlyName", readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + mailboxPrimaryAddress: { + serializedName: "properties.mailboxPrimaryAddress", readOnly: true, type: { - name: "DateTime" + name: "String" } }, - severity: { - serializedName: "properties.severity", + displayName: { + serializedName: "properties.displayName", readOnly: true, type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + upn: { + serializedName: "properties.upn", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - techniques: { - serializedName: "properties.techniques", + externalDirectoryObjectId: { + serializedName: "properties.externalDirectoryObjectId", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Uuid" } } } } }; -export const FusionAlertRule: coreClient.CompositeMapper = { - serializedName: "Fusion", +export const MailClusterEntity: coreClient.CompositeMapper = { + serializedName: "MailCluster", type: { name: "Composite", - className: "FusionAlertRule", + className: "MailClusterEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - displayName: { - serializedName: "properties.displayName", + friendlyName: { + serializedName: "properties.friendlyName", readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - sourceSettings: { - serializedName: "properties.sourceSettings", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "FusionSourceSettings" - } - } - } - }, - scenarioExclusionPatterns: { - serializedName: "properties.scenarioExclusionPatterns", + networkMessageIds: { + serializedName: "properties.networkMessageIds", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "FusionScenarioExclusionPattern" + name: "String" } } } }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + countByDeliveryStatus: { + serializedName: "properties.countByDeliveryStatus", readOnly: true, type: { - name: "DateTime" + name: "Dictionary", + value: { type: { name: "any" } } } }, - severity: { - serializedName: "properties.severity", + countByThreatType: { + serializedName: "properties.countByThreatType", readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { type: { name: "any" } } } }, - tactics: { - serializedName: "properties.tactics", + countByProtectionStatus: { + serializedName: "properties.countByProtectionStatus", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Dictionary", + value: { type: { name: "any" } } } }, - techniques: { - serializedName: "properties.techniques", + threats: { + serializedName: "properties.threats", readOnly: true, type: { name: "Sequence", element: { type: { name: "String" - } - } - } - } - } - } -}; - -export const ThreatIntelligenceAlertRule: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "ThreatIntelligenceAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", + } + } + } + }, + query: { + serializedName: "properties.query", + readOnly: true, type: { name: "String" } }, - description: { - serializedName: "properties.description", + queryTime: { + serializedName: "properties.queryTime", readOnly: true, type: { - name: "String" + name: "DateTime" } }, - displayName: { - serializedName: "properties.displayName", + mailCount: { + serializedName: "properties.mailCount", readOnly: true, type: { - name: "String" + name: "Number" } }, - enabled: { - serializedName: "properties.enabled", + isVolumeAnomaly: { + serializedName: "properties.isVolumeAnomaly", + readOnly: true, type: { name: "Boolean" } }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + source: { + serializedName: "properties.source", readOnly: true, type: { - name: "DateTime" + name: "String" } }, - severity: { - serializedName: "properties.severity", + clusterSourceIdentifier: { + serializedName: "properties.clusterSourceIdentifier", readOnly: true, type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + clusterSourceType: { + serializedName: "properties.clusterSourceType", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - techniques: { - serializedName: "properties.techniques", + clusterQueryStartTime: { + serializedName: "properties.clusterQueryStartTime", readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "DateTime" + } + }, + clusterQueryEndTime: { + serializedName: "properties.clusterQueryEndTime", + readOnly: true, + type: { + name: "DateTime" + } + }, + clusterGroup: { + serializedName: "properties.clusterGroup", + readOnly: true, + type: { + name: "String" } } } } }; -export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMapper = { - serializedName: "MicrosoftSecurityIncidentCreation", +export const MailMessageEntity: coreClient.CompositeMapper = { + serializedName: "MailMessage", type: { name: "Composite", - className: "MicrosoftSecurityIncidentCreationAlertRule", + className: "MailMessageEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...AlertRule.type.modelProperties, - displayNamesFilter: { - serializedName: "properties.displayNamesFilter", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - displayNamesExcludeFilter: { - serializedName: "properties.displayNamesExcludeFilter", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, + type: { + name: "String" + } + }, + fileEntityIds: { + serializedName: "properties.fileEntityIds", + readOnly: true, type: { name: "Sequence", element: { @@ -13952,14 +6611,16 @@ export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMap } } }, - productFilter: { - serializedName: "properties.productFilter", + recipient: { + serializedName: "properties.recipient", + readOnly: true, type: { name: "String" } }, - severitiesFilter: { - serializedName: "properties.severitiesFilter", + urls: { + serializedName: "properties.urls", + readOnly: true, type: { name: "Sequence", element: { @@ -13969,237 +6630,220 @@ export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMap } } }, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", + threats: { + serializedName: "properties.threats", + readOnly: true, type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - description: { - serializedName: "properties.description", + p1Sender: { + serializedName: "properties.p1Sender", + readOnly: true, type: { name: "String" } }, - displayName: { - serializedName: "properties.displayName", + p1SenderDisplayName: { + serializedName: "properties.p1SenderDisplayName", + readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", + p1SenderDomain: { + serializedName: "properties.p1SenderDomain", + readOnly: true, type: { - name: "Boolean" + name: "String" } }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + senderIP: { + serializedName: "properties.senderIP", readOnly: true, type: { - name: "DateTime" + name: "String" } - } - } - } -}; - -export const ScheduledAlertRule: coreClient.CompositeMapper = { - serializedName: "Scheduled", - type: { - name: "Composite", - className: "ScheduledAlertRule", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...AlertRule.type.modelProperties, - query: { - serializedName: "properties.query", + }, + p2Sender: { + serializedName: "properties.p2Sender", + readOnly: true, type: { name: "String" } }, - queryFrequency: { - serializedName: "properties.queryFrequency", + p2SenderDisplayName: { + serializedName: "properties.p2SenderDisplayName", + readOnly: true, type: { - name: "TimeSpan" + name: "String" } }, - queryPeriod: { - serializedName: "properties.queryPeriod", + p2SenderDomain: { + serializedName: "properties.p2SenderDomain", + readOnly: true, type: { - name: "TimeSpan" + name: "String" } }, - severity: { - serializedName: "properties.severity", + receiveDate: { + serializedName: "properties.receiveDate", + readOnly: true, type: { - name: "String" + name: "DateTime" } }, - triggerOperator: { - serializedName: "properties.triggerOperator", + networkMessageId: { + serializedName: "properties.networkMessageId", + readOnly: true, type: { - name: "Enum", - allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] + name: "Uuid" } }, - triggerThreshold: { - serializedName: "properties.triggerThreshold", + internetMessageId: { + serializedName: "properties.internetMessageId", + readOnly: true, type: { - name: "Number" + name: "String" } }, - eventGroupingSettings: { - serializedName: "properties.eventGroupingSettings", + subject: { + serializedName: "properties.subject", + readOnly: true, type: { - name: "Composite", - className: "EventGroupingSettings" + name: "String" } }, - customDetails: { - serializedName: "properties.customDetails", + language: { + serializedName: "properties.language", + readOnly: true, type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "String" } }, - entityMappings: { - serializedName: "properties.entityMappings", + threatDetectionMethods: { + serializedName: "properties.threatDetectionMethods", + readOnly: true, type: { name: "Sequence", element: { type: { - name: "Composite", - className: "EntityMapping" + name: "String" } } } - }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", - type: { - name: "Composite", - className: "AlertDetailsOverride" - } - }, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "properties.templateVersion", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", + }, + bodyFingerprintBin1: { + serializedName: "properties.bodyFingerprintBin1", type: { - name: "String" + name: "Number" } }, - enabled: { - serializedName: "properties.enabled", + bodyFingerprintBin2: { + serializedName: "properties.bodyFingerprintBin2", type: { - name: "Boolean" + name: "Number" } }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", - readOnly: true, + bodyFingerprintBin3: { + serializedName: "properties.bodyFingerprintBin3", type: { - name: "DateTime" + name: "Number" } }, - suppressionDuration: { - serializedName: "properties.suppressionDuration", + bodyFingerprintBin4: { + serializedName: "properties.bodyFingerprintBin4", type: { - name: "TimeSpan" + name: "Number" } }, - suppressionEnabled: { - serializedName: "properties.suppressionEnabled", + bodyFingerprintBin5: { + serializedName: "properties.bodyFingerprintBin5", type: { - name: "Boolean" + name: "Number" } }, - tactics: { - serializedName: "properties.tactics", + antispamDirection: { + serializedName: "properties.antispamDirection", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - techniques: { - serializedName: "properties.techniques", + deliveryAction: { + serializedName: "properties.deliveryAction", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Enum", + allowedValues: [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ] } }, - incidentConfiguration: { - serializedName: "properties.incidentConfiguration", + deliveryLocation: { + serializedName: "properties.deliveryLocation", type: { - name: "Composite", - className: "IncidentConfiguration" + name: "Enum", + allowedValues: [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ] } } } } }; -export const NrtAlertRule: coreClient.CompositeMapper = { - serializedName: "NRT", +export const MalwareEntity: coreClient.CompositeMapper = { + serializedName: "Malware", type: { name: "Composite", - className: "NrtAlertRule", + className: "MalwareEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...AlertRule.type.modelProperties, - alertRuleTemplateName: { - serializedName: "properties.alertRuleTemplateName", - type: { - name: "String" - } - }, - templateVersion: { - serializedName: "properties.templateVersion", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - description: { - serializedName: "properties.description", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - query: { - serializedName: "properties.query", + category: { + serializedName: "properties.category", + readOnly: true, type: { name: "String" } }, - tactics: { - serializedName: "properties.tactics", + fileEntityIds: { + serializedName: "properties.fileEntityIds", + readOnly: true, type: { name: "Sequence", element: { @@ -14209,8 +6853,16 @@ export const NrtAlertRule: coreClient.CompositeMapper = { } } }, - techniques: { - serializedName: "properties.techniques", + malwareName: { + serializedName: "properties.malwareName", + readOnly: true, + type: { + name: "String" + } + }, + processEntityIds: { + serializedName: "properties.processEntityIds", + readOnly: true, type: { name: "Sequence", element: { @@ -14219,137 +6871,140 @@ export const NrtAlertRule: coreClient.CompositeMapper = { } } } + } + } + } +}; + +export const ProcessEntity: coreClient.CompositeMapper = { + serializedName: "Process", + type: { + name: "Composite", + className: "ProcessEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } }, - displayName: { - serializedName: "properties.displayName", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", + accountEntityId: { + serializedName: "properties.accountEntityId", + readOnly: true, type: { - name: "Boolean" + name: "String" } }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + commandLine: { + serializedName: "properties.commandLine", readOnly: true, type: { - name: "DateTime" + name: "String" } }, - suppressionDuration: { - serializedName: "properties.suppressionDuration", + creationTimeUtc: { + serializedName: "properties.creationTimeUtc", + readOnly: true, type: { - name: "TimeSpan" + name: "DateTime" } }, - suppressionEnabled: { - serializedName: "properties.suppressionEnabled", + elevationToken: { + serializedName: "properties.elevationToken", type: { - name: "Boolean" + name: "Enum", + allowedValues: ["Default", "Full", "Limited"] } }, - severity: { - serializedName: "properties.severity", + hostEntityId: { + serializedName: "properties.hostEntityId", + readOnly: true, type: { name: "String" } }, - incidentConfiguration: { - serializedName: "properties.incidentConfiguration", + hostLogonSessionEntityId: { + serializedName: "properties.hostLogonSessionEntityId", + readOnly: true, type: { - name: "Composite", - className: "IncidentConfiguration" + name: "String" } }, - customDetails: { - serializedName: "properties.customDetails", + imageFileEntityId: { + serializedName: "properties.imageFileEntityId", + readOnly: true, type: { - name: "Dictionary", - value: { type: { name: "String" } } + name: "String" } }, - entityMappings: { - serializedName: "properties.entityMappings", + parentProcessEntityId: { + serializedName: "properties.parentProcessEntityId", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "EntityMapping" - } - } + name: "String" } }, - alertDetailsOverride: { - serializedName: "properties.alertDetailsOverride", + processId: { + serializedName: "properties.processId", + readOnly: true, type: { - name: "Composite", - className: "AlertDetailsOverride" + name: "String" } } } } }; -export const ExpansionEntityQuery: coreClient.CompositeMapper = { - serializedName: "Expansion", +export const RegistryKeyEntity: coreClient.CompositeMapper = { + serializedName: "RegistryKey", type: { name: "Composite", - className: "ExpansionEntityQuery", + className: "RegistryKeyEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...EntityQuery.type.modelProperties, - dataSources: { - serializedName: "properties.dataSources", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - inputEntityType: { - serializedName: "properties.inputEntityType", - type: { - name: "String" - } - }, - inputFields: { - serializedName: "properties.inputFields", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - outputEntityTypes: { - serializedName: "properties.outputEntityTypes", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" + } + }, + hive: { + serializedName: "properties.hive", + readOnly: true, + type: { + name: "String" } }, - queryTemplate: { - serializedName: "properties.queryTemplate", + key: { + serializedName: "properties.key", + readOnly: true, type: { name: "String" } @@ -14358,362 +7013,304 @@ export const ExpansionEntityQuery: coreClient.CompositeMapper = { } }; -export const ActivityEntityQuery: coreClient.CompositeMapper = { - serializedName: "Activity", +export const RegistryValueEntity: coreClient.CompositeMapper = { + serializedName: "RegistryValue", type: { name: "Composite", - className: "ActivityEntityQuery", + className: "RegistryValueEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...EntityQuery.type.modelProperties, - title: { - serializedName: "properties.title", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - content: { - serializedName: "properties.content", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - description: { - serializedName: "properties.description", + keyEntityId: { + serializedName: "properties.keyEntityId", + readOnly: true, type: { name: "String" } }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", + valueData: { + serializedName: "properties.valueData", + readOnly: true, type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions" + name: "String" } }, - inputEntityType: { - serializedName: "properties.inputEntityType", + valueName: { + serializedName: "properties.valueName", + readOnly: true, type: { name: "String" } }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", + valueType: { + serializedName: "properties.valueType", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } + name: "String" } - }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", + } + } + } +}; + +export const SecurityGroupEntity: coreClient.CompositeMapper = { + serializedName: "SecurityGroup", + type: { + name: "Composite", + className: "SecurityGroupEntity", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { name: "Dictionary", value: { - type: { name: "Sequence", element: { type: { name: "String" } } } + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - templateName: { - serializedName: "properties.templateName", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", + distinguishedName: { + serializedName: "properties.distinguishedName", + readOnly: true, type: { - name: "Boolean" + name: "String" } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", + objectGuid: { + serializedName: "properties.objectGuid", readOnly: true, type: { - name: "DateTime" + name: "Uuid" } }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", + sid: { + serializedName: "properties.sid", readOnly: true, type: { - name: "DateTime" + name: "String" } } } } }; -export const ActivityCustomEntityQuery: coreClient.CompositeMapper = { - serializedName: "Activity", +export const SubmissionMailEntity: coreClient.CompositeMapper = { + serializedName: "SubmissionMail", type: { name: "Composite", - className: "ActivityCustomEntityQuery", + className: "SubmissionMailEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...CustomEntityQuery.type.modelProperties, - title: { - serializedName: "properties.title", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, type: { - name: "String" + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } } }, - content: { - serializedName: "properties.content", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - description: { - serializedName: "properties.description", + networkMessageId: { + serializedName: "properties.networkMessageId", + readOnly: true, type: { - name: "String" + name: "Uuid" } }, - queryDefinitions: { - serializedName: "properties.queryDefinitions", + submissionId: { + serializedName: "properties.submissionId", + readOnly: true, type: { - name: "Composite", - className: "ActivityEntityQueriesPropertiesQueryDefinitions" + name: "Uuid" } }, - inputEntityType: { - serializedName: "properties.inputEntityType", + submitter: { + serializedName: "properties.submitter", + readOnly: true, type: { name: "String" } }, - requiredInputFieldsSets: { - serializedName: "properties.requiredInputFieldsSets", + submissionDate: { + serializedName: "properties.submissionDate", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - } + name: "DateTime" } }, - entitiesFilter: { - serializedName: "properties.entitiesFilter", + timestamp: { + serializedName: "properties.timestamp", + readOnly: true, type: { - name: "Dictionary", - value: { - type: { name: "Sequence", element: { type: { name: "String" } } } - } + name: "DateTime" } }, - templateName: { - serializedName: "properties.templateName", + recipient: { + serializedName: "properties.recipient", + readOnly: true, type: { name: "String" } }, - enabled: { - serializedName: "properties.enabled", + sender: { + serializedName: "properties.sender", + readOnly: true, type: { - name: "Boolean" + name: "String" } }, - createdTimeUtc: { - serializedName: "properties.createdTimeUtc", + senderIp: { + serializedName: "properties.senderIp", readOnly: true, type: { - name: "DateTime" + name: "String" } }, - lastModifiedTimeUtc: { - serializedName: "properties.lastModifiedTimeUtc", + subject: { + serializedName: "properties.subject", readOnly: true, type: { - name: "DateTime" + name: "String" + } + }, + reportType: { + serializedName: "properties.reportType", + readOnly: true, + type: { + name: "String" } } } } }; -export const AnomalySecurityMLAnalyticsSettings: coreClient.CompositeMapper = { - serializedName: "Anomaly", +export const UrlEntity: coreClient.CompositeMapper = { + serializedName: "Url", type: { name: "Composite", - className: "AnomalySecurityMLAnalyticsSettings", + className: "UrlEntity", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...SecurityMLAnalyticsSetting.type.modelProperties, - description: { - serializedName: "properties.description", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - enabled: { - serializedName: "properties.enabled", - type: { - name: "Boolean" - } - }, - lastModifiedUtc: { - serializedName: "properties.lastModifiedUtc", + ...Entity.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", readOnly: true, type: { - name: "DateTime" - } - }, - requiredDataConnectors: { - serializedName: "properties.requiredDataConnectors", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "SecurityMLAnalyticsSettingsDataSource" - } + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } } } }, - tactics: { - serializedName: "properties.tactics", + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - techniques: { - serializedName: "properties.techniques", + url: { + serializedName: "properties.url", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } - }, - anomalyVersion: { - serializedName: "properties.anomalyVersion", + } + } + } +}; + +export const FusionAlertRule: coreClient.CompositeMapper = { + serializedName: "Fusion", + type: { + name: "Composite", + className: "FusionAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", type: { name: "String" } }, - customizableObservations: { - serializedName: "properties.customizableObservations", - type: { - name: "Dictionary", - value: { type: { name: "any" } } - } - }, - frequency: { - serializedName: "properties.frequency", + description: { + serializedName: "properties.description", + readOnly: true, type: { - name: "TimeSpan" + name: "String" } }, - settingsStatus: { - serializedName: "properties.settingsStatus", + displayName: { + serializedName: "properties.displayName", + readOnly: true, type: { name: "String" } }, - isDefaultSettings: { - serializedName: "properties.isDefaultSettings", + enabled: { + serializedName: "properties.enabled", type: { name: "Boolean" } }, - anomalySettingsVersion: { - serializedName: "properties.anomalySettingsVersion", + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, type: { - name: "Number" + name: "DateTime" } }, - settingsDefinitionId: { - serializedName: "properties.settingsDefinitionId", - type: { - name: "Uuid" - } - } - } - } -}; - -export const Anomalies: coreClient.CompositeMapper = { - serializedName: "Anomalies", - type: { - name: "Composite", - className: "Anomalies", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - isEnabled: { - serializedName: "properties.isEnabled", + severity: { + serializedName: "properties.severity", readOnly: true, type: { - name: "Boolean" + name: "String" } - } - } - } -}; - -export const EyesOn: coreClient.CompositeMapper = { - serializedName: "EyesOn", - type: { - name: "Composite", - className: "EyesOn", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - isEnabled: { - serializedName: "properties.isEnabled", + }, + tactics: { + serializedName: "properties.tactics", readOnly: true, - type: { - name: "Boolean" - } - } - } - } -}; - -export const EntityAnalytics: coreClient.CompositeMapper = { - serializedName: "EntityAnalytics", - type: { - name: "Composite", - className: "EntityAnalytics", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - entityProviders: { - serializedName: "properties.entityProviders", type: { name: "Sequence", element: { @@ -14722,22 +7319,9 @@ export const EntityAnalytics: coreClient.CompositeMapper = { } } } - } - } - } -}; - -export const Ueba: coreClient.CompositeMapper = { - serializedName: "Ueba", - type: { - name: "Composite", - className: "Ueba", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...Settings.type.modelProperties, - dataSources: { - serializedName: "properties.dataSources", + }, + techniques: { + serializedName: "properties.techniques", type: { name: "Sequence", element: { @@ -14751,34 +7335,28 @@ export const Ueba: coreClient.CompositeMapper = { } }; -export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { - serializedName: "indicator", +export const MicrosoftSecurityIncidentCreationAlertRule: coreClient.CompositeMapper = { + serializedName: "MicrosoftSecurityIncidentCreation", type: { name: "Composite", - className: "ThreatIntelligenceIndicatorModel", + className: "MicrosoftSecurityIncidentCreationAlertRule", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...ThreatIntelligenceInformation.type.modelProperties, - additionalData: { - serializedName: "properties.additionalData", - readOnly: true, + ...AlertRule.type.modelProperties, + displayNamesFilter: { + serializedName: "properties.displayNamesFilter", type: { - name: "Dictionary", - value: { - type: { name: "Dictionary", value: { type: { name: "any" } } } + name: "Sequence", + element: { + type: { + name: "String" + } } } }, - friendlyName: { - serializedName: "properties.friendlyName", - readOnly: true, - type: { - name: "String" - } - }, - threatIntelligenceTags: { - serializedName: "properties.threatIntelligenceTags", + displayNamesExcludeFilter: { + serializedName: "properties.displayNamesExcludeFilter", type: { name: "Sequence", element: { @@ -14788,32 +7366,14 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { } } }, - lastUpdatedTimeUtc: { - serializedName: "properties.lastUpdatedTimeUtc", - type: { - name: "String" - } - }, - source: { - serializedName: "properties.source", - type: { - name: "String" - } - }, - displayName: { - serializedName: "properties.displayName", - type: { - name: "String" - } - }, - description: { - serializedName: "properties.description", + productFilter: { + serializedName: "properties.productFilter", type: { name: "String" } }, - indicatorTypes: { - serializedName: "properties.indicatorTypes", + severitiesFilter: { + serializedName: "properties.severitiesFilter", type: { name: "Sequence", element: { @@ -14823,239 +7383,207 @@ export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { } } }, - pattern: { - serializedName: "properties.pattern", + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", type: { name: "String" } }, - patternType: { - serializedName: "properties.patternType", + description: { + serializedName: "properties.description", type: { name: "String" } }, - patternVersion: { - serializedName: "properties.patternVersion", + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - killChainPhases: { - serializedName: "properties.killChainPhases", + enabled: { + serializedName: "properties.enabled", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceKillChainPhase" - } - } + name: "Boolean" } }, - parsedPattern: { - serializedName: "properties.parsedPattern", + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceParsedPattern" - } - } + name: "DateTime" } - }, - externalId: { - serializedName: "properties.externalId", + } + } + } +}; + +export const ScheduledAlertRule: coreClient.CompositeMapper = { + serializedName: "Scheduled", + type: { + name: "Composite", + className: "ScheduledAlertRule", + uberParent: "Resource", + polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, + modelProperties: { + ...AlertRule.type.modelProperties, + query: { + serializedName: "properties.query", type: { name: "String" } }, - createdByRef: { - serializedName: "properties.createdByRef", + queryFrequency: { + serializedName: "properties.queryFrequency", type: { - name: "String" + name: "TimeSpan" } }, - defanged: { - serializedName: "properties.defanged", + queryPeriod: { + serializedName: "properties.queryPeriod", type: { - name: "Boolean" + name: "TimeSpan" } }, - externalLastUpdatedTimeUtc: { - serializedName: "properties.externalLastUpdatedTimeUtc", + severity: { + serializedName: "properties.severity", type: { name: "String" } }, - externalReferences: { - serializedName: "properties.externalReferences", - type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceExternalReference" - } - } - } - }, - granularMarkings: { - serializedName: "properties.granularMarkings", + triggerOperator: { + serializedName: "properties.triggerOperator", type: { - name: "Sequence", - element: { - type: { - name: "Composite", - className: "ThreatIntelligenceGranularMarkingModel" - } - } + name: "Enum", + allowedValues: ["GreaterThan", "LessThan", "Equal", "NotEqual"] } }, - labels: { - serializedName: "properties.labels", + triggerThreshold: { + serializedName: "properties.triggerThreshold", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "Number" } }, - revoked: { - serializedName: "properties.revoked", + eventGroupingSettings: { + serializedName: "properties.eventGroupingSettings", type: { - name: "Boolean" + name: "Composite", + className: "EventGroupingSettings" } }, - confidence: { - serializedName: "properties.confidence", + customDetails: { + serializedName: "properties.customDetails", type: { - name: "Number" + name: "Dictionary", + value: { type: { name: "String" } } } }, - objectMarkingRefs: { - serializedName: "properties.objectMarkingRefs", + entityMappings: { + serializedName: "properties.entityMappings", type: { name: "Sequence", element: { type: { - name: "String" + name: "Composite", + className: "EntityMapping" } } } }, - language: { - serializedName: "properties.language", + alertDetailsOverride: { + serializedName: "properties.alertDetailsOverride", type: { - name: "String" + name: "Composite", + className: "AlertDetailsOverride" } }, - threatTypes: { - serializedName: "properties.threatTypes", + alertRuleTemplateName: { + serializedName: "properties.alertRuleTemplateName", type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } + name: "String" } }, - validFrom: { - serializedName: "properties.validFrom", + templateVersion: { + serializedName: "properties.templateVersion", type: { name: "String" } }, - validUntil: { - serializedName: "properties.validUntil", + description: { + serializedName: "properties.description", type: { name: "String" } }, - created: { - serializedName: "properties.created", + displayName: { + serializedName: "properties.displayName", type: { name: "String" } }, - modified: { - serializedName: "properties.modified", + enabled: { + serializedName: "properties.enabled", type: { - name: "String" + name: "Boolean" } }, - extensions: { - serializedName: "properties.extensions", + lastModifiedUtc: { + serializedName: "properties.lastModifiedUtc", + readOnly: true, type: { - name: "Dictionary", - value: { type: { name: "any" } } + name: "DateTime" } - } - } - } -}; - -export const AADDataConnector: coreClient.CompositeMapper = { - serializedName: "AzureActiveDirectory", - type: { - name: "Composite", - className: "AADDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + suppressionDuration: { + serializedName: "properties.suppressionDuration", type: { - name: "String" + name: "TimeSpan" } }, - dataTypes: { - serializedName: "properties.dataTypes", + suppressionEnabled: { + serializedName: "properties.suppressionEnabled", type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" + name: "Boolean" } - } - } - } -}; - -export const MstiDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatIntelligence", - type: { - name: "Composite", - className: "MstiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + tactics: { + serializedName: "properties.tactics", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - dataTypes: { - serializedName: "properties.dataTypes", + techniques: { + serializedName: "properties.techniques", + type: { + name: "Sequence", + element: { + type: { + name: "String" + } + } + } + }, + incidentConfiguration: { + serializedName: "properties.incidentConfiguration", type: { name: "Composite", - className: "MstiDataConnectorDataTypes" + className: "IncidentConfiguration" } } } } }; -export const MTPDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftThreatProtection", +export const AADDataConnector: coreClient.CompositeMapper = { + serializedName: "AzureActiveDirectory", type: { name: "Composite", - className: "MTPDataConnector", + className: "AADDataConnector", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -15070,7 +7598,7 @@ export const MTPDataConnector: coreClient.CompositeMapper = { serializedName: "properties.dataTypes", type: { name: "Composite", - className: "MTPDataConnectorDataTypes" + className: "AlertsDataTypeOfDataConnector" } } } @@ -15155,49 +7683,6 @@ export const AwsCloudTrailDataConnector: coreClient.CompositeMapper = { } }; -export const AwsS3DataConnector: coreClient.CompositeMapper = { - serializedName: "AmazonWebServicesS3", - type: { - name: "Composite", - className: "AwsS3DataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - destinationTable: { - serializedName: "properties.destinationTable", - type: { - name: "String" - } - }, - sqsUrls: { - serializedName: "properties.sqsUrls", - type: { - name: "Sequence", - element: { - type: { - name: "String" - } - } - } - }, - roleArn: { - serializedName: "properties.roleArn", - type: { - name: "String" - } - }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "AwsS3DataConnectorDataTypes" - } - } - } - } -}; - export const McasDataConnector: coreClient.CompositeMapper = { serializedName: "MicrosoftCloudAppSecurity", type: { @@ -15224,11 +7709,11 @@ export const McasDataConnector: coreClient.CompositeMapper = { } }; -export const Dynamics365DataConnector: coreClient.CompositeMapper = { - serializedName: "Dynamics365", +export const MdatpDataConnector: coreClient.CompositeMapper = { + serializedName: "MicrosoftDefenderAdvancedThreatProtection", type: { name: "Composite", - className: "Dynamics365DataConnector", + className: "MdatpDataConnector", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -15243,18 +7728,18 @@ export const Dynamics365DataConnector: coreClient.CompositeMapper = { serializedName: "properties.dataTypes", type: { name: "Composite", - className: "Dynamics365DataConnectorDataTypes" + className: "AlertsDataTypeOfDataConnector" } } } } }; -export const OfficeATPDataConnector: coreClient.CompositeMapper = { - serializedName: "OfficeATP", +export const TIDataConnector: coreClient.CompositeMapper = { + serializedName: "ThreatIntelligence", type: { name: "Composite", - className: "OfficeATPDataConnector", + className: "TIDataConnector", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -15265,22 +7750,29 @@ export const OfficeATPDataConnector: coreClient.CompositeMapper = { name: "String" } }, + tipLookbackPeriod: { + serializedName: "properties.tipLookbackPeriod", + nullable: true, + type: { + name: "DateTime" + } + }, dataTypes: { serializedName: "properties.dataTypes", type: { name: "Composite", - className: "AlertsDataTypeOfDataConnector" + className: "TIDataConnectorDataTypes" } } } } }; -export const Office365ProjectDataConnector: coreClient.CompositeMapper = { - serializedName: "Office365Project", +export const OfficeDataConnector: coreClient.CompositeMapper = { + serializedName: "Office365", type: { name: "Composite", - className: "Office365ProjectDataConnector", + className: "OfficeDataConnector", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { @@ -15295,324 +7787,256 @@ export const Office365ProjectDataConnector: coreClient.CompositeMapper = { serializedName: "properties.dataTypes", type: { name: "Composite", - className: "Office365ProjectConnectorDataTypes" + className: "OfficeDataConnectorDataTypes" } } } } }; -export const OfficePowerBIDataConnector: coreClient.CompositeMapper = { - serializedName: "OfficePowerBI", +export const ThreatIntelligenceIndicatorModel: coreClient.CompositeMapper = { + serializedName: "indicator", type: { name: "Composite", - className: "OfficePowerBIDataConnector", + className: "ThreatIntelligenceIndicatorModel", uberParent: "Resource", polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + ...ThreatIntelligenceInformation.type.modelProperties, + additionalData: { + serializedName: "properties.additionalData", + readOnly: true, + type: { + name: "Dictionary", + value: { + type: { name: "Dictionary", value: { type: { name: "any" } } } + } + } + }, + friendlyName: { + serializedName: "properties.friendlyName", + readOnly: true, type: { name: "String" } }, - dataTypes: { - serializedName: "properties.dataTypes", + threatIntelligenceTags: { + serializedName: "properties.threatIntelligenceTags", type: { - name: "Composite", - className: "OfficePowerBIConnectorDataTypes" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - } - } - } -}; - -export const OfficeIRMDataConnector: coreClient.CompositeMapper = { - serializedName: "OfficeIRM", - type: { - name: "Composite", - className: "OfficeIRMDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + lastUpdatedTimeUtc: { + serializedName: "properties.lastUpdatedTimeUtc", type: { name: "String" } }, - dataTypes: { - serializedName: "properties.dataTypes", + source: { + serializedName: "properties.source", type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" + name: "String" } - } - } - } -}; - -export const MdatpDataConnector: coreClient.CompositeMapper = { - serializedName: "MicrosoftDefenderAdvancedThreatProtection", - type: { - name: "Composite", - className: "MdatpDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + displayName: { + serializedName: "properties.displayName", + type: { + name: "String" + } + }, + description: { + serializedName: "properties.description", type: { name: "String" } }, - dataTypes: { - serializedName: "properties.dataTypes", + indicatorTypes: { + serializedName: "properties.indicatorTypes", type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - } - } - } -}; - -export const OfficeDataConnector: coreClient.CompositeMapper = { - serializedName: "Office365", - type: { - name: "Composite", - className: "OfficeDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + pattern: { + serializedName: "properties.pattern", type: { name: "String" } }, - dataTypes: { - serializedName: "properties.dataTypes", - type: { - name: "Composite", - className: "OfficeDataConnectorDataTypes" - } - } - } - } -}; - -export const TIDataConnector: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligence", - type: { - name: "Composite", - className: "TIDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + patternType: { + serializedName: "properties.patternType", type: { name: "String" } }, - tipLookbackPeriod: { - serializedName: "properties.tipLookbackPeriod", - nullable: true, + patternVersion: { + serializedName: "properties.patternVersion", type: { - name: "DateTime" + name: "String" } }, - dataTypes: { - serializedName: "properties.dataTypes", + killChainPhases: { + serializedName: "properties.killChainPhases", type: { - name: "Composite", - className: "TIDataConnectorDataTypes" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceKillChainPhase" + } + } } - } - } - } -}; - -export const TiTaxiiDataConnector: coreClient.CompositeMapper = { - serializedName: "ThreatIntelligenceTaxii", - type: { - name: "Composite", - className: "TiTaxiiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - tenantId: { - serializedName: "properties.tenantId", + }, + parsedPattern: { + serializedName: "properties.parsedPattern", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceParsedPattern" + } + } } }, - workspaceId: { - serializedName: "properties.workspaceId", + externalId: { + serializedName: "properties.externalId", type: { name: "String" } }, - friendlyName: { - serializedName: "properties.friendlyName", + createdByRef: { + serializedName: "properties.createdByRef", type: { name: "String" } }, - taxiiServer: { - serializedName: "properties.taxiiServer", + defanged: { + serializedName: "properties.defanged", type: { - name: "String" + name: "Boolean" } }, - collectionId: { - serializedName: "properties.collectionId", + externalLastUpdatedTimeUtc: { + serializedName: "properties.externalLastUpdatedTimeUtc", type: { name: "String" } }, - userName: { - serializedName: "properties.userName", + externalReferences: { + serializedName: "properties.externalReferences", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceExternalReference" + } + } } }, - password: { - serializedName: "properties.password", + granularMarkings: { + serializedName: "properties.granularMarkings", type: { - name: "String" + name: "Sequence", + element: { + type: { + name: "Composite", + className: "ThreatIntelligenceGranularMarkingModel" + } + } } }, - taxiiLookbackPeriod: { - serializedName: "properties.taxiiLookbackPeriod", - nullable: true, + labels: { + serializedName: "properties.labels", type: { - name: "DateTime" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - pollingFrequency: { - serializedName: "properties.pollingFrequency", - nullable: true, + revoked: { + serializedName: "properties.revoked", type: { - name: "String" + name: "Boolean" } }, - dataTypes: { - serializedName: "properties.dataTypes", + confidence: { + serializedName: "properties.confidence", type: { - name: "Composite", - className: "TiTaxiiDataConnectorDataTypes" + name: "Number" } - } - } - } -}; - -export const IoTDataConnector: coreClient.CompositeMapper = { - serializedName: "IOT", - type: { - name: "Composite", - className: "IoTDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - dataTypes: { - serializedName: "properties.dataTypes", + }, + objectMarkingRefs: { + serializedName: "properties.objectMarkingRefs", type: { - name: "Composite", - className: "AlertsDataTypeOfDataConnector" + name: "Sequence", + element: { + type: { + name: "String" + } + } } }, - subscriptionId: { - serializedName: "properties.subscriptionId", + language: { + serializedName: "properties.language", type: { name: "String" } - } - } - } -}; - -export const CodelessUiDataConnector: coreClient.CompositeMapper = { - serializedName: "GenericUI", - type: { - name: "Composite", - className: "CodelessUiDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - connectorUiConfig: { - serializedName: "properties.connectorUiConfig", + }, + threatTypes: { + serializedName: "properties.threatTypes", type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties" + name: "Sequence", + element: { + type: { + name: "String" + } + } } - } - } - } -}; - -export const CodelessApiPollingDataConnector: coreClient.CompositeMapper = { - serializedName: "APIPolling", - type: { - name: "Composite", - className: "CodelessApiPollingDataConnector", - uberParent: "Resource", - polymorphicDiscriminator: Resource.type.polymorphicDiscriminator, - modelProperties: { - ...DataConnector.type.modelProperties, - connectorUiConfig: { - serializedName: "properties.connectorUiConfig", + }, + validFrom: { + serializedName: "properties.validFrom", type: { - name: "Composite", - className: "CodelessUiConnectorConfigProperties" + name: "String" } }, - pollingConfig: { - serializedName: "properties.pollingConfig", + validUntil: { + serializedName: "properties.validUntil", type: { - name: "Composite", - className: "CodelessConnectorPollingConfigProperties" + name: "String" } - } - } - } -}; - -export const WatchlistsDeleteHeaders: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "WatchlistsDeleteHeaders", - modelProperties: { - azureAsyncOperation: { - serializedName: "azure-asyncoperation", + }, + created: { + serializedName: "properties.created", type: { name: "String" } - } - } - } -}; - -export const WatchlistsCreateOrUpdateHeaders: coreClient.CompositeMapper = { - type: { - name: "Composite", - className: "WatchlistsCreateOrUpdateHeaders", - modelProperties: { - azureAsyncOperation: { - serializedName: "azure-asyncoperation", + }, + modified: { + serializedName: "properties.modified", type: { name: "String" } + }, + extensions: { + serializedName: "properties.extensions", + type: { + name: "Dictionary", + value: { type: { name: "any" } } + } } } } @@ -15621,52 +8045,17 @@ export const WatchlistsCreateOrUpdateHeaders: coreClient.CompositeMapper = { export let discriminators = { AutomationRuleCondition: AutomationRuleCondition, AutomationRuleAction: AutomationRuleAction, - EntityTimelineItem: EntityTimelineItem, - EntityQueryItem: EntityQueryItem, - DataConnectorsCheckRequirements: DataConnectorsCheckRequirements, "Resource.AlertRuleTemplate": AlertRuleTemplate, "Resource.Entity": Entity, - "Resource.EntityQueryTemplate": EntityQueryTemplate, - "AutomationRuleCondition.PropertyArrayChanged": PropertyArrayChangedConditionProperties, - "AutomationRuleCondition.PropertyChanged": PropertyChangedConditionProperties, "AutomationRuleCondition.Property": PropertyConditionProperties, "AutomationRuleAction.ModifyProperties": AutomationRuleModifyPropertiesAction, "AutomationRuleAction.RunPlaybook": AutomationRuleRunPlaybookAction, - "EntityTimelineItem.Activity": ActivityTimelineItem, - "EntityTimelineItem.Bookmark": BookmarkTimelineItem, - "EntityTimelineItem.Anomaly": AnomalyTimelineItem, - "EntityTimelineItem.SecurityAlert": SecurityAlertTimelineItem, - "EntityQueryItem.Insight": InsightQueryItem, - "DataConnectorsCheckRequirements.AzureActiveDirectory": AADCheckRequirements, - "DataConnectorsCheckRequirements.AzureAdvancedThreatProtection": AatpCheckRequirements, - "DataConnectorsCheckRequirements.AzureSecurityCenter": ASCCheckRequirements, - "DataConnectorsCheckRequirements.AmazonWebServicesCloudTrail": AwsCloudTrailCheckRequirements, - "DataConnectorsCheckRequirements.AmazonWebServicesS3": AwsS3CheckRequirements, - "DataConnectorsCheckRequirements.Dynamics365": Dynamics365CheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftCloudAppSecurity": McasCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftDefenderAdvancedThreatProtection": MdatpCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftThreatIntelligence": MstiCheckRequirements, - "DataConnectorsCheckRequirements.MicrosoftThreatProtection": MtpCheckRequirements, - "DataConnectorsCheckRequirements.OfficeATP": OfficeATPCheckRequirements, - "DataConnectorsCheckRequirements.OfficeIRM": OfficeIRMCheckRequirements, - "DataConnectorsCheckRequirements.Office365Project": Office365ProjectCheckRequirements, - "DataConnectorsCheckRequirements.OfficePowerBI": OfficePowerBICheckRequirements, - "DataConnectorsCheckRequirements.ThreatIntelligence": TICheckRequirements, - "DataConnectorsCheckRequirements.ThreatIntelligenceTaxii": TiTaxiiCheckRequirements, - "DataConnectorsCheckRequirements.IOT": IoTCheckRequirements, "Resource.AlertRule": AlertRule, - "Resource.EntityQuery": EntityQuery, - "Resource.CustomEntityQuery": CustomEntityQuery, - "Resource.SecurityMLAnalyticsSetting": SecurityMLAnalyticsSetting, - "Resource.Settings": Settings, - "Resource.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "Resource.DataConnector": DataConnector, - "Resource.MLBehaviorAnalytics": MLBehaviorAnalyticsAlertRule, + "Resource.ThreatIntelligenceInformation": ThreatIntelligenceInformation, "Resource.Fusion": FusionAlertRule, - "Resource.ThreatIntelligence": TIDataConnector, "Resource.MicrosoftSecurityIncidentCreation": MicrosoftSecurityIncidentCreationAlertRule, "Resource.Scheduled": ScheduledAlertRule, - "Resource.NRT": NrtAlertRule, "Resource.SecurityAlert": SecurityAlert, "Resource.Bookmark": HuntingBookmark, "Resource.Account": AccountEntity, @@ -15688,32 +8077,13 @@ export let discriminators = { "Resource.SecurityGroup": SecurityGroupEntity, "Resource.SubmissionMail": SubmissionMailEntity, "Resource.Url": UrlEntity, - "Resource.Nic": NicEntity, - "Resource.Activity": ActivityCustomEntityQuery, - "Resource.Expansion": ExpansionEntityQuery, - "Resource.Anomaly": AnomalySecurityMLAnalyticsSettings, - "Resource.Anomalies": Anomalies, - "Resource.EyesOn": EyesOn, - "Resource.EntityAnalytics": EntityAnalytics, - "Resource.Ueba": Ueba, - "Resource.indicator": ThreatIntelligenceIndicatorModel, "Resource.AzureActiveDirectory": AADDataConnector, - "Resource.MicrosoftThreatIntelligence": MstiDataConnector, - "Resource.MicrosoftThreatProtection": MTPDataConnector, "Resource.AzureAdvancedThreatProtection": AatpDataConnector, "Resource.AzureSecurityCenter": ASCDataConnector, "Resource.AmazonWebServicesCloudTrail": AwsCloudTrailDataConnector, - "Resource.AmazonWebServicesS3": AwsS3DataConnector, "Resource.MicrosoftCloudAppSecurity": McasDataConnector, - "Resource.Dynamics365": Dynamics365DataConnector, - "Resource.OfficeATP": OfficeATPDataConnector, - "Resource.Office365Project": Office365ProjectDataConnector, - "Resource.OfficePowerBI": OfficePowerBIDataConnector, - "Resource.OfficeIRM": OfficeIRMDataConnector, "Resource.MicrosoftDefenderAdvancedThreatProtection": MdatpDataConnector, + "Resource.ThreatIntelligence": TIDataConnector, "Resource.Office365": OfficeDataConnector, - "Resource.ThreatIntelligenceTaxii": TiTaxiiDataConnector, - "Resource.IOT": IoTDataConnector, - "Resource.GenericUI": CodelessUiDataConnector, - "Resource.APIPolling": CodelessApiPollingDataConnector + "Resource.indicator": ThreatIntelligenceIndicatorModel }; diff --git a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts index 6cc47755758b..449fe190467b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts +++ b/sdk/securityinsight/arm-securityinsight/src/models/parameters.ts @@ -15,31 +15,17 @@ import { AlertRule as AlertRuleMapper, ActionRequest as ActionRequestMapper, AutomationRule as AutomationRuleMapper, - ManualTriggerRequestBody as ManualTriggerRequestBodyMapper, - Incident as IncidentMapper, - TeamProperties as TeamPropertiesMapper, Bookmark as BookmarkMapper, - Relation as RelationMapper, - BookmarkExpandParameters as BookmarkExpandParametersMapper, - EntityExpandParameters as EntityExpandParametersMapper, - EntityGetInsightsParameters as EntityGetInsightsParametersMapper, - EntityTimelineParameters as EntityTimelineParametersMapper, - CustomEntityQuery as CustomEntityQueryMapper, + DataConnector as DataConnectorMapper, + Incident as IncidentMapper, IncidentComment as IncidentCommentMapper, - MetadataModel as MetadataModelMapper, - MetadataPatch as MetadataPatchMapper, + Relation as RelationMapper, SentinelOnboardingState as SentinelOnboardingStateMapper, - SecurityMLAnalyticsSetting as SecurityMLAnalyticsSettingMapper, - Settings as SettingsMapper, - SourceControl as SourceControlMapper, ThreatIntelligenceIndicatorModel as ThreatIntelligenceIndicatorModelMapper, ThreatIntelligenceFilteringCriteria as ThreatIntelligenceFilteringCriteriaMapper, ThreatIntelligenceAppendTags as ThreatIntelligenceAppendTagsMapper, Watchlist as WatchlistMapper, - WatchlistItem as WatchlistItemMapper, - DataConnector as DataConnectorMapper, - DataConnectorConnectBody as DataConnectorConnectBodyMapper, - DataConnectorsCheckRequirements as DataConnectorsCheckRequirementsMapper + WatchlistItem as WatchlistItemMapper } from "../models/mappers"; export const accept: OperationParameter = { @@ -69,7 +55,7 @@ export const $host: OperationURLParameter = { export const apiVersion: OperationQueryParameter = { parameterPath: "apiVersion", mapper: { - defaultValue: "2022-07-01-preview", + defaultValue: "2022-08-01", isConstant: true, serializedName: "api-version", type: { @@ -205,15 +191,26 @@ export const automationRuleToUpsert: OperationParameter = { mapper: AutomationRuleMapper }; -export const requestBody: OperationParameter = { - parameterPath: ["options", "requestBody"], - mapper: ManualTriggerRequestBodyMapper +export const bookmarkId: OperationURLParameter = { + parameterPath: "bookmarkId", + mapper: { + serializedName: "bookmarkId", + required: true, + type: { + name: "String" + } + } }; -export const incidentIdentifier: OperationURLParameter = { - parameterPath: "incidentIdentifier", +export const bookmark: OperationParameter = { + parameterPath: "bookmark", + mapper: BookmarkMapper +}; + +export const dataConnectorId: OperationURLParameter = { + parameterPath: "dataConnectorId", mapper: { - serializedName: "incidentIdentifier", + serializedName: "dataConnectorId", required: true, type: { name: "String" @@ -221,6 +218,11 @@ export const incidentIdentifier: OperationURLParameter = { } }; +export const dataConnector: OperationParameter = { + parameterPath: "dataConnector", + mapper: DataConnectorMapper +}; + export const filter: OperationQueryParameter = { parameterPath: ["options", "filter"], mapper: { @@ -277,156 +279,6 @@ export const incident: OperationParameter = { mapper: IncidentMapper }; -export const teamProperties: OperationParameter = { - parameterPath: "teamProperties", - mapper: TeamPropertiesMapper -}; - -export const bookmarkId: OperationURLParameter = { - parameterPath: "bookmarkId", - mapper: { - serializedName: "bookmarkId", - required: true, - type: { - name: "String" - } - } -}; - -export const bookmark: OperationParameter = { - parameterPath: "bookmark", - mapper: BookmarkMapper -}; - -export const relationName: OperationURLParameter = { - parameterPath: "relationName", - mapper: { - serializedName: "relationName", - required: true, - type: { - name: "String" - } - } -}; - -export const relation: OperationParameter = { - parameterPath: "relation", - mapper: RelationMapper -}; - -export const parameters: OperationParameter = { - parameterPath: "parameters", - mapper: BookmarkExpandParametersMapper -}; - -export const ipAddress: OperationQueryParameter = { - parameterPath: "ipAddress", - mapper: { - serializedName: "ipAddress", - required: true, - type: { - name: "String" - } - } -}; - -export const domain: OperationQueryParameter = { - parameterPath: "domain", - mapper: { - serializedName: "domain", - required: true, - type: { - name: "String" - } - } -}; - -export const entityId: OperationURLParameter = { - parameterPath: "entityId", - mapper: { - serializedName: "entityId", - required: true, - type: { - name: "String" - } - } -}; - -export const parameters1: OperationParameter = { - parameterPath: "parameters", - mapper: EntityExpandParametersMapper -}; - -export const kind: OperationQueryParameter = { - parameterPath: "kind", - mapper: { - serializedName: "kind", - required: true, - type: { - name: "String" - } - } -}; - -export const parameters2: OperationParameter = { - parameterPath: "parameters", - mapper: EntityGetInsightsParametersMapper -}; - -export const parameters3: OperationParameter = { - parameterPath: "parameters", - mapper: EntityTimelineParametersMapper -}; - -export const kind1: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryId: OperationURLParameter = { - parameterPath: "entityQueryId", - mapper: { - serializedName: "entityQueryId", - required: true, - type: { - name: "String" - } - } -}; - -export const entityQuery: OperationParameter = { - parameterPath: "entityQuery", - mapper: CustomEntityQueryMapper -}; - -export const kind2: OperationQueryParameter = { - parameterPath: ["options", "kind"], - mapper: { - defaultValue: "Activity", - isConstant: true, - serializedName: "kind", - type: { - name: "String" - } - } -}; - -export const entityQueryTemplateId: OperationURLParameter = { - parameterPath: "entityQueryTemplateId", - mapper: { - serializedName: "entityQueryTemplateId", - required: true, - type: { - name: "String" - } - } -}; - export const incidentCommentId: OperationURLParameter = { parameterPath: "incidentCommentId", mapper: { @@ -443,20 +295,10 @@ export const incidentComment: OperationParameter = { mapper: IncidentCommentMapper }; -export const skip: OperationQueryParameter = { - parameterPath: ["options", "skip"], - mapper: { - serializedName: "$skip", - type: { - name: "Number" - } - } -}; - -export const metadataName: OperationURLParameter = { - parameterPath: "metadataName", +export const relationName: OperationURLParameter = { + parameterPath: "relationName", mapper: { - serializedName: "metadataName", + serializedName: "relationName", required: true, type: { name: "String" @@ -464,25 +306,9 @@ export const metadataName: OperationURLParameter = { } }; -export const metadata: OperationParameter = { - parameterPath: "metadata", - mapper: MetadataModelMapper -}; - -export const metadataPatch: OperationParameter = { - parameterPath: "metadataPatch", - mapper: MetadataPatchMapper -}; - -export const consentId: OperationURLParameter = { - parameterPath: "consentId", - mapper: { - serializedName: "consentId", - required: true, - type: { - name: "String" - } - } +export const relation: OperationParameter = { + parameterPath: "relation", + mapper: RelationMapper }; export const sentinelOnboardingStateName: OperationURLParameter = { @@ -501,65 +327,6 @@ export const sentinelOnboardingStateParameter: OperationParameter = { mapper: SentinelOnboardingStateMapper }; -export const settingsResourceName: OperationURLParameter = { - parameterPath: "settingsResourceName", - mapper: { - serializedName: "settingsResourceName", - required: true, - type: { - name: "String" - } - } -}; - -export const securityMLAnalyticsSetting: OperationParameter = { - parameterPath: "securityMLAnalyticsSetting", - mapper: SecurityMLAnalyticsSettingMapper -}; - -export const settingsName: OperationURLParameter = { - parameterPath: "settingsName", - mapper: { - serializedName: "settingsName", - required: true, - type: { - name: "String" - } - } -}; - -export const settings: OperationParameter = { - parameterPath: "settings", - mapper: SettingsMapper -}; - -export const repoType: OperationParameter = { - parameterPath: "repoType", - mapper: { - serializedName: "repoType", - required: true, - type: { - name: "String" - } - } -}; - -export const sourceControlId: OperationURLParameter = { - parameterPath: "sourceControlId", - mapper: { - serializedName: "sourceControlId", - required: true, - type: { - name: "String" - } - } -}; - -export const sourceControl: OperationParameter = { - parameterPath: "sourceControl", - mapper: SourceControlMapper -}; - export const threatIntelligenceProperties: OperationParameter = { parameterPath: "threatIntelligenceProperties", mapper: ThreatIntelligenceIndicatorModelMapper @@ -622,29 +389,3 @@ export const watchlistItem: OperationParameter = { parameterPath: "watchlistItem", mapper: WatchlistItemMapper }; - -export const dataConnectorId: OperationURLParameter = { - parameterPath: "dataConnectorId", - mapper: { - serializedName: "dataConnectorId", - required: true, - type: { - name: "String" - } - } -}; - -export const dataConnector: OperationParameter = { - parameterPath: "dataConnector", - mapper: DataConnectorMapper -}; - -export const connectBody: OperationParameter = { - parameterPath: "connectBody", - mapper: DataConnectorConnectBodyMapper -}; - -export const dataConnectorsCheckRequirements: OperationParameter = { - parameterPath: "dataConnectorsCheckRequirements", - mapper: DataConnectorsCheckRequirementsMapper -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts index 9e885d622466..59b834da4a2b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/automationRules.ts @@ -40,7 +40,7 @@ export class AutomationRulesImpl implements AutomationRules { } /** - * Gets all automation rules. + * Gets all automation rules * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. @@ -99,7 +99,7 @@ export class AutomationRulesImpl implements AutomationRules { } /** - * Gets the automation rule. + * Gets the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID @@ -118,7 +118,7 @@ export class AutomationRulesImpl implements AutomationRules { } /** - * Creates or updates the automation rule. + * Creates or updates the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID @@ -137,7 +137,7 @@ export class AutomationRulesImpl implements AutomationRules { } /** - * Delete the automation rule. + * Delete the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID @@ -156,7 +156,7 @@ export class AutomationRulesImpl implements AutomationRules { } /** - * Gets all automation rules. + * Gets all automation rules * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts deleted file mode 100644 index cd0a944ecdca..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkOperations.ts +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { BookmarkOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - BookmarkExpandParameters, - BookmarkExpandOptionalParams, - BookmarkExpandOperationResponse -} from "../models"; - -/** Class containing BookmarkOperations operations. */ -export class BookmarkOperationsImpl implements BookmarkOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class BookmarkOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Expand an bookmark - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param parameters The parameters required to execute an expand operation on the given bookmark. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - parameters: BookmarkExpandParameters, - options?: BookmarkExpandOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, parameters, options }, - expandOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const expandOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.BookmarkExpandResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts deleted file mode 100644 index b399a68bbfc5..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/bookmarkRelations.ts +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { BookmarkRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Relation, - BookmarkRelationsListNextOptionalParams, - BookmarkRelationsListOptionalParams, - BookmarkRelationsListResponse, - BookmarkRelationsGetOptionalParams, - BookmarkRelationsGetResponse, - BookmarkRelationsCreateOrUpdateOptionalParams, - BookmarkRelationsCreateOrUpdateResponse, - BookmarkRelationsDeleteOptionalParams, - BookmarkRelationsListNextResponse -} from "../models"; - -/// -/** Class containing BookmarkRelations operations. */ -export class BookmarkRelationsImpl implements BookmarkRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class BookmarkRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - bookmarkId, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - bookmarkId, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - bookmarkId, - options - )) { - yield* page; - } - } - - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, options }, - listOperationSpec - ); - } - - /** - * Gets a bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, relationName, options }, - getOperationSpec - ); - } - - /** - * Creates the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - relation: Relation, - options?: BookmarkRelationsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - bookmarkId, - relationName, - relation, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, relationName, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - nextLink: string, - options?: BookmarkRelationsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, bookmarkId, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - 201: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.relation, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.bookmarkId, - Parameters.relationName - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.bookmarkId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts index ff60c1cc995f..4d52325326bf 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectors.ts @@ -22,9 +22,6 @@ import { DataConnectorsCreateOrUpdateOptionalParams, DataConnectorsCreateOrUpdateResponse, DataConnectorsDeleteOptionalParams, - DataConnectorConnectBody, - DataConnectorsConnectOptionalParams, - DataConnectorsDisconnectOptionalParams, DataConnectorsListNextResponse } from "../models"; @@ -182,52 +179,6 @@ export class DataConnectorsImpl implements DataConnectors { ); } - /** - * Connects a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param connectBody The data connector - * @param options The options parameters. - */ - connect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - connectBody: DataConnectorConnectBody, - options?: DataConnectorsConnectOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - dataConnectorId, - connectBody, - options - }, - connectOperationSpec - ); - } - - /** - * Disconnect a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param options The options parameters. - */ - disconnect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - options?: DataConnectorsDisconnectOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, dataConnectorId, options }, - disconnectOperationSpec - ); - } - /** * ListNext * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -345,50 +296,6 @@ const deleteOperationSpec: coreClient.OperationSpec = { headerParameters: [Parameters.accept], serializer }; -const connectOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect", - httpMethod: "POST", - responses: { - 200: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.connectBody, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.dataConnectorId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const disconnectOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect", - httpMethod: "POST", - responses: { - 200: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.dataConnectorId - ], - headerParameters: [Parameters.accept], - serializer -}; const listNextOperationSpec: coreClient.OperationSpec = { path: "{nextLink}", httpMethod: "GET", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts deleted file mode 100644 index 06ee89237293..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/dataConnectorsCheckRequirementsOperations.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { DataConnectorsCheckRequirementsOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - DataConnectorsCheckRequirementsUnion, - DataConnectorsCheckRequirementsPostOptionalParams, - DataConnectorsCheckRequirementsPostResponse -} from "../models"; - -/** Class containing DataConnectorsCheckRequirementsOperations operations. */ -export class DataConnectorsCheckRequirementsOperationsImpl - implements DataConnectorsCheckRequirementsOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class DataConnectorsCheckRequirementsOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get requirements state for a data connector type. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorsCheckRequirements The parameters for requirements check message - * @param options The options parameters. - */ - post( - resourceGroupName: string, - workspaceName: string, - dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, - options?: DataConnectorsCheckRequirementsPostOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - dataConnectorsCheckRequirements, - options - }, - postOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const postOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.DataConnectorRequirementsState - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.dataConnectorsCheckRequirements, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts deleted file mode 100644 index adc8023e0349..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/domainWhois.ts +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { DomainWhois } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - DomainWhoisGetOptionalParams, - DomainWhoisGetResponse -} from "../models"; - -/** Class containing DomainWhois operations. */ -export class DomainWhoisImpl implements DomainWhois { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class DomainWhois class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get whois information for a single domain name - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param domain Domain name to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - domain: string, - options?: DomainWhoisGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, domain, options }, - getOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EnrichmentDomainWhois - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.domain], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts deleted file mode 100644 index 3f01a3174daa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entities.ts +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Entities } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityUnion, - EntitiesListNextOptionalParams, - EntitiesListOptionalParams, - EntitiesListResponse, - EntitiesGetOptionalParams, - EntitiesGetResponse, - EntityExpandParameters, - EntitiesExpandOptionalParams, - EntitiesExpandResponse, - EntityItemQueryKind, - EntitiesQueriesOptionalParams, - EntitiesQueriesResponse, - EntityGetInsightsParameters, - EntitiesGetInsightsOptionalParams, - EntitiesGetInsightsResponse, - EntitiesListNextResponse -} from "../models"; - -/// -/** Class containing Entities operations. */ -export class EntitiesImpl implements Entities { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class Entities class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, options }, - getOperationSpec - ); - } - - /** - * Expands an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an expand operation on the given entity. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityExpandParameters, - options?: EntitiesExpandOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - expandOperationSpec - ); - } - - /** - * Get Insights and Activities for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param kind The Kind parameter for queries - * @param options The options parameters. - */ - queries( - resourceGroupName: string, - workspaceName: string, - entityId: string, - kind: EntityItemQueryKind, - options?: EntitiesQueriesOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, kind, options }, - queriesOperationSpec - ); - } - - /** - * Execute Insights for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute insights on the given entity. - * @param options The options parameters. - */ - getInsights( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityGetInsightsParameters, - options?: EntitiesGetInsightsOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - getInsightsOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntitiesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Entity - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const expandOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityExpandResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters1, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const queriesOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.GetQueriesResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const getInsightsOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityGetInsightsResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters2, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts deleted file mode 100644 index 52ccbd95b39b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesGetTimeline.ts +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { EntitiesGetTimeline } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityTimelineParameters, - EntitiesGetTimelineListOptionalParams, - EntitiesGetTimelineListResponse -} from "../models"; - -/** Class containing EntitiesGetTimeline operations. */ -export class EntitiesGetTimelineImpl implements EntitiesGetTimeline { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntitiesGetTimeline class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Timeline for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an timeline operation on the given entity. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityTimelineParameters, - options?: EntitiesGetTimelineListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, parameters, options }, - listOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.EntityTimelineResponse - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.parameters3, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts deleted file mode 100644 index 1117b74cd510..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entitiesRelations.ts +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntitiesRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Relation, - EntitiesRelationsListNextOptionalParams, - EntitiesRelationsListOptionalParams, - EntitiesRelationsListResponse, - EntitiesRelationsListNextResponse -} from "../models"; - -/// -/** Class containing EntitiesRelations operations. */ -export class EntitiesRelationsImpl implements EntitiesRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntitiesRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll( - resourceGroupName, - workspaceName, - entityId, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage( - resourceGroupName, - workspaceName, - entityId, - options - ); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list( - resourceGroupName, - workspaceName, - entityId, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - entityId, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - entityId, - options - )) { - yield* page; - } - } - - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, options }, - listOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - entityId: string, - nextLink: string, - options?: EntitiesRelationsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RelationList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skipToken - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts deleted file mode 100644 index 21190c27d569..