diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json index fa7204443a7e..a211f3001990 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json +++ b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json @@ -1,11 +1,11 @@ { - "commit": "89a9bf17524904e7670f0fd2d62ac882ca00d85c", + "commit": "bceb2b488bf9c1a2191668230a709ec21b649645", "repository_url": "https://github.com/Azure/azure-rest-api-specs", "autorest": "3.9.2", "use": [ - "@autorest/python@6.2.7", + "@autorest/python@6.2.16", "@autorest/modelerfour@4.24.3" ], - "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/home/vsts/work/1/azure-sdk-for-python/sdk --use=@autorest/python@6.2.7 --use=@autorest/modelerfour@4.24.3 --version=3.9.2 --version-tolerant=False", + "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-python/sdk --use=@autorest/python@6.2.16 --use=@autorest/modelerfour@4.24.3 --version=3.9.2 --version-tolerant=False", "readme": "specification/securityinsights/resource-manager/readme.md" } \ No newline at end of file diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py index 9b68f6af78ea..7410ef8123b5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py @@ -35,14 +35,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials.TokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding - this default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2023-02-01". Note that overriding this + default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "TokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", "2023-02-01") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py index 3cde4c860447..9c912f96049c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py @@ -20,38 +20,17 @@ AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, - BookmarkOperations, - BookmarkRelationsOperations, BookmarksOperations, - DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, - DomainWhoisOperations, - EntitiesGetTimelineOperations, - EntitiesOperations, - EntitiesRelationsOperations, - EntityQueriesOperations, - EntityQueryTemplatesOperations, - EntityRelationsOperations, - FileImportsOperations, - GetOperations, - GetRecommendationsOperations, - IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, - IncidentTasksOperations, IncidentsOperations, - MetadataOperations, - OfficeConsentsOperations, Operations, - ProductSettingsOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, - SourceControlOperations, - SourceControlsOperations, ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, - UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, ) @@ -73,63 +52,22 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.operations.AutomationRulesOperations - :ivar incidents: IncidentsOperations operations - :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations - :ivar bookmark_relations: BookmarkRelationsOperations operations - :vartype bookmark_relations: azure.mgmt.securityinsight.operations.BookmarkRelationsOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: azure.mgmt.securityinsight.operations.BookmarkOperations - :ivar ip_geodata: IPGeodataOperations operations - :vartype ip_geodata: azure.mgmt.securityinsight.operations.IPGeodataOperations - :ivar domain_whois: DomainWhoisOperations operations - :vartype domain_whois: azure.mgmt.securityinsight.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations - :ivar entities_get_timeline: EntitiesGetTimelineOperations operations - :vartype entities_get_timeline: - azure.mgmt.securityinsight.operations.EntitiesGetTimelineOperations - :ivar entities_relations: EntitiesRelationsOperations operations - :vartype entities_relations: azure.mgmt.securityinsight.operations.EntitiesRelationsOperations - :ivar entity_relations: EntityRelationsOperations operations - :vartype entity_relations: azure.mgmt.securityinsight.operations.EntityRelationsOperations - :ivar entity_queries: EntityQueriesOperations operations - :vartype entity_queries: azure.mgmt.securityinsight.operations.EntityQueriesOperations - :ivar entity_query_templates: EntityQueryTemplatesOperations operations - :vartype entity_query_templates: - azure.mgmt.securityinsight.operations.EntityQueryTemplatesOperations - :ivar file_imports: FileImportsOperations operations - :vartype file_imports: azure.mgmt.securityinsight.operations.FileImportsOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations + :ivar incidents: IncidentsOperations operations + :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations :vartype incident_relations: azure.mgmt.securityinsight.operations.IncidentRelationsOperations - :ivar incident_tasks: IncidentTasksOperations operations - :vartype incident_tasks: azure.mgmt.securityinsight.operations.IncidentTasksOperations - :ivar metadata: MetadataOperations operations - :vartype metadata: azure.mgmt.securityinsight.operations.MetadataOperations - :ivar office_consents: OfficeConsentsOperations operations - :vartype office_consents: azure.mgmt.securityinsight.operations.OfficeConsentsOperations :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations :vartype sentinel_onboarding_states: azure.mgmt.securityinsight.operations.SentinelOnboardingStatesOperations - :ivar get_recommendations: GetRecommendationsOperations operations - :vartype get_recommendations: - azure.mgmt.securityinsight.operations.GetRecommendationsOperations - :ivar get: GetOperations operations - :vartype get: azure.mgmt.securityinsight.operations.GetOperations - :ivar update: UpdateOperations operations - :vartype update: azure.mgmt.securityinsight.operations.UpdateOperations :ivar security_ml_analytics_settings: SecurityMLAnalyticsSettingsOperations operations :vartype security_ml_analytics_settings: azure.mgmt.securityinsight.operations.SecurityMLAnalyticsSettingsOperations - :ivar product_settings: ProductSettingsOperations operations - :vartype product_settings: azure.mgmt.securityinsight.operations.ProductSettingsOperations - :ivar source_control: SourceControlOperations operations - :vartype source_control: azure.mgmt.securityinsight.operations.SourceControlOperations - :ivar source_controls: SourceControlsOperations operations - :vartype source_controls: azure.mgmt.securityinsight.operations.SourceControlsOperations :ivar threat_intelligence_indicator: ThreatIntelligenceIndicatorOperations operations :vartype threat_intelligence_indicator: azure.mgmt.securityinsight.operations.ThreatIntelligenceIndicatorOperations @@ -144,11 +82,6 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :vartype watchlists: azure.mgmt.securityinsight.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.operations.WatchlistItemsOperations - :ivar data_connectors: DataConnectorsOperations operations - :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations - :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations - :vartype data_connectors_check_requirements: - azure.mgmt.securityinsight.operations.DataConnectorsCheckRequirementsOperations :ivar operations: Operations operations :vartype operations: azure.mgmt.securityinsight.operations.Operations :param credential: Credential needed for the client to connect to Azure. Required. @@ -157,11 +90,9 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding - this default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2023-02-01". Note that overriding this + default value may result in unsupported behavior. :paramtype api_version: str - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. """ def __init__( @@ -186,54 +117,21 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) - self.bookmark_relations = BookmarkRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) - self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) - self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities_get_timeline = EntitiesGetTimelineOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entities_relations = EntitiesRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entity_relations = EntityRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entity_queries = EntityQueriesOperations(self._client, self._config, self._serialize, self._deserialize) - self.entity_query_templates = EntityQueryTemplatesOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) + self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) self.incident_relations = IncidentRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_tasks = IncidentTasksOperations(self._client, self._config, self._serialize, self._deserialize) - self.metadata = MetadataOperations(self._client, self._config, self._serialize, self._deserialize) - self.office_consents = OfficeConsentsOperations(self._client, self._config, self._serialize, self._deserialize) self.sentinel_onboarding_states = SentinelOnboardingStatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.get_recommendations = GetRecommendationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.get = GetOperations(self._client, self._config, self._serialize, self._deserialize) - self.update = UpdateOperations(self._client, self._config, self._serialize, self._deserialize) self.security_ml_analytics_settings = SecurityMLAnalyticsSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.product_settings = ProductSettingsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.source_control = SourceControlOperations(self._client, self._config, self._serialize, self._deserialize) - self.source_controls = SourceControlsOperations(self._client, self._config, self._serialize, self._deserialize) self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -245,10 +143,6 @@ def __init__( ) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) - self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) - self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( - self._client, self._config, self._serialize, self._deserialize - ) self.operations = Operations(self._client, self._config, self._serialize, self._deserialize) def _send_request(self, request: HttpRequest, **kwargs: Any) -> HttpResponse: diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py index 2c170e28dbca..f17c068e833e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py @@ -38,7 +38,22 @@ import re import sys import codecs -from typing import Optional, Union, AnyStr, IO, Mapping +from typing import ( + Dict, + Any, + cast, + Optional, + Union, + AnyStr, + IO, + Mapping, + Callable, + TypeVar, + MutableMapping, + Type, + List, + Mapping, +) try: from urllib import quote # type: ignore @@ -48,12 +63,14 @@ import isodate # type: ignore -from typing import Dict, Any, cast - from azure.core.exceptions import DeserializationError, SerializationError, raise_with_traceback +from azure.core.serialization import NULL as AzureCoreNull _BOM = codecs.BOM_UTF8.decode(encoding="utf-8") +ModelType = TypeVar("ModelType", bound="Model") +JSON = MutableMapping[str, Any] + class RawDeserializer: @@ -277,8 +294,8 @@ class Model(object): _attribute_map: Dict[str, Dict[str, Any]] = {} _validation: Dict[str, Dict[str, Any]] = {} - def __init__(self, **kwargs): - self.additional_properties = {} + def __init__(self, **kwargs: Any) -> None: + self.additional_properties: Dict[str, Any] = {} for k in kwargs: if k not in self._attribute_map: _LOGGER.warning("%s is not a known attribute of class %s and will be ignored", k, self.__class__) @@ -287,25 +304,25 @@ def __init__(self, **kwargs): else: setattr(self, k, kwargs[k]) - def __eq__(self, other): + def __eq__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" if isinstance(other, self.__class__): return self.__dict__ == other.__dict__ return False - def __ne__(self, other): + def __ne__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" return not self.__eq__(other) - def __str__(self): + def __str__(self) -> str: return str(self.__dict__) @classmethod - def enable_additional_properties_sending(cls): + def enable_additional_properties_sending(cls) -> None: cls._attribute_map["additional_properties"] = {"key": "", "type": "{object}"} @classmethod - def is_xml_model(cls): + def is_xml_model(cls) -> bool: try: cls._xml_map # type: ignore except AttributeError: @@ -322,7 +339,7 @@ def _create_xml_node(cls): return _create_xml_node(xml_map.get("name", cls.__name__), xml_map.get("prefix", None), xml_map.get("ns", None)) - def serialize(self, keep_readonly=False, **kwargs): + def serialize(self, keep_readonly: bool = False, **kwargs: Any) -> JSON: """Return the JSON that would be sent to azure from this model. This is an alias to `as_dict(full_restapi_key_transformer, keep_readonly=False)`. @@ -336,8 +353,13 @@ def serialize(self, keep_readonly=False, **kwargs): serializer = Serializer(self._infer_class_models()) return serializer._serialize(self, keep_readonly=keep_readonly, **kwargs) - def as_dict(self, keep_readonly=True, key_transformer=attribute_transformer, **kwargs): - """Return a dict that can be JSONify using json.dump. + def as_dict( + self, + keep_readonly: bool = True, + key_transformer: Callable[[str, Dict[str, Any], Any], Any] = attribute_transformer, + **kwargs: Any + ) -> JSON: + """Return a dict that can be serialized using json.dump. Advanced usage might optionally use a callback as parameter: @@ -384,7 +406,7 @@ def _infer_class_models(cls): return client_models @classmethod - def deserialize(cls, data, content_type=None): + def deserialize(cls: Type[ModelType], data: Any, content_type: Optional[str] = None) -> ModelType: """Parse a str using the RestAPI syntax and return a model. :param str data: A str using RestAPI structure. JSON by default. @@ -396,7 +418,12 @@ def deserialize(cls, data, content_type=None): return deserializer(cls.__name__, data, content_type=content_type) @classmethod - def from_dict(cls, data, key_extractors=None, content_type=None): + def from_dict( + cls: Type[ModelType], + data: Any, + key_extractors: Optional[Callable[[str, Dict[str, Any], Any], Any]] = None, + content_type: Optional[str] = None, + ) -> ModelType: """Parse a dict using given key extractor return a model. By default consider key @@ -409,8 +436,8 @@ def from_dict(cls, data, key_extractors=None, content_type=None): :raises: DeserializationError if something went wrong """ deserializer = Deserializer(cls._infer_class_models()) - deserializer.key_extractors = ( - [ + deserializer.key_extractors = ( # type: ignore + [ # type: ignore attribute_key_case_insensitive_extractor, rest_key_case_insensitive_extractor, last_rest_key_case_insensitive_extractor, @@ -518,7 +545,7 @@ class Serializer(object): "multiple": lambda x, y: x % y != 0, } - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.serialize_type = { "iso-8601": Serializer.serialize_iso, "rfc-1123": Serializer.serialize_rfc, @@ -534,7 +561,7 @@ def __init__(self, classes=None): "[]": self.serialize_iter, "{}": self.serialize_dict, } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_transformer = full_restapi_key_transformer self.client_side_validation = True @@ -626,8 +653,7 @@ def _serialize(self, target_obj, data_type=None, **kwargs): serialized.append(local_node) # type: ignore else: # JSON for k in reversed(keys): # type: ignore - unflattened = {k: new_attr} - new_attr = unflattened + new_attr = {k: new_attr} _new_attr = new_attr _serialized = serialized @@ -656,8 +682,8 @@ def body(self, data, data_type, **kwargs): """ # Just in case this is a dict - internal_data_type = data_type.strip("[]{}") - internal_data_type = self.dependencies.get(internal_data_type, None) + internal_data_type_str = data_type.strip("[]{}") + internal_data_type = self.dependencies.get(internal_data_type_str, None) try: is_xml_model_serialization = kwargs["is_xml"] except KeyError: @@ -777,6 +803,8 @@ def serialize_data(self, data, data_type, **kwargs): raise ValueError("No value for given attribute") try: + if data is AzureCoreNull: + return None if data_type in self.basic_types.values(): return self.serialize_basic(data, data_type, **kwargs) @@ -1161,7 +1189,8 @@ def rest_key_extractor(attr, attr_desc, data): working_data = data while "." in key: - dict_keys = _FLATTEN.split(key) + # Need the cast, as for some reasons "split" is typed as list[str | Any] + dict_keys = cast(List[str], _FLATTEN.split(key)) if len(dict_keys) == 1: key = _decode_attribute_map_key(dict_keys[0]) break @@ -1332,7 +1361,7 @@ class Deserializer(object): valid_date = re.compile(r"\d{4}[-]\d{2}[-]\d{2}T\d{2}:\d{2}:\d{2}" r"\.?\d*Z?[-+]?[\d{2}]?:?[\d{2}]?") - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.deserialize_type = { "iso-8601": Deserializer.deserialize_iso, "rfc-1123": Deserializer.deserialize_rfc, @@ -1352,7 +1381,7 @@ def __init__(self, classes=None): "duration": (isodate.Duration, datetime.timedelta), "iso-8601": (datetime.datetime), } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_extractors = [rest_key_extractor, xml_key_extractor] # Additional properties only works if the "rest_key_extractor" is used to # extract the keys. Making it to work whatever the key extractor is too much @@ -1471,7 +1500,7 @@ def _classify_target(self, target, data): Once classification has been determined, initialize object. :param str target: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. """ if target is None: return None, None @@ -1486,7 +1515,7 @@ def _classify_target(self, target, data): target = target._classify(data, self.dependencies) except AttributeError: pass # Target is not a Model, no classify - return target, target.__class__.__name__ + return target, target.__class__.__name__ # type: ignore def failsafe_deserialize(self, target_obj, data, content_type=None): """Ignores any errors encountered in deserialization, @@ -1496,7 +1525,7 @@ def failsafe_deserialize(self, target_obj, data, content_type=None): a deserialization error. :param str target_obj: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. :param str content_type: Swagger "produces" if available. """ try: diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py index 9aad73fc743e..bd0df84f5319 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py @@ -5,6 +5,8 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from typing import List, cast + from azure.core.pipeline.transport import HttpRequest @@ -22,6 +24,7 @@ def _format_url_section(template, **kwargs): try: return template.format(**kwargs) except KeyError as key: - formatted_components = template.split("/") + # Need the cast, as for some reasons "split" is typed as list[str | Any] + formatted_components = cast(List[str], template.split("/")) components = [c for c in formatted_components if "{}".format(key.args[0]) not in c] template = "/".join(components) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py index 2eda20789583..e5754a47ce68 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py @@ -6,4 +6,4 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -VERSION = "2.0.0b2" +VERSION = "1.0.0b1" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py index e334994b3258..f372723d3bbe 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py @@ -35,14 +35,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials_async.AsyncTokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding - this default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2023-02-01". Note that overriding this + default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "AsyncTokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", "2023-02-01") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py index 6a0f5faa2f24..0dc8bb878114 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py @@ -20,38 +20,17 @@ AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, - BookmarkOperations, - BookmarkRelationsOperations, BookmarksOperations, - DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, - DomainWhoisOperations, - EntitiesGetTimelineOperations, - EntitiesOperations, - EntitiesRelationsOperations, - EntityQueriesOperations, - EntityQueryTemplatesOperations, - EntityRelationsOperations, - FileImportsOperations, - GetOperations, - GetRecommendationsOperations, - IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, - IncidentTasksOperations, IncidentsOperations, - MetadataOperations, - OfficeConsentsOperations, Operations, - ProductSettingsOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, - SourceControlOperations, - SourceControlsOperations, ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, - UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, ) @@ -73,67 +52,24 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.aio.operations.AutomationRulesOperations - :ivar incidents: IncidentsOperations operations - :vartype incidents: azure.mgmt.securityinsight.aio.operations.IncidentsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.aio.operations.BookmarksOperations - :ivar bookmark_relations: BookmarkRelationsOperations operations - :vartype bookmark_relations: - azure.mgmt.securityinsight.aio.operations.BookmarkRelationsOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: azure.mgmt.securityinsight.aio.operations.BookmarkOperations - :ivar ip_geodata: IPGeodataOperations operations - :vartype ip_geodata: azure.mgmt.securityinsight.aio.operations.IPGeodataOperations - :ivar domain_whois: DomainWhoisOperations operations - :vartype domain_whois: azure.mgmt.securityinsight.aio.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations - :ivar entities_get_timeline: EntitiesGetTimelineOperations operations - :vartype entities_get_timeline: - azure.mgmt.securityinsight.aio.operations.EntitiesGetTimelineOperations - :ivar entities_relations: EntitiesRelationsOperations operations - :vartype entities_relations: - azure.mgmt.securityinsight.aio.operations.EntitiesRelationsOperations - :ivar entity_relations: EntityRelationsOperations operations - :vartype entity_relations: azure.mgmt.securityinsight.aio.operations.EntityRelationsOperations - :ivar entity_queries: EntityQueriesOperations operations - :vartype entity_queries: azure.mgmt.securityinsight.aio.operations.EntityQueriesOperations - :ivar entity_query_templates: EntityQueryTemplatesOperations operations - :vartype entity_query_templates: - azure.mgmt.securityinsight.aio.operations.EntityQueryTemplatesOperations - :ivar file_imports: FileImportsOperations operations - :vartype file_imports: azure.mgmt.securityinsight.aio.operations.FileImportsOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: azure.mgmt.securityinsight.aio.operations.DataConnectorsOperations + :ivar incidents: IncidentsOperations operations + :vartype incidents: azure.mgmt.securityinsight.aio.operations.IncidentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.aio.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations :vartype incident_relations: azure.mgmt.securityinsight.aio.operations.IncidentRelationsOperations - :ivar incident_tasks: IncidentTasksOperations operations - :vartype incident_tasks: azure.mgmt.securityinsight.aio.operations.IncidentTasksOperations - :ivar metadata: MetadataOperations operations - :vartype metadata: azure.mgmt.securityinsight.aio.operations.MetadataOperations - :ivar office_consents: OfficeConsentsOperations operations - :vartype office_consents: azure.mgmt.securityinsight.aio.operations.OfficeConsentsOperations :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations :vartype sentinel_onboarding_states: azure.mgmt.securityinsight.aio.operations.SentinelOnboardingStatesOperations - :ivar get_recommendations: GetRecommendationsOperations operations - :vartype get_recommendations: - azure.mgmt.securityinsight.aio.operations.GetRecommendationsOperations - :ivar get: GetOperations operations - :vartype get: azure.mgmt.securityinsight.aio.operations.GetOperations - :ivar update: UpdateOperations operations - :vartype update: azure.mgmt.securityinsight.aio.operations.UpdateOperations :ivar security_ml_analytics_settings: SecurityMLAnalyticsSettingsOperations operations :vartype security_ml_analytics_settings: azure.mgmt.securityinsight.aio.operations.SecurityMLAnalyticsSettingsOperations - :ivar product_settings: ProductSettingsOperations operations - :vartype product_settings: azure.mgmt.securityinsight.aio.operations.ProductSettingsOperations - :ivar source_control: SourceControlOperations operations - :vartype source_control: azure.mgmt.securityinsight.aio.operations.SourceControlOperations - :ivar source_controls: SourceControlsOperations operations - :vartype source_controls: azure.mgmt.securityinsight.aio.operations.SourceControlsOperations :ivar threat_intelligence_indicator: ThreatIntelligenceIndicatorOperations operations :vartype threat_intelligence_indicator: azure.mgmt.securityinsight.aio.operations.ThreatIntelligenceIndicatorOperations @@ -148,11 +84,6 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :vartype watchlists: azure.mgmt.securityinsight.aio.