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueries.ts +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntityQueries } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityQueryUnion, - EntityQueriesListNextOptionalParams, - EntityQueriesListOptionalParams, - EntityQueriesListResponse, - EntityQueriesGetOptionalParams, - EntityQueriesGetResponse, - CustomEntityQueryUnion, - EntityQueriesCreateOrUpdateOptionalParams, - EntityQueriesCreateOrUpdateResponse, - EntityQueriesDeleteOptionalParams, - EntityQueriesListNextResponse -} from "../models"; - -/// -/** Class containing EntityQueries operations. */ -export class EntityQueriesImpl implements EntityQueries { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityQueries class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, options }, - getOperationSpec - ); - } - - /** - * Creates or updates the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param entityQuery The entity query we want to create or update - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - entityQuery: CustomEntityQueryUnion, - options?: EntityQueriesCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, entityQuery, options }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryId, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntityQueriesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQuery - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.EntityQuery - }, - 201: { - bodyMapper: Mappers.EntityQuery - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.entityQuery, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind1], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts deleted file mode 100644 index 51b5a4ab4e9b..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityQueryTemplates.ts +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { EntityQueryTemplates } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityQueryTemplateUnion, - EntityQueryTemplatesListNextOptionalParams, - EntityQueryTemplatesListOptionalParams, - EntityQueryTemplatesListResponse, - EntityQueryTemplatesGetOptionalParams, - EntityQueryTemplatesGetResponse, - EntityQueryTemplatesListNextResponse -} from "../models"; - -/// -/** Class containing EntityQueryTemplates operations. */ -export class EntityQueryTemplatesImpl implements EntityQueryTemplates { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityQueryTemplates class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryTemplateId entity query template ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryTemplateId: string, - options?: EntityQueryTemplatesGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityQueryTemplateId, options }, - getOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: EntityQueryTemplatesListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplateList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind2], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplate - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.entityQueryTemplateId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EntityQueryTemplateList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.kind2], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts deleted file mode 100644 index e76d8ca12d13..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/entityRelations.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { EntityRelations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - EntityRelationsGetRelationOptionalParams, - EntityRelationsGetRelationResponse -} from "../models"; - -/** Class containing EntityRelations operations. */ -export class EntityRelationsImpl implements EntityRelations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class EntityRelations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets an entity relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param relationName Relation Name - * @param options The options parameters. - */ - getRelation( - resourceGroupName: string, - workspaceName: string, - entityId: string, - relationName: string, - options?: EntityRelationsGetRelationOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, entityId, relationName, options }, - getRelationOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getRelationOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Relation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.relationName, - Parameters.entityId - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts deleted file mode 100644 index 9219973e7167..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/iPGeodata.ts +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { IPGeodata } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; - -/** Class containing IPGeodata operations. */ -export class IPGeodataImpl implements IPGeodata { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class IPGeodata class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Get geodata for a single IP address - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param ipAddress IP address (v4 or v6) to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - ipAddress: string, - options?: IPGeodataGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, ipAddress, options }, - getOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.EnrichmentIpGeodata - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion, Parameters.ipAddress], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts index ae27ca7777d1..b1f6b9383f2f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentComments.ts @@ -39,7 +39,7 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Gets all incident comments. + * Gets all comments for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -119,7 +119,7 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Gets all incident comments. + * Gets all comments for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -138,7 +138,7 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Gets an incident comment. + * Gets a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -165,7 +165,7 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Creates or updates the incident comment. + * Creates or updates a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -195,7 +195,7 @@ export class IncidentCommentsImpl implements IncidentComments { } /** - * Delete the incident comment. + * Deletes a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts index c58d9e3de7af..885ebeda9cc8 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidentRelations.ts @@ -39,7 +39,7 @@ export class IncidentRelationsImpl implements IncidentRelations { } /** - * Gets all incident relations. + * Gets all relations for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -119,7 +119,7 @@ export class IncidentRelationsImpl implements IncidentRelations { } /** - * Gets all incident relations. + * Gets all relations for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -138,7 +138,7 @@ export class IncidentRelationsImpl implements IncidentRelations { } /** - * Gets an incident relation. + * Gets a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -159,7 +159,7 @@ export class IncidentRelationsImpl implements IncidentRelations { } /** - * Creates or updates the incident relation. + * Creates or updates a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -189,7 +189,7 @@ export class IncidentRelationsImpl implements IncidentRelations { } /** - * Delete the incident relation. + * Deletes a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts index 3cf9b36c40ec..b6db5904f402 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/incidents.ts @@ -16,17 +16,12 @@ import { Incident, IncidentsListNextOptionalParams, IncidentsListOptionalParams, - IncidentsRunPlaybookOptionalParams, - IncidentsRunPlaybookResponse, IncidentsListResponse, IncidentsGetOptionalParams, IncidentsGetResponse, IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, IncidentsDeleteOptionalParams, - TeamProperties, - IncidentsCreateTeamOptionalParams, - IncidentsCreateTeamResponse, IncidentsListAlertsOptionalParams, IncidentsListAlertsResponse, IncidentsListBookmarksOptionalParams, @@ -108,25 +103,6 @@ export class IncidentsImpl implements Incidents { } } - /** - * Triggers playbook on a specific incident - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentIdentifier - * @param options The options parameters. - */ - runPlaybook( - resourceGroupName: string, - workspaceName: string, - incidentIdentifier: string, - options?: IncidentsRunPlaybookOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentIdentifier, options }, - runPlaybookOperationSpec - ); - } - /** * Gets all incidents. * @param resourceGroupName The name of the resource group. The name is case insensitive. @@ -145,7 +121,7 @@ export class IncidentsImpl implements Incidents { } /** - * Gets an incident. + * Gets a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -164,7 +140,7 @@ export class IncidentsImpl implements Incidents { } /** - * Creates or updates the incident. + * Creates or updates an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -185,7 +161,7 @@ export class IncidentsImpl implements Incidents { } /** - * Delete the incident. + * Deletes a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -204,29 +180,7 @@ export class IncidentsImpl implements Incidents { } /** - * Creates a Microsoft team to investigate the incident by sharing information and insights between - * participants. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param teamProperties Team properties - * @param options The options parameters. - */ - createTeam( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - teamProperties: TeamProperties, - options?: IncidentsCreateTeamOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, incidentId, teamProperties, options }, - createTeamOperationSpec - ); - } - - /** - * Gets all incident alerts. + * Gets all alerts for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -245,7 +199,7 @@ export class IncidentsImpl implements Incidents { } /** - * Gets all incident bookmarks. + * Gets all bookmarks for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -264,7 +218,7 @@ export class IncidentsImpl implements Incidents { } /** - * Gets all incident related entities. + * Gets all entities for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -304,33 +258,6 @@ export class IncidentsImpl implements Incidents { // Operation Specifications const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); -const runPlaybookOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", - httpMethod: "POST", - responses: { - 204: { - bodyMapper: { - type: { name: "Dictionary", value: { type: { name: "any" } } } - } - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.requestBody, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentIdentifier - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; const listOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", @@ -432,31 +359,6 @@ const deleteOperationSpec: coreClient.OperationSpec = { headerParameters: [Parameters.accept], serializer }; -const createTeamOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.TeamInformation - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.teamProperties, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.incidentId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; const listAlertsOperationSpec: coreClient.OperationSpec = { path: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts index 953a63a9a9d9..d8acbe9d739b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/index.ts @@ -10,32 +10,15 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; export * from "./automationRules"; -export * from "./incidents"; export * from "./bookmarks"; -export * from "./bookmarkRelations"; -export * from "./bookmarkOperations"; -export * from "./iPGeodata"; -export * from "./domainWhois"; -export * from "./entities"; -export * from "./entitiesGetTimeline"; -export * from "./entitiesRelations"; -export * from "./entityRelations"; -export * from "./entityQueries"; -export * from "./entityQueryTemplates"; +export * from "./dataConnectors"; +export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; -export * from "./metadata"; -export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; -export * from "./securityMLAnalyticsSettings"; -export * from "./productSettings"; -export * from "./sourceControlOperations"; -export * from "./sourceControls"; export * from "./threatIntelligenceIndicator"; export * from "./threatIntelligenceIndicators"; export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; -export * from "./dataConnectors"; -export * from "./dataConnectorsCheckRequirementsOperations"; export * from "./operations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts deleted file mode 100644 index be14e682404d..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/metadata.ts +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Metadata } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - MetadataModel, - MetadataListNextOptionalParams, - MetadataListOptionalParams, - MetadataListResponse, - MetadataGetOptionalParams, - MetadataGetResponse, - MetadataDeleteOptionalParams, - MetadataCreateOptionalParams, - MetadataCreateResponse, - MetadataPatch, - MetadataUpdateOptionalParams, - MetadataUpdateResponse, - MetadataListNextResponse -} from "../models"; - -/// -/** Class containing Metadata operations. */ -export class MetadataImpl implements Metadata { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class Metadata class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Get a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, options }, - getOperationSpec - ); - } - - /** - * Delete a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, options }, - deleteOperationSpec - ); - } - - /** - * Create a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadata Metadata resource. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadata: MetadataModel, - options?: MetadataCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, metadataName, metadata, options }, - createOperationSpec - ); - } - - /** - * Update an existing Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadataPatch Partial metadata request. - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadataPatch: MetadataPatch, - options?: MetadataUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - metadataName, - metadataPatch, - options - }, - updateOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: MetadataListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skip - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - 201: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.metadata, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const updateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - httpMethod: "PATCH", - responses: { - 200: { - bodyMapper: Mappers.MetadataModel - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.metadataPatch, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.metadataName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.MetadataList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [ - Parameters.apiVersion, - Parameters.filter, - Parameters.orderby, - Parameters.top, - Parameters.skip - ], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts deleted file mode 100644 index 28d1a51e8097..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/officeConsents.ts +++ /dev/null @@ -1,263 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { OfficeConsents } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - OfficeConsent, - OfficeConsentsListNextOptionalParams, - OfficeConsentsListOptionalParams, - OfficeConsentsListResponse, - OfficeConsentsGetOptionalParams, - OfficeConsentsGetResponse, - OfficeConsentsDeleteOptionalParams, - OfficeConsentsListNextResponse -} from "../models"; - -/// -/** Class containing OfficeConsents operations. */ -export class OfficeConsentsImpl implements OfficeConsents { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class OfficeConsents class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets an office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, consentId, options }, - getOperationSpec - ); - } - - /** - * Delete the office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, consentId, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: OfficeConsentsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsentList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsent - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.consentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.consentId - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.OfficeConsentList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts deleted file mode 100644 index b28a78dde724..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/productSettings.ts +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { ProductSettings } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - ProductSettingsListOptionalParams, - ProductSettingsListResponse, - ProductSettingsGetOptionalParams, - ProductSettingsGetResponse, - ProductSettingsDeleteOptionalParams, - SettingsUnion, - ProductSettingsUpdateOptionalParams, - ProductSettingsUpdateResponse -} from "../models"; - -/** Class containing ProductSettings operations. */ -export class ProductSettingsImpl implements ProductSettings { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class ProductSettings class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * List of all the settings - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ProductSettingsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets a setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, options }, - getOperationSpec - ); - } - - /** - * Delete setting of the product. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, options }, - deleteOperationSpec - ); - } - - /** - * Updates setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param settings The setting - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - settings: SettingsUnion, - options?: ProductSettingsUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsName, settings, options }, - updateOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SettingList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.Settings - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept], - serializer -}; -const updateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.Settings - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.settings, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/securityMLAnalyticsSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operations/securityMLAnalyticsSettings.ts deleted file mode 100644 index 3b4bae234a8e..