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.aio.operations.WatchlistItemsOperations - :ivar data_connectors: DataConnectorsOperations operations - :vartype data_connectors: azure.mgmt.securityinsight.aio.operations.DataConnectorsOperations - :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations - :vartype data_connectors_check_requirements: - azure.mgmt.securityinsight.aio.operations.DataConnectorsCheckRequirementsOperations :ivar operations: Operations operations :vartype operations: azure.mgmt.securityinsight.aio.operations.Operations :param credential: Credential needed for the client to connect to Azure. Required. @@ -161,11 +92,9 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding - this default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2023-02-01". Note that overriding this + default value may result in unsupported behavior. :paramtype api_version: str - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. """ def __init__( @@ -190,54 +119,21 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) - self.bookmark_relations = BookmarkRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) - self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) - self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities_get_timeline = EntitiesGetTimelineOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entities_relations = EntitiesRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entity_relations = EntityRelationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.entity_queries = EntityQueriesOperations(self._client, self._config, self._serialize, self._deserialize) - self.entity_query_templates = EntityQueryTemplatesOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) + self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) self.incident_relations = IncidentRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_tasks = IncidentTasksOperations(self._client, self._config, self._serialize, self._deserialize) - self.metadata = MetadataOperations(self._client, self._config, self._serialize, self._deserialize) - self.office_consents = OfficeConsentsOperations(self._client, self._config, self._serialize, self._deserialize) self.sentinel_onboarding_states = SentinelOnboardingStatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.get_recommendations = GetRecommendationsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.get = GetOperations(self._client, self._config, self._serialize, self._deserialize) - self.update = UpdateOperations(self._client, self._config, self._serialize, self._deserialize) self.security_ml_analytics_settings = SecurityMLAnalyticsSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.product_settings = ProductSettingsOperations( - self._client, self._config, self._serialize, self._deserialize - ) - self.source_control = SourceControlOperations(self._client, self._config, self._serialize, self._deserialize) - self.source_controls = SourceControlsOperations(self._client, self._config, self._serialize, self._deserialize) self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -249,10 +145,6 @@ def __init__( ) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) - self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) - self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( - self._client, self._config, self._serialize, self._deserialize - ) self.operations = Operations(self._client, self._config, self._serialize, self._deserialize) def _send_request(self, request: HttpRequest, **kwargs: Any) -> Awaitable[AsyncHttpResponse]: diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py index 802d895ef601..792af61f8f53 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py @@ -10,39 +10,18 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations -from ._incidents_operations import IncidentsOperations from ._bookmarks_operations import BookmarksOperations -from ._bookmark_relations_operations import BookmarkRelationsOperations -from ._bookmark_operations import BookmarkOperations -from ._ip_geodata_operations import IPGeodataOperations -from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations -from ._entities_get_timeline_operations import EntitiesGetTimelineOperations -from ._entities_relations_operations import EntitiesRelationsOperations -from ._entity_relations_operations import EntityRelationsOperations -from ._entity_queries_operations import EntityQueriesOperations -from ._entity_query_templates_operations import EntityQueryTemplatesOperations -from ._file_imports_operations import FileImportsOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._incidents_operations import IncidentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations -from ._incident_tasks_operations import IncidentTasksOperations -from ._metadata_operations import MetadataOperations -from ._office_consents_operations import OfficeConsentsOperations from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations -from ._get_recommendations_operations import GetRecommendationsOperations -from ._get_operations import GetOperations -from ._update_operations import UpdateOperations from ._security_ml_analytics_settings_operations import SecurityMLAnalyticsSettingsOperations -from ._product_settings_operations import ProductSettingsOperations -from ._source_control_operations import SourceControlOperations -from ._source_controls_operations import SourceControlsOperations from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations -from ._data_connectors_operations import DataConnectorsOperations -from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations from ._patch import __all__ as _patch_all @@ -54,39 +33,18 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", - "IncidentsOperations", "BookmarksOperations", - "BookmarkRelationsOperations", - "BookmarkOperations", - "IPGeodataOperations", - "DomainWhoisOperations", - "EntitiesOperations", - "EntitiesGetTimelineOperations", - "EntitiesRelationsOperations", - "EntityRelationsOperations", - "EntityQueriesOperations", - "EntityQueryTemplatesOperations", - "FileImportsOperations", + "DataConnectorsOperations", + "IncidentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", - "IncidentTasksOperations", - "MetadataOperations", - "OfficeConsentsOperations", "SentinelOnboardingStatesOperations", - "GetRecommendationsOperations", - "GetOperations", - "UpdateOperations", "SecurityMLAnalyticsSettingsOperations", - "ProductSettingsOperations", - "SourceControlOperations", - "SourceControlsOperations", "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", "WatchlistsOperations", "WatchlistItemsOperations", - "DataConnectorsOperations", - "DataConnectorsCheckRequirementsOperations", "Operations", ] __all__.extend([p for p in _patch_all if p not in __all__]) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py index 9e3b782688be..a0a546d9af18 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py @@ -85,7 +85,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) @@ -190,7 +190,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) @@ -340,7 +340,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -427,7 +427,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py index c4517e99abe7..c3cfe672bf5c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -78,7 +78,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) @@ -180,7 +180,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py index 856b3843f35a..85dd5ed70313 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py @@ -80,7 +80,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) @@ -182,7 +182,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) @@ -322,7 +322,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -406,7 +406,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py index 9040a09fd9bf..660eb2866689 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py @@ -97,7 +97,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) @@ -238,7 +238,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -325,7 +325,7 @@ async def delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[JSON] = kwargs.pop("cls", None) @@ -388,7 +388,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py deleted file mode 100644 index e87871dba5df..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py +++ /dev/null @@ -1,211 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._bookmark_operations import build_expand_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class BookmarkOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`bookmark` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - async def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: _models.BookmarkExpandParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Required. - :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: Union[_models.BookmarkExpandParameters, IO], - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "BookmarkExpandParameters") - - request = build_expand_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.expand.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("BookmarkExpandResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - expand.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py deleted file mode 100644 index 237aca3682c1..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py +++ /dev/null @@ -1,487 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._bookmark_relations_operations import ( - build_create_or_update_request, - build_delete_request, - build_get_request, - build_list_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class BookmarkRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`bookmark_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> AsyncIterable["_models.Relation"]: - """Gets all bookmark relations. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Relation or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Relation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("RelationList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any - ) -> _models.Relation: - """Gets a bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: _models.Relation, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Required. - :type relation: ~azure.mgmt.securityinsight.models.Relation - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Required. - :type relation: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: Union[_models.Relation, IO], - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. - :type relation: ~azure.mgmt.securityinsight.models.Relation or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(relation, (IO, bytes)): - _content = relation - else: - _json = self._serialize.body(relation, "Relation") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("Relation", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any - ) -> None: - """Delete the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py index b9783e8fa1e7..dd5c21a04507 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py @@ -80,7 +80,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) @@ -182,7 +182,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) @@ -322,7 +322,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -406,7 +406,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py deleted file mode 100644 index ad27dbca1787..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py +++ /dev/null @@ -1,203 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._data_connectors_check_requirements_operations import build_post_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class DataConnectorsCheckRequirementsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`data_connectors_check_requirements` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - async def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: _models.DataConnectorsCheckRequirements, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. - Required. - :type data_connectors_check_requirements: - ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. - Required. - :type data_connectors_check_requirements: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: Union[_models.DataConnectorsCheckRequirements, IO], - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. - :type data_connectors_check_requirements: - ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): - _content = data_connectors_check_requirements - else: - _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") - - request = build_post_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.post.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("DataConnectorRequirementsState", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - post.