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/securityMLAnalyticsSettings.ts +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { SecurityMLAnalyticsSettings } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - SecurityMLAnalyticsSettingUnion, - SecurityMLAnalyticsSettingsListNextOptionalParams, - SecurityMLAnalyticsSettingsListOptionalParams, - SecurityMLAnalyticsSettingsListResponse, - SecurityMLAnalyticsSettingsGetOptionalParams, - SecurityMLAnalyticsSettingsGetResponse, - SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams, - SecurityMLAnalyticsSettingsCreateOrUpdateResponse, - SecurityMLAnalyticsSettingsDeleteOptionalParams, - SecurityMLAnalyticsSettingsListNextResponse -} from "../models"; - -/// -/** Class containing SecurityMLAnalyticsSettings operations. */ -export class SecurityMLAnalyticsSettingsImpl - implements SecurityMLAnalyticsSettings { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SecurityMLAnalyticsSettings class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: SecurityMLAnalyticsSettingsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: SecurityMLAnalyticsSettingsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: SecurityMLAnalyticsSettingsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: SecurityMLAnalyticsSettingsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - options?: SecurityMLAnalyticsSettingsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsResourceName, options }, - getOperationSpec - ); - } - - /** - * Creates or updates the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param securityMLAnalyticsSetting The security ML Analytics setting - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - securityMLAnalyticsSetting: SecurityMLAnalyticsSettingUnion, - options?: SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - settingsResourceName, - securityMLAnalyticsSetting, - options - }, - createOrUpdateOperationSpec - ); - } - - /** - * Delete the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - options?: SecurityMLAnalyticsSettingsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, settingsResourceName, options }, - deleteOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: SecurityMLAnalyticsSettingsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SecurityMLAnalyticsSettingsList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SecurityMLAnalyticsSetting - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsResourceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOrUpdateOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.SecurityMLAnalyticsSetting - }, - 201: { - bodyMapper: Mappers.SecurityMLAnalyticsSetting - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.securityMLAnalyticsSetting, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsResourceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.settingsResourceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SecurityMLAnalyticsSettingsList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts deleted file mode 100644 index 1337fe8b5caa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControlOperations.ts +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { SourceControlOperations } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - Repo, - RepoType, - SourceControlListRepositoriesNextOptionalParams, - SourceControlListRepositoriesOptionalParams, - SourceControlListRepositoriesResponse, - SourceControlListRepositoriesNextResponse -} from "../models"; - -/// -/** Class containing SourceControlOperations operations. */ -export class SourceControlOperationsImpl implements SourceControlOperations { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SourceControlOperations class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - public listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listRepositoriesPagingAll( - resourceGroupName, - workspaceName, - repoType, - options - ); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listRepositoriesPagingPage( - resourceGroupName, - workspaceName, - repoType, - options - ); - } - }; - } - - private async *listRepositoriesPagingPage( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): AsyncIterableIterator { - let result = await this._listRepositories( - resourceGroupName, - workspaceName, - repoType, - options - ); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listRepositoriesNext( - resourceGroupName, - workspaceName, - repoType, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listRepositoriesPagingAll( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listRepositoriesPagingPage( - resourceGroupName, - workspaceName, - repoType, - options - )) { - yield* page; - } - } - - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - private _listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, repoType, options }, - listRepositoriesOperationSpec - ); - } - - /** - * ListRepositoriesNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param nextLink The nextLink from the previous successful call to the ListRepositories method. - * @param options The options parameters. - */ - private _listRepositoriesNext( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - nextLink: string, - options?: SourceControlListRepositoriesNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, repoType, nextLink, options }, - listRepositoriesNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listRepositoriesOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories", - httpMethod: "POST", - responses: { - 200: { - bodyMapper: Mappers.RepoList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.repoType, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listRepositoriesNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.RepoList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts deleted file mode 100644 index 4fc9a379dd59..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operations/sourceControls.ts +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { SourceControls } from "../operationsInterfaces"; -import * as coreClient from "@azure/core-client"; -import * as Mappers from "../models/mappers"; -import * as Parameters from "../models/parameters"; -import { SecurityInsights } from "../securityInsights"; -import { - SourceControl, - SourceControlsListNextOptionalParams, - SourceControlsListOptionalParams, - SourceControlsListResponse, - SourceControlsGetOptionalParams, - SourceControlsGetResponse, - SourceControlsDeleteOptionalParams, - SourceControlsCreateOptionalParams, - SourceControlsCreateResponse, - SourceControlsListNextResponse -} from "../models"; - -/// -/** Class containing SourceControls operations. */ -export class SourceControlsImpl implements SourceControls { - private readonly client: SecurityInsights; - - /** - * Initialize a new instance of the class SourceControls class. - * @param client Reference to the service client - */ - constructor(client: SecurityInsights) { - this.client = client; - } - - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - public list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): PagedAsyncIterableIterator { - const iter = this.listPagingAll(resourceGroupName, workspaceName, options); - return { - next() { - return iter.next(); - }, - [Symbol.asyncIterator]() { - return this; - }, - byPage: () => { - return this.listPagingPage(resourceGroupName, workspaceName, options); - } - }; - } - - private async *listPagingPage( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): AsyncIterableIterator { - let result = await this._list(resourceGroupName, workspaceName, options); - yield result.value || []; - let continuationToken = result.nextLink; - while (continuationToken) { - result = await this._listNext( - resourceGroupName, - workspaceName, - continuationToken, - options - ); - continuationToken = result.nextLink; - yield result.value || []; - } - } - - private async *listPagingAll( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): AsyncIterableIterator { - for await (const page of this.listPagingPage( - resourceGroupName, - workspaceName, - options - )) { - yield* page; - } - } - - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - private _list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, options }, - listOperationSpec - ); - } - - /** - * Gets a source control byt its identifier. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsGetOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, sourceControlId, options }, - getOperationSpec - ); - } - - /** - * Delete a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsDeleteOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, sourceControlId, options }, - deleteOperationSpec - ); - } - - /** - * Creates a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param sourceControl The SourceControl - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - sourceControl: SourceControl, - options?: SourceControlsCreateOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { - resourceGroupName, - workspaceName, - sourceControlId, - sourceControl, - options - }, - createOperationSpec - ); - } - - /** - * ListNext - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param nextLink The nextLink from the previous successful call to the List method. - * @param options The options parameters. - */ - private _listNext( - resourceGroupName: string, - workspaceName: string, - nextLink: string, - options?: SourceControlsListNextOptionalParams - ): Promise { - return this.client.sendOperationRequest( - { resourceGroupName, workspaceName, nextLink, options }, - listNextOperationSpec - ); - } -} -// Operation Specifications -const serializer = coreClient.createSerializer(Mappers, /* isXml */ false); - -const listOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControlList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName - ], - headerParameters: [Parameters.accept], - serializer -}; -const getOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControl - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept], - serializer -}; -const deleteOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "DELETE", - responses: { - 200: {}, - 204: {}, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept], - serializer -}; -const createOperationSpec: coreClient.OperationSpec = { - path: - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - httpMethod: "PUT", - responses: { - 200: { - bodyMapper: Mappers.SourceControl - }, - 201: { - bodyMapper: Mappers.SourceControl - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - requestBody: Parameters.sourceControl, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.sourceControlId - ], - headerParameters: [Parameters.accept, Parameters.contentType], - mediaType: "json", - serializer -}; -const listNextOperationSpec: coreClient.OperationSpec = { - path: "{nextLink}", - httpMethod: "GET", - responses: { - 200: { - bodyMapper: Mappers.SourceControlList - }, - default: { - bodyMapper: Mappers.CloudError - } - }, - queryParameters: [Parameters.apiVersion], - urlParameters: [ - Parameters.$host, - Parameters.subscriptionId, - Parameters.resourceGroupName, - Parameters.workspaceName, - Parameters.nextLink - ], - headerParameters: [Parameters.accept], - serializer -}; diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts index 265d8e1a7791..793c03ff9c4d 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlistItems.ts @@ -39,10 +39,10 @@ export class WatchlistItemsImpl implements WatchlistItems { } /** - * Gets all watchlist Items. + * Get all watchlist Items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ public list( @@ -119,10 +119,10 @@ export class WatchlistItemsImpl implements WatchlistItems { } /** - * Gets all watchlist Items. + * Get all watchlist Items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ private _list( @@ -138,11 +138,11 @@ export class WatchlistItemsImpl implements WatchlistItems { } /** - * Gets a watchlist, without its watchlist items. + * Get a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param options The options parameters. */ get( @@ -168,8 +168,8 @@ export class WatchlistItemsImpl implements WatchlistItems { * Delete a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param options The options parameters. */ delete( @@ -192,11 +192,11 @@ export class WatchlistItemsImpl implements WatchlistItems { } /** - * Creates or updates a watchlist item. + * Create or update a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param watchlistItem The watchlist item * @param options The options parameters. */ @@ -225,7 +225,7 @@ export class WatchlistItemsImpl implements WatchlistItems { * ListNext * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param nextLink The nextLink from the previous successful call to the List method. * @param options The options parameters. */ diff --git a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts index 6b21e6d9455d..b71d9e4e3a9a 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operations/watchlists.ts @@ -20,7 +20,6 @@ import { WatchlistsGetOptionalParams, WatchlistsGetResponse, WatchlistsDeleteOptionalParams, - WatchlistsDeleteResponse, WatchlistsCreateOrUpdateOptionalParams, WatchlistsCreateOrUpdateResponse, WatchlistsListNextResponse @@ -40,7 +39,7 @@ export class WatchlistsImpl implements Watchlists { } /** - * Gets all watchlists, without watchlist items. + * Get all watchlists, without watchlist items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. @@ -99,7 +98,7 @@ export class WatchlistsImpl implements Watchlists { } /** - * Gets all watchlists, without watchlist items. + * Get all watchlists, without watchlist items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. @@ -116,10 +115,10 @@ export class WatchlistsImpl implements Watchlists { } /** - * Gets a watchlist, without its watchlist items. + * Get a watchlist, without its watchlist items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ get( @@ -138,7 +137,7 @@ export class WatchlistsImpl implements Watchlists { * Delete a watchlist. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ delete( @@ -146,7 +145,7 @@ export class WatchlistsImpl implements Watchlists { workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams - ): Promise { + ): Promise { return this.client.sendOperationRequest( { resourceGroupName, workspaceName, watchlistAlias, options }, deleteOperationSpec @@ -155,14 +154,11 @@ export class WatchlistsImpl implements Watchlists { /** * Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a - * valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content - * size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can - * go up to 500 MB. The status of processing such large file can be polled through the URL returned in - * Azure-AsyncOperation header. + * type). To create a Watchlist and its Items, we should call this endpoint with rawContent and + * contentType properties. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param watchlist The watchlist * @param options The options parameters. */ @@ -251,9 +247,7 @@ const deleteOperationSpec: coreClient.OperationSpec = { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", httpMethod: "DELETE", responses: { - 200: { - headersMapper: Mappers.WatchlistsDeleteHeaders - }, + 200: {}, 204: {}, default: { bodyMapper: Mappers.CloudError @@ -279,8 +273,7 @@ const createOrUpdateOperationSpec: coreClient.OperationSpec = { bodyMapper: Mappers.Watchlist }, 201: { - bodyMapper: Mappers.Watchlist, - headersMapper: Mappers.WatchlistsCreateOrUpdateHeaders + bodyMapper: Mappers.Watchlist }, default: { bodyMapper: Mappers.CloudError diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts index 4a1dbaad4bcb..e7c8a5013caa 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/automationRules.ts @@ -22,7 +22,7 @@ import { /** Interface representing a AutomationRules. */ export interface AutomationRules { /** - * Gets all automation rules. + * Gets all automation rules * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. @@ -33,7 +33,7 @@ export interface AutomationRules { options?: AutomationRulesListOptionalParams ): PagedAsyncIterableIterator; /** - * Gets the automation rule. + * Gets the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID @@ -46,7 +46,7 @@ export interface AutomationRules { options?: AutomationRulesGetOptionalParams ): Promise; /** - * Creates or updates the automation rule. + * Creates or updates the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID @@ -59,7 +59,7 @@ export interface AutomationRules { options?: AutomationRulesCreateOrUpdateOptionalParams ): Promise; /** - * Delete the automation rule. + * Delete the automation rule * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param automationRuleId Automation rule ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts deleted file mode 100644 index 99a1802aa35a..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkOperations.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - BookmarkExpandParameters, - BookmarkExpandOptionalParams, - BookmarkExpandOperationResponse -} from "../models"; - -/** Interface representing a BookmarkOperations. */ -export interface BookmarkOperations { - /** - * Expand an bookmark - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param parameters The parameters required to execute an expand operation on the given bookmark. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - parameters: BookmarkExpandParameters, - options?: BookmarkExpandOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts deleted file mode 100644 index f2100626e2a9..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/bookmarkRelations.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Relation, - BookmarkRelationsListOptionalParams, - BookmarkRelationsGetOptionalParams, - BookmarkRelationsGetResponse, - BookmarkRelationsCreateOrUpdateOptionalParams, - BookmarkRelationsCreateOrUpdateResponse, - BookmarkRelationsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a BookmarkRelations. */ -export interface BookmarkRelations { - /** - * Gets all bookmark relations. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - options?: BookmarkRelationsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsGetOptionalParams - ): Promise; - /** - * Creates the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param relation The relation model - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - relation: Relation, - options?: BookmarkRelationsCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the bookmark relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param bookmarkId Bookmark ID - * @param relationName Relation Name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - bookmarkId: string, - relationName: string, - options?: BookmarkRelationsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts index e9cb04512c91..3d0eeb4f1d1d 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectors.ts @@ -14,10 +14,7 @@ import { DataConnectorsGetResponse, DataConnectorsCreateOrUpdateOptionalParams, DataConnectorsCreateOrUpdateResponse, - DataConnectorsDeleteOptionalParams, - DataConnectorConnectBody, - DataConnectorsConnectOptionalParams, - DataConnectorsDisconnectOptionalParams + DataConnectorsDeleteOptionalParams } from "../models"; /// @@ -75,32 +72,4 @@ export interface DataConnectors { dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams ): Promise; - /** - * Connects a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param connectBody The data connector - * @param options The options parameters. - */ - connect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - connectBody: DataConnectorConnectBody, - options?: DataConnectorsConnectOptionalParams - ): Promise; - /** - * Disconnect a data connector. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorId Connector ID - * @param options The options parameters. - */ - disconnect( - resourceGroupName: string, - workspaceName: string, - dataConnectorId: string, - options?: DataConnectorsDisconnectOptionalParams - ): Promise; } diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts deleted file mode 100644 index bcb6e67df617..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/dataConnectorsCheckRequirementsOperations.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - DataConnectorsCheckRequirementsUnion, - DataConnectorsCheckRequirementsPostOptionalParams, - DataConnectorsCheckRequirementsPostResponse -} from "../models"; - -/** Interface representing a DataConnectorsCheckRequirementsOperations. */ -export interface DataConnectorsCheckRequirementsOperations { - /** - * Get requirements state for a data connector type. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param dataConnectorsCheckRequirements The parameters for requirements check message - * @param options The options parameters. - */ - post( - resourceGroupName: string, - workspaceName: string, - dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, - options?: DataConnectorsCheckRequirementsPostOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts deleted file mode 100644 index d10705b58b73..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/domainWhois.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - DomainWhoisGetOptionalParams, - DomainWhoisGetResponse -} from "../models"; - -/** Interface representing a DomainWhois. */ -export interface DomainWhois { - /** - * Get whois information for a single domain name - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param domain Domain name to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - domain: string, - options?: DomainWhoisGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts deleted file mode 100644 index ac24d1939afa..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entities.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityUnion, - EntitiesListOptionalParams, - EntitiesGetOptionalParams, - EntitiesGetResponse, - EntityExpandParameters, - EntitiesExpandOptionalParams, - EntitiesExpandResponse, - EntityItemQueryKind, - EntitiesQueriesOptionalParams, - EntitiesQueriesResponse, - EntityGetInsightsParameters, - EntitiesGetInsightsOptionalParams, - EntitiesGetInsightsResponse -} from "../models"; - -/// -/** Interface representing a Entities. */ -export interface Entities { - /** - * Gets all entities. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntitiesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesGetOptionalParams - ): Promise; - /** - * Expands an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an expand operation on the given entity. - * @param options The options parameters. - */ - expand( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityExpandParameters, - options?: EntitiesExpandOptionalParams - ): Promise; - /** - * Get Insights and Activities for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param kind The Kind parameter for queries - * @param options The options parameters. - */ - queries( - resourceGroupName: string, - workspaceName: string, - entityId: string, - kind: EntityItemQueryKind, - options?: EntitiesQueriesOptionalParams - ): Promise; - /** - * Execute Insights for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute insights on the given entity. - * @param options The options parameters. - */ - getInsights( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityGetInsightsParameters, - options?: EntitiesGetInsightsOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts deleted file mode 100644 index 996a01b8049f..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesGetTimeline.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - EntityTimelineParameters, - EntitiesGetTimelineListOptionalParams, - EntitiesGetTimelineListResponse -} from "../models"; - -/** Interface representing a EntitiesGetTimeline. */ -export interface EntitiesGetTimeline { - /** - * Timeline for an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param parameters The parameters required to execute an timeline operation on the given entity. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - parameters: EntityTimelineParameters, - options?: EntitiesGetTimelineListOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts deleted file mode 100644 index 3c16852eab43..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entitiesRelations.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { Relation, EntitiesRelationsListOptionalParams } from "../models"; - -/// -/** Interface representing a EntitiesRelations. */ -export interface EntitiesRelations { - /** - * Gets all relations of an entity. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - entityId: string, - options?: EntitiesRelationsListOptionalParams - ): PagedAsyncIterableIterator; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts deleted file mode 100644 index 33ad4415d960..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueries.ts +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityQueryUnion, - EntityQueriesListOptionalParams, - EntityQueriesGetOptionalParams, - EntityQueriesGetResponse, - CustomEntityQueryUnion, - EntityQueriesCreateOrUpdateOptionalParams, - EntityQueriesCreateOrUpdateResponse, - EntityQueriesDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a EntityQueries. */ -export interface EntityQueries { - /** - * Gets all entity queries. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueriesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesGetOptionalParams - ): Promise; - /** - * Creates or updates the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param entityQuery The entity query we want to create or update - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - entityQuery: CustomEntityQueryUnion, - options?: EntityQueriesCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryId entity query ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - entityQueryId: string, - options?: EntityQueriesDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts deleted file mode 100644 index a3a023d1c5b8..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityQueryTemplates.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - EntityQueryTemplateUnion, - EntityQueryTemplatesListOptionalParams, - EntityQueryTemplatesGetOptionalParams, - EntityQueryTemplatesGetResponse -} from "../models"; - -/// -/** Interface representing a EntityQueryTemplates. */ -export interface EntityQueryTemplates { - /** - * Gets all entity query templates. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: EntityQueryTemplatesListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an entity query. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityQueryTemplateId entity query template ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - entityQueryTemplateId: string, - options?: EntityQueryTemplatesGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts deleted file mode 100644 index 5416a8543a30..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/entityRelations.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - EntityRelationsGetRelationOptionalParams, - EntityRelationsGetRelationResponse -} from "../models"; - -/** Interface representing a EntityRelations. */ -export interface EntityRelations { - /** - * Gets an entity relation. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param entityId entity ID - * @param relationName Relation Name - * @param options The options parameters. - */ - getRelation( - resourceGroupName: string, - workspaceName: string, - entityId: string, - relationName: string, - options?: EntityRelationsGetRelationOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts deleted file mode 100644 index b6060c5c6e20..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/iPGeodata.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { IPGeodataGetOptionalParams, IPGeodataGetResponse } from "../models"; - -/** Interface representing a IPGeodata. */ -export interface IPGeodata { - /** - * Get geodata for a single IP address - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param ipAddress IP address (v4 or v6) to be enriched - * @param options The options parameters. - */ - get( - resourceGroupName: string, - ipAddress: string, - options?: IPGeodataGetOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts index 3bce6e5213cf..fbf7e95930c6 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentComments.ts @@ -21,7 +21,7 @@ import { /** Interface representing a IncidentComments. */ export interface IncidentComments { /** - * Gets all incident comments. + * Gets all comments for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -34,7 +34,7 @@ export interface IncidentComments { options?: IncidentCommentsListOptionalParams ): PagedAsyncIterableIterator; /** - * Gets an incident comment. + * Gets a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -49,7 +49,7 @@ export interface IncidentComments { options?: IncidentCommentsGetOptionalParams ): Promise; /** - * Creates or updates the incident comment. + * Creates or updates a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -66,7 +66,7 @@ export interface IncidentComments { options?: IncidentCommentsCreateOrUpdateOptionalParams ): Promise; /** - * Delete the incident comment. + * Deletes a comment for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts index 6e4d50d7995e..f804b8f38ad5 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidentRelations.ts @@ -21,7 +21,7 @@ import { /** Interface representing a IncidentRelations. */ export interface IncidentRelations { /** - * Gets all incident relations. + * Gets all relations for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -34,7 +34,7 @@ export interface IncidentRelations { options?: IncidentRelationsListOptionalParams ): PagedAsyncIterableIterator; /** - * Gets an incident relation. + * Gets a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -49,7 +49,7 @@ export interface IncidentRelations { options?: IncidentRelationsGetOptionalParams ): Promise; /** - * Creates or updates the incident relation. + * Creates or updates a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -66,7 +66,7 @@ export interface IncidentRelations { options?: IncidentRelationsCreateOrUpdateOptionalParams ): Promise; /** - * Delete the incident relation. + * Deletes a relation for a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts index 18695a4f8cc7..431bd7fa87ce 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/incidents.ts @@ -10,16 +10,11 @@ import { PagedAsyncIterableIterator } from "@azure/core-paging"; import { Incident, IncidentsListOptionalParams, - IncidentsRunPlaybookOptionalParams, - IncidentsRunPlaybookResponse, IncidentsGetOptionalParams, IncidentsGetResponse, IncidentsCreateOrUpdateOptionalParams, IncidentsCreateOrUpdateResponse, IncidentsDeleteOptionalParams, - TeamProperties, - IncidentsCreateTeamOptionalParams, - IncidentsCreateTeamResponse, IncidentsListAlertsOptionalParams, IncidentsListAlertsResponse, IncidentsListBookmarksOptionalParams, @@ -43,20 +38,7 @@ export interface Incidents { options?: IncidentsListOptionalParams ): PagedAsyncIterableIterator; /** - * Triggers playbook on a specific incident - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentIdentifier - * @param options The options parameters. - */ - runPlaybook( - resourceGroupName: string, - workspaceName: string, - incidentIdentifier: string, - options?: IncidentsRunPlaybookOptionalParams - ): Promise; - /** - * Gets an incident. + * Gets a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -69,7 +51,7 @@ export interface Incidents { options?: IncidentsGetOptionalParams ): Promise; /** - * Creates or updates the incident. + * Creates or updates an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -84,7 +66,7 @@ export interface Incidents { options?: IncidentsCreateOrUpdateOptionalParams ): Promise; /** - * Delete the incident. + * Deletes a given incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -97,23 +79,7 @@ export interface Incidents { options?: IncidentsDeleteOptionalParams ): Promise; /** - * Creates a Microsoft team to investigate the incident by sharing information and insights between - * participants. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param incidentId Incident ID - * @param teamProperties Team properties - * @param options The options parameters. - */ - createTeam( - resourceGroupName: string, - workspaceName: string, - incidentId: string, - teamProperties: TeamProperties, - options?: IncidentsCreateTeamOptionalParams - ): Promise; - /** - * Gets all incident alerts. + * Gets all alerts for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -126,7 +92,7 @@ export interface Incidents { options?: IncidentsListAlertsOptionalParams ): Promise; /** - * Gets all incident bookmarks. + * Gets all bookmarks for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID @@ -139,7 +105,7 @@ export interface Incidents { options?: IncidentsListBookmarksOptionalParams ): Promise; /** - * Gets all incident related entities. + * Gets all entities for an incident. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param incidentId Incident ID diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts index 953a63a9a9d9..d8acbe9d739b 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/index.ts @@ -10,32 +10,15 @@ export * from "./alertRules"; export * from "./actions"; export * from "./alertRuleTemplates"; export * from "./automationRules"; -export * from "./incidents"; export * from "./bookmarks"; -export * from "./bookmarkRelations"; -export * from "./bookmarkOperations"; -export * from "./iPGeodata"; -export * from "./domainWhois"; -export * from "./entities"; -export * from "./entitiesGetTimeline"; -export * from "./entitiesRelations"; -export * from "./entityRelations"; -export * from "./entityQueries"; -export * from "./entityQueryTemplates"; +export * from "./dataConnectors"; +export * from "./incidents"; export * from "./incidentComments"; export * from "./incidentRelations"; -export * from "./metadata"; -export * from "./officeConsents"; export * from "./sentinelOnboardingStates"; -export * from "./securityMLAnalyticsSettings"; -export * from "./productSettings"; -export * from "./sourceControlOperations"; -export * from "./sourceControls"; export * from "./threatIntelligenceIndicator"; export * from "./threatIntelligenceIndicators"; export * from "./threatIntelligenceIndicatorMetrics"; export * from "./watchlists"; export * from "./watchlistItems"; -export * from "./dataConnectors"; -export * from "./dataConnectorsCheckRequirementsOperations"; export * from "./operations"; diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts deleted file mode 100644 index c0ea5a0cfd97..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/metadata.ts +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - MetadataModel, - MetadataListOptionalParams, - MetadataGetOptionalParams, - MetadataGetResponse, - MetadataDeleteOptionalParams, - MetadataCreateOptionalParams, - MetadataCreateResponse, - MetadataPatch, - MetadataUpdateOptionalParams, - MetadataUpdateResponse -} from "../models"; - -/// -/** Interface representing a Metadata. */ -export interface Metadata { - /** - * List of all metadata - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: MetadataListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Get a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataGetOptionalParams - ): Promise; - /** - * Delete a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - options?: MetadataDeleteOptionalParams - ): Promise; - /** - * Create a Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadata Metadata resource. - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadata: MetadataModel, - options?: MetadataCreateOptionalParams - ): Promise; - /** - * Update an existing Metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param metadataName The Metadata name. - * @param metadataPatch Partial metadata request. - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - metadataName: string, - metadataPatch: MetadataPatch, - options?: MetadataUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts deleted file mode 100644 index 6a5cdc6c10db..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/officeConsents.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - OfficeConsent, - OfficeConsentsListOptionalParams, - OfficeConsentsGetOptionalParams, - OfficeConsentsGetResponse, - OfficeConsentsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a OfficeConsents. */ -export interface OfficeConsents { - /** - * Gets all office365 consents. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: OfficeConsentsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets an office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsGetOptionalParams - ): Promise; - /** - * Delete the office365 consent. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param consentId consent ID - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - consentId: string, - options?: OfficeConsentsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts deleted file mode 100644 index e88280b71695..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/productSettings.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { - ProductSettingsListOptionalParams, - ProductSettingsListResponse, - ProductSettingsGetOptionalParams, - ProductSettingsGetResponse, - ProductSettingsDeleteOptionalParams, - SettingsUnion, - ProductSettingsUpdateOptionalParams, - ProductSettingsUpdateResponse -} from "../models"; - -/** Interface representing a ProductSettings. */ -export interface ProductSettings { - /** - * List of all the settings - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: ProductSettingsListOptionalParams - ): Promise; - /** - * Gets a setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsGetOptionalParams - ): Promise; - /** - * Delete setting of the product. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - options?: ProductSettingsDeleteOptionalParams - ): Promise; - /** - * Updates setting. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsName The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba - * @param settings The setting - * @param options The options parameters. - */ - update( - resourceGroupName: string, - workspaceName: string, - settingsName: string, - settings: SettingsUnion, - options?: ProductSettingsUpdateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/securityMLAnalyticsSettings.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/securityMLAnalyticsSettings.ts deleted file mode 100644 index 603ae1b2c8fb..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/securityMLAnalyticsSettings.ts +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - SecurityMLAnalyticsSettingUnion, - SecurityMLAnalyticsSettingsListOptionalParams, - SecurityMLAnalyticsSettingsGetOptionalParams, - SecurityMLAnalyticsSettingsGetResponse, - SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams, - SecurityMLAnalyticsSettingsCreateOrUpdateResponse, - SecurityMLAnalyticsSettingsDeleteOptionalParams -} from "../models"; - -/// -/** Interface representing a SecurityMLAnalyticsSettings. */ -export interface SecurityMLAnalyticsSettings { - /** - * Gets all Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: SecurityMLAnalyticsSettingsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - options?: SecurityMLAnalyticsSettingsGetOptionalParams - ): Promise; - /** - * Creates or updates the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param securityMLAnalyticsSetting The security ML Analytics setting - * @param options The options parameters. - */ - createOrUpdate( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - securityMLAnalyticsSetting: SecurityMLAnalyticsSettingUnion, - options?: SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams - ): Promise; - /** - * Delete the Security ML Analytics Settings. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param settingsResourceName Security ML Analytics Settings resource name - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - settingsResourceName: string, - options?: SecurityMLAnalyticsSettingsDeleteOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts deleted file mode 100644 index 75cb1cd61a83..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControlOperations.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - Repo, - RepoType, - SourceControlListRepositoriesOptionalParams -} from "../models"; - -/// -/** Interface representing a SourceControlOperations. */ -export interface SourceControlOperations { - /** - * Gets a list of repositories metadata. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param repoType The repo type. - * @param options The options parameters. - */ - listRepositories( - resourceGroupName: string, - workspaceName: string, - repoType: RepoType, - options?: SourceControlListRepositoriesOptionalParams - ): PagedAsyncIterableIterator; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts deleted file mode 100644 index 2e675d5f49a7..000000000000 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/sourceControls.ts +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) Microsoft Corporation. - * Licensed under the MIT License. - * - * Code generated by Microsoft (R) AutoRest Code Generator. - * Changes may cause incorrect behavior and will be lost if the code is regenerated. - */ - -import { PagedAsyncIterableIterator } from "@azure/core-paging"; -import { - SourceControl, - SourceControlsListOptionalParams, - SourceControlsGetOptionalParams, - SourceControlsGetResponse, - SourceControlsDeleteOptionalParams, - SourceControlsCreateOptionalParams, - SourceControlsCreateResponse -} from "../models"; - -/// -/** Interface representing a SourceControls. */ -export interface SourceControls { - /** - * Gets all source controls, without source control items. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param options The options parameters. - */ - list( - resourceGroupName: string, - workspaceName: string, - options?: SourceControlsListOptionalParams - ): PagedAsyncIterableIterator; - /** - * Gets a source control byt its identifier. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - get( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsGetOptionalParams - ): Promise; - /** - * Delete a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param options The options parameters. - */ - delete( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - options?: SourceControlsDeleteOptionalParams - ): Promise; - /** - * Creates a source control. - * @param resourceGroupName The name of the resource group. The name is case insensitive. - * @param workspaceName The name of the workspace. - * @param sourceControlId Source control Id - * @param sourceControl The SourceControl - * @param options The options parameters. - */ - create( - resourceGroupName: string, - workspaceName: string, - sourceControlId: string, - sourceControl: SourceControl, - options?: SourceControlsCreateOptionalParams - ): Promise; -} diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts index d5713dbc41a7..7273915420f4 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlistItems.ts @@ -21,10 +21,10 @@ import { /** Interface representing a WatchlistItems. */ export interface WatchlistItems { /** - * Gets all watchlist Items. + * Get all watchlist Items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ list( @@ -34,11 +34,11 @@ export interface WatchlistItems { options?: WatchlistItemsListOptionalParams ): PagedAsyncIterableIterator; /** - * Gets a watchlist, without its watchlist items. + * Get a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param options The options parameters. */ get( @@ -52,8 +52,8 @@ export interface WatchlistItems { * Delete a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param options The options parameters. */ delete( @@ -64,11 +64,11 @@ export interface WatchlistItems { options?: WatchlistItemsDeleteOptionalParams ): Promise; /** - * Creates or updates a watchlist item. + * Create or update a watchlist item. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias - * @param watchlistItemId Watchlist Item Id (GUID) + * @param watchlistAlias The watchlist alias + * @param watchlistItemId The watchlist item id (GUID) * @param watchlistItem The watchlist item * @param options The options parameters. */ diff --git a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts index 77f2dc227d5d..09c9d968e16f 100644 --- a/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts +++ b/sdk/securityinsight/arm-securityinsight/src/operationsInterfaces/watchlists.ts @@ -13,7 +13,6 @@ import { WatchlistsGetOptionalParams, WatchlistsGetResponse, WatchlistsDeleteOptionalParams, - WatchlistsDeleteResponse, WatchlistsCreateOrUpdateOptionalParams, WatchlistsCreateOrUpdateResponse } from "../models"; @@ -22,7 +21,7 @@ import { /** Interface representing a Watchlists. */ export interface Watchlists { /** - * Gets all watchlists, without watchlist items. + * Get all watchlists, without watchlist items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. * @param options The options parameters. @@ -33,10 +32,10 @@ export interface Watchlists { options?: WatchlistsListOptionalParams ): PagedAsyncIterableIterator; /** - * Gets a watchlist, without its watchlist items. + * Get a watchlist, without its watchlist items. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ get( @@ -49,7 +48,7 @@ export interface Watchlists { * Delete a watchlist. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param options The options parameters. */ delete( @@ -57,17 +56,14 @@ export interface Watchlists { workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams - ): Promise; + ): Promise; /** * Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content - * type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a - * valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content - * size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can - * go up to 500 MB. The status of processing such large file can be polled through the URL returned in - * Azure-AsyncOperation header. + * type). To create a Watchlist and its Items, we should call this endpoint with rawContent and + * contentType properties. * @param resourceGroupName The name of the resource group. The name is case insensitive. * @param workspaceName The name of the workspace. - * @param watchlistAlias Watchlist Alias + * @param watchlistAlias The watchlist alias * @param watchlist The watchlist * @param options The options parameters. */ diff --git a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts index 8bdfe0d3b316..4a60e47b72a0 100644 --- a/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts +++ b/sdk/securityinsight/arm-securityinsight/src/securityInsights.ts @@ -19,34 +19,17 @@ import { ActionsImpl, AlertRuleTemplatesImpl, AutomationRulesImpl, - IncidentsImpl, BookmarksImpl, - BookmarkRelationsImpl, - BookmarkOperationsImpl, - IPGeodataImpl, - DomainWhoisImpl, - EntitiesImpl, - EntitiesGetTimelineImpl, - EntitiesRelationsImpl, - EntityRelationsImpl, - EntityQueriesImpl, - EntityQueryTemplatesImpl, + DataConnectorsImpl, + IncidentsImpl, IncidentCommentsImpl, IncidentRelationsImpl, - MetadataImpl, - OfficeConsentsImpl, SentinelOnboardingStatesImpl, - SecurityMLAnalyticsSettingsImpl, - ProductSettingsImpl, - SourceControlOperationsImpl, - SourceControlsImpl, ThreatIntelligenceIndicatorImpl, ThreatIntelligenceIndicatorsImpl, ThreatIntelligenceIndicatorMetricsImpl, WatchlistsImpl, WatchlistItemsImpl, - DataConnectorsImpl, - DataConnectorsCheckRequirementsOperationsImpl, OperationsImpl } from "./operations"; import { @@ -54,34 +37,17 @@ import { Actions, AlertRuleTemplates, AutomationRules, - Incidents, Bookmarks, - BookmarkRelations, - BookmarkOperations, - IPGeodata, - DomainWhois, - Entities, - EntitiesGetTimeline, - EntitiesRelations, - EntityRelations, - EntityQueries, - EntityQueryTemplates, + DataConnectors, + Incidents, IncidentComments, IncidentRelations, - Metadata, - OfficeConsents, SentinelOnboardingStates, - SecurityMLAnalyticsSettings, - ProductSettings, - SourceControlOperations, - SourceControls, ThreatIntelligenceIndicator, ThreatIntelligenceIndicators, ThreatIntelligenceIndicatorMetrics, Watchlists, WatchlistItems, - DataConnectors, - DataConnectorsCheckRequirementsOperations, Operations } from "./operationsInterfaces"; import { SecurityInsightsOptionalParams } from "./models"; @@ -118,7 +84,7 @@ export class SecurityInsights extends coreClient.ServiceClient { credential: credentials }; - const packageDetails = `azsdk-js-arm-securityinsight/1.0.0-beta.4`; + const packageDetails = `azsdk-js-arm-securityinsight/1.0.0`; const userAgentPrefix = options.userAgentOptions && options.userAgentOptions.userAgentPrefix ? `${options.userAgentOptions.userAgentPrefix} ${packageDetails}` @@ -138,68 +104,44 @@ export class SecurityInsights extends coreClient.ServiceClient { }; super(optionsWithDefaults); - let bearerTokenAuthenticationPolicyFound: boolean = false; if (options?.pipeline && options.pipeline.getOrderedPolicies().length > 0) { const pipelinePolicies: coreRestPipeline.PipelinePolicy[] = options.pipeline.getOrderedPolicies(); - bearerTokenAuthenticationPolicyFound = pipelinePolicies.some( + const bearerTokenAuthenticationPolicyFound = pipelinePolicies.some( (pipelinePolicy) => pipelinePolicy.name === coreRestPipeline.bearerTokenAuthenticationPolicyName ); - } - if ( - !options || - !options.pipeline || - options.pipeline.getOrderedPolicies().length == 0 || - !bearerTokenAuthenticationPolicyFound - ) { - this.pipeline.removePolicy({ - name: coreRestPipeline.bearerTokenAuthenticationPolicyName - }); - this.pipeline.addPolicy( - coreRestPipeline.bearerTokenAuthenticationPolicy({ - credential: credentials, - scopes: `${optionsWithDefaults.credentialScopes}`, - challengeCallbacks: { - authorizeRequestOnChallenge: - coreClient.authorizeRequestOnClaimChallenge - } - }) - ); + if (!bearerTokenAuthenticationPolicyFound) { + this.pipeline.removePolicy({ + name: coreRestPipeline.bearerTokenAuthenticationPolicyName + }); + this.pipeline.addPolicy( + coreRestPipeline.bearerTokenAuthenticationPolicy({ + scopes: `${optionsWithDefaults.baseUri}/.default`, + challengeCallbacks: { + authorizeRequestOnChallenge: + coreClient.authorizeRequestOnClaimChallenge + } + }) + ); + } } // Parameter assignments this.subscriptionId = subscriptionId; // Assigning values to Constant parameters this.$host = options.$host || "https://management.azure.com"; - this.apiVersion = options.apiVersion || "2022-07-01-preview"; + this.apiVersion = options.apiVersion || "2022-08-01"; this.alertRules = new AlertRulesImpl(this); this.actions = new ActionsImpl(this); this.alertRuleTemplates = new AlertRuleTemplatesImpl(this); this.automationRules = new AutomationRulesImpl(this); - this.incidents = new IncidentsImpl(this); this.bookmarks = new BookmarksImpl(this); - this.bookmarkRelations = new BookmarkRelationsImpl(this); - this.bookmarkOperations = new BookmarkOperationsImpl(this); - this.iPGeodata = new IPGeodataImpl(this); - this.domainWhois = new DomainWhoisImpl(this); - this.entities = new EntitiesImpl(this); - this.entitiesGetTimeline = new EntitiesGetTimelineImpl(this); - this.entitiesRelations = new EntitiesRelationsImpl(this); - this.entityRelations = new EntityRelationsImpl(this); - this.entityQueries = new EntityQueriesImpl(this); - this.entityQueryTemplates = new EntityQueryTemplatesImpl(this); + this.dataConnectors = new DataConnectorsImpl(this); + this.incidents = new IncidentsImpl(this); this.incidentComments = new IncidentCommentsImpl(this); this.incidentRelations = new IncidentRelationsImpl(this); - this.metadata = new MetadataImpl(this); - this.officeConsents = new OfficeConsentsImpl(this); this.sentinelOnboardingStates = new SentinelOnboardingStatesImpl(this); - this.securityMLAnalyticsSettings = new SecurityMLAnalyticsSettingsImpl( - this - ); - this.productSettings = new ProductSettingsImpl(this); - this.sourceControlOperations = new SourceControlOperationsImpl(this); - this.sourceControls = new SourceControlsImpl(this); this.threatIntelligenceIndicator = new ThreatIntelligenceIndicatorImpl( this ); @@ -211,10 +153,6 @@ export class SecurityInsights extends coreClient.ServiceClient { ); this.watchlists = new WatchlistsImpl(this); this.watchlistItems = new WatchlistItemsImpl(this); - this.dataConnectors = new DataConnectorsImpl(this); - this.dataConnectorsCheckRequirementsOperations = new DataConnectorsCheckRequirementsOperationsImpl( - this - ); this.operations = new OperationsImpl(this); this.addCustomApiVersionPolicy(options.apiVersion); } @@ -234,7 +172,7 @@ export class SecurityInsights extends coreClient.ServiceClient { if (param.length > 1) { const newParams = param[1].split("&").map((item) => { if (item.indexOf("api-version") > -1) { - return "api-version=" + apiVersion; + return item.replace(/(?<==).*$/, apiVersion); } else { return item; } @@ -251,33 +189,16 @@ export class SecurityInsights extends coreClient.ServiceClient { actions: Actions; alertRuleTemplates: AlertRuleTemplates; automationRules: AutomationRules; - incidents: Incidents; bookmarks: Bookmarks; - bookmarkRelations: BookmarkRelations; - bookmarkOperations: BookmarkOperations; - iPGeodata: IPGeodata; - domainWhois: DomainWhois; - entities: Entities; - entitiesGetTimeline: EntitiesGetTimeline; - entitiesRelations: EntitiesRelations; - entityRelations: EntityRelations; - entityQueries: EntityQueries; - entityQueryTemplates: EntityQueryTemplates; + dataConnectors: DataConnectors; + incidents: Incidents; incidentComments: IncidentComments; incidentRelations: IncidentRelations; - metadata: Metadata; - officeConsents: OfficeConsents; sentinelOnboardingStates: SentinelOnboardingStates; - securityMLAnalyticsSettings: SecurityMLAnalyticsSettings; - productSettings: ProductSettings; - sourceControlOperations: SourceControlOperations; - sourceControls: SourceControls; threatIntelligenceIndicator: ThreatIntelligenceIndicator; threatIntelligenceIndicators: ThreatIntelligenceIndicators; threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics; watchlists: Watchlists; watchlistItems: WatchlistItems; - dataConnectors: DataConnectors; - dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations; operations: Operations; } diff --git a/sdk/securityinsight/arm-securityinsight/tsconfig.json b/sdk/securityinsight/arm-securityinsight/tsconfig.json index 6c7875caddba..3e6ae96443f3 100644 --- a/sdk/securityinsight/arm-securityinsight/tsconfig.json +++ b/sdk/securityinsight/arm-securityinsight/tsconfig.json @@ -15,17 +15,11 @@ ], "declaration": true, "outDir": "./dist-esm", - "importHelpers": true, - "paths": { - "@azure/arm-securityinsight": [ - "./src/index" - ] - } + "importHelpers": true }, "include": [ "./src/**/*.ts", - "./test/**/*.ts", - "samples-dev/**/*.ts" + "./test/**/*.ts" ], "exclude": [ "node_modules"