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py index 3e9a9ea01f82..82adaccf0bae 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py @@ -30,10 +30,8 @@ from ... import models as _models from ..._vendor import _convert_request from ...operations._data_connectors_operations import ( - build_connect_request, build_create_or_update_request, build_delete_request, - build_disconnect_request, build_get_request, build_list_request, ) @@ -85,7 +83,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) @@ -187,7 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) @@ -327,7 +325,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -411,7 +409,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -445,215 +443,3 @@ async def delete( # pylint: disable=inconsistent-return-statements delete.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}" } - - @overload - async def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: _models.DataConnectorConnectBody, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Required. - :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Required. - :type connect_body: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: Union[_models.DataConnectorConnectBody, IO], - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. - :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[None] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(connect_body, (IO, bytes)): - _content = connect_body - else: - _json = self._serialize.body(connect_body, "DataConnectorConnectBody") - - request = build_connect_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - data_connector_id=data_connector_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.connect.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - connect.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect" - } - - @distributed_trace_async - async def disconnect( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any - ) -> None: - """Disconnect a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_disconnect_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - data_connector_id=data_connector_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.disconnect.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - disconnect.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py deleted file mode 100644 index 30b1d059703f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py +++ /dev/null @@ -1,119 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._domain_whois_operations import build_get_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class DomainWhoisOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`domain_whois` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.EnrichmentDomainWhois: - """Get whois information for a single domain name. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param domain: Domain name to be enriched. Required. - :type domain: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EnrichmentDomainWhois or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhois - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - subscription_id=self._config.subscription_id, - domain=domain, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EnrichmentDomainWhois", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py deleted file mode 100644 index 62111c6a7259..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py +++ /dev/null @@ -1,211 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entities_get_timeline_operations import build_list_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntitiesGetTimelineOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entities_get_timeline` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - async def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityTimelineParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityTimelineParameters, IO], - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityTimelineParameters") - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityTimelineResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py deleted file mode 100644 index ddabc83cb09f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py +++ /dev/null @@ -1,605 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entities_operations import ( - build_expand_request, - build_get_insights_request, - build_get_request, - build_list_request, - build_queries_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntitiesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entities` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.Entity"]: - """Gets all entities. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Entity or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Entity] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("EntityList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities" - } - - @distributed_trace_async - async def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **kwargs: Any) -> _models.Entity: - """Gets an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Entity or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Entity - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Entity] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Entity", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}" - } - - @overload - async def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityExpandParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityExpandParameters, IO], - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityExpandParameters") - - request = build_expand_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.expand.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityExpandResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - expand.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand" - } - - @distributed_trace_async - async def queries( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - kind: Union[str, _models.EntityItemQueryKind], - **kwargs: Any - ) -> _models.GetQueriesResponse: - """Get Insights and Activities for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param kind: The Kind parameter for queries. "Insight" Required. - :type kind: str or ~azure.mgmt.securityinsight.models.EntityItemQueryKind - :keyword callable cls: A custom type or function that will be passed the direct response - :return: GetQueriesResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.GetQueriesResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) - - request = build_queries_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.queries.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("GetQueriesResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - queries.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries" - } - - @overload - async def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityGetInsightsParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityGetInsightsParameters, IO], - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityGetInsightsParameters") - - request = build_get_insights_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.get_insights.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityGetInsightsResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get_insights.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py deleted file mode 100644 index d232b818621f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py +++ /dev/null @@ -1,177 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entities_relations_operations import build_list_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntitiesRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entities_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> AsyncIterable["_models.Relation"]: - """Gets all relations of an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Relation or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Relation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("RelationList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py deleted file mode 100644 index 2a53846738ea..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py +++ /dev/null @@ -1,453 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entity_queries_operations import ( - build_create_or_update_request, - build_delete_request, - build_get_request, - build_list_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntityQueriesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entity_queries` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, - **kwargs: Any - ) -> AsyncIterable["_models.EntityQuery"]: - """Gets all entity queries. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and - "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either EntityQuery or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("EntityQueryList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any - ) -> _models.EntityQuery: - """Gets an entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: _models.CustomEntityQuery, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Required. - :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Required. - :type entity_query: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: Union[_models.CustomEntityQuery, IO], - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. - :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(entity_query, (IO, bytes)): - _content = entity_query - else: - _json = self._serialize.body(entity_query, "CustomEntityQuery") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any - ) -> None: - """Delete the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py deleted file mode 100644 index e2f34e18fc04..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py +++ /dev/null @@ -1,227 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entity_query_templates_operations import build_get_request, build_list_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntityQueryTemplatesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entity_query_templates` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, - **kwargs: Any - ) -> AsyncIterable["_models.EntityQueryTemplate"]: - """Gets all entity query templates. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("EntityQueryTemplateList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, entity_query_template_id: str, **kwargs: Any - ) -> _models.EntityQueryTemplate: - """Gets an entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_template_id: entity query template ID. Required. - :type entity_query_template_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQueryTemplate or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQueryTemplate - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_template_id=entity_query_template_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityQueryTemplate", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py deleted file mode 100644 index 9cb8ac64c04b..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py +++ /dev/null @@ -1,127 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._entity_relations_operations import build_get_relation_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class EntityRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`entity_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def get_relation( - self, resource_group_name: str, workspace_name: str, entity_id: str, relation_name: str, **kwargs: Any - ) -> _models.Relation: - """Gets an entity relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - request = build_get_relation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get_relation.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get_relation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py deleted file mode 100644 index 5636b9487428..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py +++ /dev/null @@ -1,532 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.polling import AsyncLROPoller, AsyncNoPolling, AsyncPollingMethod -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat -from azure.mgmt.core.polling.async_arm_polling import AsyncARMPolling - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._file_imports_operations import ( - build_create_request, - build_delete_request, - build_get_request, - build_list_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class FileImportsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`file_imports` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> AsyncIterable["_models.FileImport"]: - """Gets all file imports. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either FileImport or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.FileImport] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("FileImportList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> _models.FileImport: - """Gets a file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: _models.FileImport, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Required. - :type file_import: ~azure.mgmt.securityinsight.models.FileImport - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Required. - :type file_import: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: Union[_models.FileImport, IO], - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. - :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(file_import, (IO, bytes)): - _content = file_import - else: - _json = self._serialize.body(file_import, "FileImport") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - async def _delete_initial( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> Optional[_models.FileImport]: - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self._delete_initial.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [202, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = None - if response.status_code == 202: - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - _delete_initial.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - @distributed_trace_async - async def begin_delete( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> AsyncLROPoller[_models.FileImport]: - """Delete the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for - this operation to not poll, or pass in your own initialized polling object for a personal - polling strategy. - :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of AsyncLROPoller that returns either FileImport or the result of - cls(response) - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.mgmt.securityinsight.models.FileImport] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) - lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) - cont_token: Optional[str] = kwargs.pop("continuation_token", None) - if cont_token is None: - raw_result = await self._delete_initial( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - api_version=api_version, - cls=lambda x, y, z: x, - headers=_headers, - params=_params, - **kwargs - ) - kwargs.pop("error_map", None) - - def get_long_running_output(pipeline_response): - deserialized = self._deserialize("FileImport", pipeline_response) - if cls: - return cls(pipeline_response, deserialized, {}) - return deserialized - - if polling is True: - polling_method: AsyncPollingMethod = cast( - AsyncPollingMethod, AsyncARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) - ) - elif polling is False: - polling_method = cast(AsyncPollingMethod, AsyncNoPolling()) - else: - polling_method = polling - if cont_token: - return AsyncLROPoller.from_continuation_token( - polling_method=polling_method, - continuation_token=cont_token, - client=self._client, - deserialization_callback=get_long_running_output, - ) - return AsyncLROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore - - begin_delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py deleted file mode 100644 index 015f667e45a7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py +++ /dev/null @@ -1,124 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._get_operations import build_single_recommendation_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class GetOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`get` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def single_recommendation( - self, resource_group_name: str, workspace_name: str, recommendation_id: str, **kwargs: Any - ) -> _models.Recommendation: - """Gets a recommendation by its id. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Recommendation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Recommendation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - - request = build_single_recommendation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.single_recommendation.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Recommendation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - single_recommendation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py deleted file mode 100644 index e46e68a6f58a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py +++ /dev/null @@ -1,119 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._get_recommendations_operations import build_list_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class GetRecommendationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`get_recommendations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.RecommendationList: - """Gets a list of all recommendations. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: RecommendationList or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.RecommendationList - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("RecommendationList", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py index 0a69a9384b3f..e462fe69d686 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py @@ -75,7 +75,7 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> AsyncIterable["_models.IncidentComment"]: - """Gets all incident comments. + """Gets all comments for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -105,7 +105,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) @@ -187,7 +187,7 @@ async def get_next(next_link=None): async def get( self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> _models.IncidentComment: - """Gets an incident comment. + """Gets a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -214,7 +214,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) @@ -266,7 +266,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -300,7 +300,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -332,7 +332,7 @@ async def create_or_update( incident_comment: Union[_models.IncidentComment, IO], **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -364,7 +364,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -424,7 +424,7 @@ async def create_or_update( async def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> None: - """Delete the incident comment. + """Deletes a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -451,7 +451,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py index 3fa719c8adf6..2df1294a6448 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py @@ -75,7 +75,7 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> AsyncIterable["_models.Relation"]: - """Gets all incident relations. + """Gets all relations for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -104,7 +104,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) @@ -186,7 +186,7 @@ async def get_next(next_link=None): async def get( self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> _models.Relation: - """Gets an incident relation. + """Gets a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -213,7 +213,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) @@ -265,7 +265,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -299,7 +299,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -331,7 +331,7 @@ async def create_or_update( relation: Union[_models.Relation, IO], **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -363,7 +363,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -423,7 +423,7 @@ async def create_or_update( async def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> None: - """Delete the incident relation. + """Deletes a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -450,7 +450,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py deleted file mode 100644 index 3ab32b7e4d51..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py +++ /dev/null @@ -1,464 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._incident_tasks_operations import ( - build_create_or_update_request, - build_delete_request, - build_get_request, - build_list_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class IncidentTasksOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`incident_tasks` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any - ) -> AsyncIterable["_models.IncidentTask"]: - """Gets all incident tasks. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentTask or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.IncidentTask] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("IncidentTaskList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, incident_id: str, incident_task_id: str, **kwargs: Any - ) -> _models.IncidentTask: - """Gets an incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: _models.IncidentTask, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Required. - :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Required. - :type incident_task: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: Union[_models.IncidentTask, IO], - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. - :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(incident_task, (IO, bytes)): - _content = incident_task - else: - _json = self._serialize.body(incident_task, "IncidentTask") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, incident_id: str, incident_task_id: str, **kwargs: Any - ) -> None: - """Delete the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py index a0452b513c88..d2c141f6bbfd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py @@ -31,25 +31,18 @@ from ..._vendor import _convert_request from ...operations._incidents_operations import ( build_create_or_update_request, - build_create_team_request, build_delete_request, build_get_request, build_list_alerts_request, build_list_bookmarks_request, build_list_entities_request, build_list_request, - build_run_playbook_request, ) -if sys.version_info >= (3, 9): - from collections.abc import MutableMapping -else: - from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports if sys.version_info >= (3, 8): from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports else: from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -73,161 +66,6 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @overload - async def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[_models.ManualTriggerRequestBody] = None, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Default value is None. - :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[IO] = None, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Default value is None. - :type request_body: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[Union[_models.ManualTriggerRequestBody, IO]] = None, - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. - :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[JSON] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(request_body, (IO, bytes)): - _content = request_body - else: - if request_body is not None: - _json = self._serialize.body(request_body, "ManualTriggerRequestBody") - else: - _json = None - - request = build_run_playbook_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_identifier=incident_identifier, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.run_playbook.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("object", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - run_playbook.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook" - } - @distributed_trace def list( self, @@ -266,7 +104,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) @@ -347,7 +185,7 @@ async def get_next(next_link=None): async def get( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.Incident: - """Gets an incident. + """Gets a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -372,7 +210,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) @@ -422,7 +260,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -453,7 +291,7 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -482,7 +320,7 @@ async def create_or_update( incident: Union[_models.Incident, IO], **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -512,7 +350,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -571,7 +409,7 @@ async def create_or_update( async def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> None: - """Delete the incident. + """Deletes a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -596,7 +434,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -631,166 +469,11 @@ async def delete( # pylint: disable=inconsistent-return-statements "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}" } - @overload - async def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: _models.TeamInformation, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Required. - :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Required. - :type team_properties: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: Union[_models.TeamInformation, IO], - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. - :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(team_properties, (IO, bytes)): - _content = team_properties - else: - _json = self._serialize.body(team_properties, "TeamInformation") - - request = build_create_team_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_team.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("TeamInformation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - create_team.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam" - } - @distributed_trace_async async def list_alerts( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentAlertList: - """Gets all incident alerts. + """Gets all alerts for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -815,7 +498,7 @@ async def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) @@ -858,7 +541,7 @@ async def list_alerts( async def list_bookmarks( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentBookmarkList: - """Gets all incident bookmarks. + """Gets all bookmarks for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -883,7 +566,7 @@ async def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) @@ -926,7 +609,7 @@ async def list_bookmarks( async def list_entities( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentEntitiesResponse: - """Gets all incident related entities. + """Gets all entities for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -951,7 +634,7 @@ async def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py deleted file mode 100644 index e1f7121e301e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py +++ /dev/null @@ -1,119 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._ip_geodata_operations import build_get_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class IPGeodataOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`ip_geodata` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _models.EnrichmentIpGeodata: - """Get geodata for a single IP address. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param ip_address: IP address (v4 or v6) to be enriched. Required. - :type ip_address: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EnrichmentIpGeodata or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EnrichmentIpGeodata - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - subscription_id=self._config.subscription_id, - ip_address=ip_address, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EnrichmentIpGeodata", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py deleted file mode 100644 index f9d87e686bcd..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py +++ /dev/null @@ -1,619 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._metadata_operations import ( - build_create_request, - build_delete_request, - build_get_request, - build_list_request, - build_update_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class MetadataOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`metadata` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip: Optional[int] = None, - **kwargs: Any - ) -> AsyncIterable["_models.MetadataModel"]: - """List of all metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the - next page of results if there are any left. Default value is None. - :type skip: int - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either MetadataModel or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.MetadataModel] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip=skip, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("MetadataList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any - ) -> _models.MetadataModel: - """Get a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any - ) -> None: - """Delete a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: _models.MetadataModel, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Required. - :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Required. - :type metadata: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: Union[_models.MetadataModel, IO], - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. - :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(metadata, (IO, bytes)): - _content = metadata - else: - _json = self._serialize.body(metadata, "MetadataModel") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @overload - async def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: _models.MetadataPatch, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Required. - :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Required. - :type metadata_patch: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: Union[_models.MetadataPatch, IO], - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. - :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(metadata_patch, (IO, bytes)): - _content = metadata_patch - else: - _json = self._serialize.body(metadata_patch, "MetadataPatch") - - request = build_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py deleted file mode 100644 index fffada186187..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py +++ /dev/null @@ -1,284 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._office_consents_operations import build_delete_request, build_get_request, build_list_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class OfficeConsentsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`office_consents` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, resource_group_name: str, workspace_name: str, **kwargs: Any - ) -> AsyncIterable["_models.OfficeConsent"]: - """Gets all office365 consents. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either OfficeConsent or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.OfficeConsent] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("OfficeConsentList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any - ) -> _models.OfficeConsent: - """Gets an office365 consent. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param consent_id: consent ID. Required. - :type consent_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: OfficeConsent or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.OfficeConsent - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - consent_id=consent_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("OfficeConsent", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any - ) -> None: - """Delete the office365 consent. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param consent_id: consent ID. Required. - :type consent_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - consent_id=consent_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py index 376f9dc326f2..b948ba53ecad 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py @@ -69,7 +69,7 @@ def list(self, **kwargs: Any) -> AsyncIterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py deleted file mode 100644 index 3324a16bab68..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py +++ /dev/null @@ -1,413 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._product_settings_operations import ( - build_delete_request, - build_get_request, - build_list_request, - build_update_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class ProductSettingsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`product_settings` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async - async def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.SettingList: - """List of all the settings. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SettingList or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SettingList - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("SettingList", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any - ) -> _models.Settings: - """Gets a setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Settings] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Settings", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any - ) -> None: - """Delete setting of the product. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } - - @overload - async def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: _models.Settings, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Required. - :type settings: ~azure.mgmt.securityinsight.models.Settings - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Required. - :type settings: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: Union[_models.Settings, IO], - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. - :type settings: ~azure.mgmt.securityinsight.models.Settings or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Settings] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(settings, (IO, bytes)): - _content = settings - else: - _json = self._serialize.body(settings, "Settings") - - request = build_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Settings", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py index eb537fb84c40..96e0b5d339d4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py @@ -84,7 +84,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) @@ -186,7 +186,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) @@ -329,7 +329,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -413,7 +413,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py index aac64f7fdd94..391a90aa869e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py @@ -90,7 +90,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) @@ -238,7 +238,7 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -326,7 +326,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -388,7 +388,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py deleted file mode 100644 index 121de431e0c8..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py +++ /dev/null @@ -1,156 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._source_control_operations import build_list_repositories_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class SourceControlOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`source_control` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list_repositories( - self, resource_group_name: str, workspace_name: str, repo_type: Union[str, _models.RepoType], **kwargs: Any - ) -> AsyncIterable["_models.Repo"]: - """Gets a list of repositories metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. - :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Repo or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Repo] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) - cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - _json = self._serialize.body(repo_type, "str") - - request = build_list_repositories_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - template_url=self.list_repositories.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("RepoList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list_repositories.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py deleted file mode 100644 index a2a445e2e5e2..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py +++ /dev/null @@ -1,445 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._source_controls_operations import ( - build_create_request, - build_delete_request, - build_get_request, - build_list_request, -) - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class SourceControlsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`source_controls` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, resource_group_name: str, workspace_name: str, **kwargs: Any - ) -> AsyncIterable["_models.SourceControl"]: - """Gets all source controls, without source control items. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either SourceControl or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.SourceControl] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize("SourceControlList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols" - } - - @distributed_trace_async - async def get( - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> _models.SourceControl: - """Gets a source control byt its identifier. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("SourceControl", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } - - @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: _models.SourceControl, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: Union[_models.SourceControl, IO], - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control - else: - _json = self._serialize.body(source_control, "SourceControl") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py index 5847ff70bdcb..5f7d525827e3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py @@ -82,7 +82,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py index e33a32402aa2..ae59a498b037 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py @@ -163,7 +163,7 @@ async def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -246,7 +246,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) @@ -391,7 +391,7 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -475,7 +475,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -605,7 +605,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -795,7 +795,7 @@ async def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -948,7 +948,7 @@ async def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py index 43499935ceb1..e9619a438a7d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py @@ -63,9 +63,9 @@ def list( resource_group_name: str, workspace_name: str, filter: Optional[str] = None, - orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, + orderby: Optional[str] = None, **kwargs: Any ) -> AsyncIterable["_models.ThreatIntelligenceInformation"]: """Get all threat intelligence indicators. @@ -78,8 +78,6 @@ def list( :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str :param top: Returns only the first n results. Optional. Default value is None. :type top: int :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If @@ -87,6 +85,8 @@ def list( a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. Default value is None. :type skip_token: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) @@ -97,7 +97,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -118,9 +118,9 @@ def prepare_request(next_link=None): workspace_name=workspace_name, subscription_id=self._config.subscription_id, filter=filter, - orderby=orderby, top=top, skip_token=skip_token, + orderby=orderby, api_version=api_version, template_url=self.list.metadata["url"], headers=_headers, diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py deleted file mode 100644 index 18154771938c..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py +++ /dev/null @@ -1,294 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse -from azure.core.polling import AsyncLROPoller, AsyncNoPolling, AsyncPollingMethod -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator_async import distributed_trace_async -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat -from azure.mgmt.core.polling.async_arm_polling import AsyncARMPolling - -from ... import models as _models -from ..._vendor import _convert_request -from ...operations._update_operations import build_recommendation_request - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - - -class UpdateOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s - :attr:`update` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs) -> None: - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - async def _recommendation_initial( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: Union[List[_models.RecommendationPatch], IO], - **kwargs: Any - ) -> _models.Recommendation: - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(recommendation_patch, (IO, bytes)): - _content = recommendation_patch - else: - _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") - - request = build_recommendation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self._recommendation_initial.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [202]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Recommendation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - _recommendation_initial.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } - - @overload - async def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: List[_models.RecommendationPatch], - *, - content_type: str = "application/json", - **kwargs: Any - ) -> AsyncLROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Required. - :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for - this operation to not poll, or pass in your own initialized polling object for a personal - polling strategy. - :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of AsyncLROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - async def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> AsyncLROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Required. - :type recommendation_patch: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for - this operation to not poll, or pass in your own initialized polling object for a personal - polling strategy. - :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of AsyncLROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace_async - async def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: Union[List[_models.RecommendationPatch], IO], - **kwargs: Any - ) -> AsyncLROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. - :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for - this operation to not poll, or pass in your own initialized polling object for a personal - polling strategy. - :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of AsyncLROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.AsyncLROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) - lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) - cont_token: Optional[str] = kwargs.pop("continuation_token", None) - if cont_token is None: - raw_result = await self._recommendation_initial( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - recommendation_patch=recommendation_patch, - api_version=api_version, - content_type=content_type, - cls=lambda x, y, z: x, - headers=_headers, - params=_params, - **kwargs - ) - kwargs.pop("error_map", None) - - def get_long_running_output(pipeline_response): - deserialized = self._deserialize("Recommendation", pipeline_response) - if cls: - return cls(pipeline_response, deserialized, {}) - return deserialized - - if polling is True: - polling_method: AsyncPollingMethod = cast(AsyncPollingMethod, AsyncARMPolling(lro_delay, **kwargs)) - elif polling is False: - polling_method = cast(AsyncPollingMethod, AsyncNoPolling()) - else: - polling_method = polling - if cont_token: - return AsyncLROPoller.from_continuation_token( - polling_method=polling_method, - continuation_token=cont_token, - client=self._client, - deserialization_callback=get_long_running_output, - ) - return AsyncLROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore - - begin_recommendation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py index 913eefeee849..14781ed3330d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py @@ -72,14 +72,14 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> AsyncIterable["_models.WatchlistItem"]: - """Gets all watchlist Items. + """Get all watchlist Items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -95,7 +95,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) @@ -174,16 +174,16 @@ async def get_next(next_link=None): async def get( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> _models.WatchlistItem: - """Gets a watchlist, without its watchlist items. + """Get a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response :return: WatchlistItem or the result of cls(response) @@ -201,7 +201,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) @@ -252,9 +252,9 @@ async def delete( # pylint: disable=inconsistent-return-statements :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response :return: None or the result of cls(response) @@ -272,7 +272,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -320,16 +320,16 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem @@ -354,16 +354,16 @@ async def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Required. :type watchlist_item: IO @@ -386,16 +386,16 @@ async def create_or_update( watchlist_item: Union[_models.WatchlistItem, IO], **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO @@ -418,7 +418,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py index 2028bb0b5458..11c4a717a8da 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py @@ -67,7 +67,7 @@ def __init__(self, *args, **kwargs) -> None: def list( self, resource_group_name: str, workspace_name: str, skip_token: Optional[str] = None, **kwargs: Any ) -> AsyncIterable["_models.Watchlist"]: - """Gets all watchlists, without watchlist items. + """Get all watchlists, without watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -87,7 +87,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) @@ -165,14 +165,14 @@ async def get_next(next_link=None): async def get( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> _models.Watchlist: - """Gets a watchlist, without its watchlist items. + """Get a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response :return: Watchlist or the result of cls(response) @@ -190,7 +190,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) @@ -240,7 +240,7 @@ async def delete( # pylint: disable=inconsistent-return-statements :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response :return: None or the result of cls(response) @@ -258,7 +258,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -286,14 +286,8 @@ async def delete( # pylint: disable=inconsistent-return-statements map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - response_headers = {} - if response.status_code == 200: - response_headers["Azure-AsyncOperation"] = self._deserialize( - "str", response.headers.get("Azure-AsyncOperation") - ) - if cls: - return cls(pipeline_response, None, response_headers) + return cls(pipeline_response, None, {}) delete.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}" @@ -311,18 +305,15 @@ async def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist @@ -347,18 +338,15 @@ async def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Required. :type watchlist: IO @@ -381,18 +369,15 @@ async def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Is either a model type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO @@ -415,7 +400,7 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -455,19 +440,14 @@ async def create_or_update( map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - response_headers = {} if response.status_code == 200: deserialized = self._deserialize("Watchlist", pipeline_response) if response.status_code == 201: - response_headers["Azure-AsyncOperation"] = self._deserialize( - "str", response.headers.get("Azure-AsyncOperation") - ) - deserialized = self._deserialize("Watchlist", pipeline_response) if cls: - return cls(pipeline_response, deserialized, response_headers) # type: ignore + return cls(pipeline_response, deserialized, {}) # type: ignore return deserialized # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 805bb3d2b327..2a4a11a089b4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -6,15 +6,8 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._models_py3 import AADCheckRequirements -from ._models_py3 import AADCheckRequirementsProperties from ._models_py3 import AADDataConnector -from ._models_py3 import AADDataConnectorProperties -from ._models_py3 import AATPCheckRequirements -from ._models_py3 import AATPCheckRequirementsProperties from ._models_py3 import AATPDataConnector -from ._models_py3 import AATPDataConnectorProperties -from ._models_py3 import ASCCheckRequirements from ._models_py3 import ASCDataConnector from ._models_py3 import ASCDataConnectorProperties from ._models_py3 import AccountEntity @@ -25,162 +18,55 @@ from ._models_py3 import ActionResponse from ._models_py3 import ActionResponseProperties from ._models_py3 import ActionsList -from ._models_py3 import ActivityCustomEntityQuery -from ._models_py3 import ActivityEntityQueriesPropertiesQueryDefinitions -from ._models_py3 import ActivityEntityQuery -from ._models_py3 import ActivityEntityQueryTemplate -from ._models_py3 import ActivityEntityQueryTemplatePropertiesQueryDefinitions -from ._models_py3 import ActivityTimelineItem -from ._models_py3 import AddIncidentTaskActionProperties from ._models_py3 import AlertDetailsOverride from ._models_py3 import AlertPropertyMapping from ._models_py3 import AlertRule from ._models_py3 import AlertRuleTemplate from ._models_py3 import AlertRuleTemplateDataSource -from ._models_py3 import AlertRuleTemplatePropertiesBase -from ._models_py3 import AlertRuleTemplateWithMitreProperties from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector -from ._models_py3 import Anomalies from ._models_py3 import AnomalySecurityMLAnalyticsSettings -from ._models_py3 import AnomalyTimelineItem from ._models_py3 import AutomationRule from ._models_py3 import AutomationRuleAction -from ._models_py3 import AutomationRuleAddIncidentTaskAction -from ._models_py3 import AutomationRuleBooleanCondition from ._models_py3 import AutomationRuleCondition from ._models_py3 import AutomationRuleModifyPropertiesAction from ._models_py3 import AutomationRulePropertyArrayChangedValuesCondition -from ._models_py3 import AutomationRulePropertyArrayValuesCondition from ._models_py3 import AutomationRulePropertyValuesChangedCondition from ._models_py3 import AutomationRulePropertyValuesCondition from ._models_py3 import AutomationRuleRunPlaybookAction from ._models_py3 import AutomationRuleTriggeringLogic from ._models_py3 import AutomationRulesList -from ._models_py3 import Availability -from ._models_py3 import AwsCloudTrailCheckRequirements from ._models_py3 import AwsCloudTrailDataConnector from ._models_py3 import AwsCloudTrailDataConnectorDataTypes from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs -from ._models_py3 import AwsS3CheckRequirements -from ._models_py3 import AwsS3DataConnector -from ._models_py3 import AwsS3DataConnectorDataTypes -from ._models_py3 import AwsS3DataConnectorDataTypesLogs -from ._models_py3 import AzureDevOpsResourceInfo from ._models_py3 import AzureResourceEntity from ._models_py3 import AzureResourceEntityProperties from ._models_py3 import Bookmark -from ._models_py3 import BookmarkEntityMappings -from ._models_py3 import BookmarkExpandParameters -from ._models_py3 import BookmarkExpandResponse -from ._models_py3 import BookmarkExpandResponseValue from ._models_py3 import BookmarkList -from ._models_py3 import BookmarkTimelineItem -from ._models_py3 import BooleanConditionProperties from ._models_py3 import ClientInfo from ._models_py3 import CloudApplicationEntity from ._models_py3 import CloudApplicationEntityProperties from ._models_py3 import CloudErrorBody -from ._models_py3 import CodelessApiPollingDataConnector -from ._models_py3 import CodelessConnectorPollingAuthProperties -from ._models_py3 import CodelessConnectorPollingConfigProperties -from ._models_py3 import CodelessConnectorPollingPagingProperties -from ._models_py3 import CodelessConnectorPollingRequestProperties -from ._models_py3 import CodelessConnectorPollingResponseProperties -from ._models_py3 import CodelessUiConnectorConfigProperties -from ._models_py3 import CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem -from ._models_py3 import CodelessUiConnectorConfigPropertiesDataTypesItem -from ._models_py3 import CodelessUiConnectorConfigPropertiesGraphQueriesItem -from ._models_py3 import CodelessUiConnectorConfigPropertiesInstructionStepsItem -from ._models_py3 import CodelessUiConnectorConfigPropertiesSampleQueriesItem -from ._models_py3 import CodelessUiDataConnector -from ._models_py3 import ConnectedEntity -from ._models_py3 import ConnectivityCriteria -from ._models_py3 import ConnectorInstructionModelBase -from ._models_py3 import Content -from ._models_py3 import ContentPathMap -from ._models_py3 import CustomEntityQuery -from ._models_py3 import Customs -from ._models_py3 import CustomsPermission from ._models_py3 import DataConnector -from ._models_py3 import DataConnectorConnectBody from ._models_py3 import DataConnectorDataTypeCommon from ._models_py3 import DataConnectorList -from ._models_py3 import DataConnectorRequirementsState from ._models_py3 import DataConnectorTenantId from ._models_py3 import DataConnectorWithAlertsProperties -from ._models_py3 import DataConnectorsCheckRequirements -from ._models_py3 import DataTypeDefinitions -from ._models_py3 import Deployment -from ._models_py3 import DeploymentInfo from ._models_py3 import DnsEntity from ._models_py3 import DnsEntityProperties -from ._models_py3 import Dynamics365CheckRequirements -from ._models_py3 import Dynamics365CheckRequirementsProperties -from ._models_py3 import Dynamics365DataConnector -from ._models_py3 import Dynamics365DataConnectorDataTypes -from ._models_py3 import Dynamics365DataConnectorDataTypesDynamics365CdsActivities -from ._models_py3 import Dynamics365DataConnectorProperties -from ._models_py3 import EnrichmentDomainWhois -from ._models_py3 import EnrichmentDomainWhoisContact -from ._models_py3 import EnrichmentDomainWhoisContacts -from ._models_py3 import EnrichmentDomainWhoisDetails -from ._models_py3 import EnrichmentDomainWhoisRegistrarDetails -from ._models_py3 import EnrichmentIpGeodata from ._models_py3 import Entity -from ._models_py3 import EntityAnalytics from ._models_py3 import EntityCommonProperties -from ._models_py3 import EntityEdges -from ._models_py3 import EntityExpandParameters -from ._models_py3 import EntityExpandResponse -from ._models_py3 import EntityExpandResponseValue -from ._models_py3 import EntityFieldMapping -from ._models_py3 import EntityGetInsightsParameters -from ._models_py3 import EntityGetInsightsResponse -from ._models_py3 import EntityInsightItem -from ._models_py3 import EntityInsightItemQueryTimeInterval -from ._models_py3 import EntityList from ._models_py3 import EntityMapping -from ._models_py3 import EntityQuery -from ._models_py3 import EntityQueryItem -from ._models_py3 import EntityQueryItemProperties -from ._models_py3 import EntityQueryItemPropertiesDataTypesItem -from ._models_py3 import EntityQueryList -from ._models_py3 import EntityQueryTemplate -from ._models_py3 import EntityQueryTemplateList -from ._models_py3 import EntityTimelineItem -from ._models_py3 import EntityTimelineParameters -from ._models_py3 import EntityTimelineResponse from ._models_py3 import EventGroupingSettings -from ._models_py3 import ExpansionEntityQuery -from ._models_py3 import ExpansionResultAggregation -from ._models_py3 import ExpansionResultsMetadata -from ._models_py3 import EyesOn from ._models_py3 import FieldMapping from ._models_py3 import FileEntity from ._models_py3 import FileEntityProperties from ._models_py3 import FileHashEntity from ._models_py3 import FileHashEntityProperties -from ._models_py3 import FileImport -from ._models_py3 import FileImportList -from ._models_py3 import FileMetadata from ._models_py3 import FusionAlertRule from ._models_py3 import FusionAlertRuleTemplate -from ._models_py3 import FusionScenarioExclusionPattern -from ._models_py3 import FusionSourceSettings -from ._models_py3 import FusionSourceSubTypeSetting -from ._models_py3 import FusionSubTypeSeverityFilter -from ._models_py3 import FusionSubTypeSeverityFiltersItem -from ._models_py3 import FusionTemplateSourceSetting -from ._models_py3 import FusionTemplateSourceSubType -from ._models_py3 import FusionTemplateSubTypeSeverityFilter from ._models_py3 import GeoLocation -from ._models_py3 import GetInsightsErrorKind -from ._models_py3 import GetInsightsResultsMetadata -from ._models_py3 import GetQueriesResponse -from ._models_py3 import GitHubResourceInfo -from ._models_py3 import GraphQueries from ._models_py3 import GroupingConfiguration from ._models_py3 import HostEntity from ._models_py3 import HostEntityProperties @@ -200,54 +86,13 @@ from ._models_py3 import IncidentList from ._models_py3 import IncidentOwnerInfo from ._models_py3 import IncidentPropertiesAction -from ._models_py3 import IncidentTask -from ._models_py3 import IncidentTaskList -from ._models_py3 import InsightQueryItem -from ._models_py3 import InsightQueryItemProperties -from ._models_py3 import InsightQueryItemPropertiesAdditionalQuery -from ._models_py3 import InsightQueryItemPropertiesDefaultTimeRange -from ._models_py3 import InsightQueryItemPropertiesReferenceTimeRange -from ._models_py3 import InsightQueryItemPropertiesTableQuery -from ._models_py3 import InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem -from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem -from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem -from ._models_py3 import InsightsTableResult -from ._models_py3 import InsightsTableResultColumnsItem -from ._models_py3 import InstructionSteps -from ._models_py3 import InstructionStepsInstructionsItem -from ._models_py3 import Instructions -from ._models_py3 import IoTCheckRequirements -from ._models_py3 import IoTDataConnector -from ._models_py3 import IoTDataConnectorProperties from ._models_py3 import IoTDeviceEntity from ._models_py3 import IoTDeviceEntityProperties from ._models_py3 import IpEntity from ._models_py3 import IpEntityProperties -from ._models_py3 import LastDataReceivedDataType -from ._models_py3 import MCASCheckRequirements -from ._models_py3 import MCASCheckRequirementsProperties from ._models_py3 import MCASDataConnector from ._models_py3 import MCASDataConnectorDataTypes -from ._models_py3 import MCASDataConnectorProperties -from ._models_py3 import MDATPCheckRequirements -from ._models_py3 import MDATPCheckRequirementsProperties from ._models_py3 import MDATPDataConnector -from ._models_py3 import MDATPDataConnectorProperties -from ._models_py3 import MLBehaviorAnalyticsAlertRule -from ._models_py3 import MLBehaviorAnalyticsAlertRuleTemplate -from ._models_py3 import MLBehaviorAnalyticsAlertRuleTemplateProperties -from ._models_py3 import MSTICheckRequirements -from ._models_py3 import MSTICheckRequirementsProperties -from ._models_py3 import MSTIDataConnector -from ._models_py3 import MSTIDataConnectorDataTypes -from ._models_py3 import MSTIDataConnectorDataTypesBingSafetyPhishingURL -from ._models_py3 import MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed -from ._models_py3 import MSTIDataConnectorProperties -from ._models_py3 import MTPCheckRequirementsProperties -from ._models_py3 import MTPDataConnector -from ._models_py3 import MTPDataConnectorDataTypes -from ._models_py3 import MTPDataConnectorDataTypesIncidents -from ._models_py3 import MTPDataConnectorProperties from ._models_py3 import MailClusterEntity from ._models_py3 import MailClusterEntityProperties from ._models_py3 import MailMessageEntity @@ -256,87 +101,32 @@ from ._models_py3 import MailboxEntityProperties from ._models_py3 import MalwareEntity from ._models_py3 import MalwareEntityProperties -from ._models_py3 import ManualTriggerRequestBody -from ._models_py3 import MetadataAuthor -from ._models_py3 import MetadataCategories -from ._models_py3 import MetadataDependencies -from ._models_py3 import MetadataList -from ._models_py3 import MetadataModel -from ._models_py3 import MetadataPatch -from ._models_py3 import MetadataSource -from ._models_py3 import MetadataSupport from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate -from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties -from ._models_py3 import MtpCheckRequirements -from ._models_py3 import NicEntity -from ._models_py3 import NicEntityProperties -from ._models_py3 import NrtAlertRule -from ._models_py3 import NrtAlertRuleTemplate -from ._models_py3 import NrtAlertRuleTemplateProperties -from ._models_py3 import Office365ProjectCheckRequirements -from ._models_py3 import Office365ProjectCheckRequirementsProperties -from ._models_py3 import Office365ProjectConnectorDataTypes -from ._models_py3 import Office365ProjectConnectorDataTypesLogs -from ._models_py3 import Office365ProjectDataConnector -from ._models_py3 import Office365ProjectDataConnectorProperties -from ._models_py3 import OfficeATPCheckRequirements -from ._models_py3 import OfficeATPCheckRequirementsProperties -from ._models_py3 import OfficeATPDataConnector -from ._models_py3 import OfficeATPDataConnectorProperties -from ._models_py3 import OfficeConsent -from ._models_py3 import OfficeConsentList from ._models_py3 import OfficeDataConnector from ._models_py3 import OfficeDataConnectorDataTypes from ._models_py3 import OfficeDataConnectorDataTypesExchange from ._models_py3 import OfficeDataConnectorDataTypesSharePoint from ._models_py3 import OfficeDataConnectorDataTypesTeams -from ._models_py3 import OfficeDataConnectorProperties -from ._models_py3 import OfficeIRMCheckRequirements -from ._models_py3 import OfficeIRMCheckRequirementsProperties -from ._models_py3 import OfficeIRMDataConnector -from ._models_py3 import OfficeIRMDataConnectorProperties -from ._models_py3 import OfficePowerBICheckRequirements -from ._models_py3 import OfficePowerBICheckRequirementsProperties -from ._models_py3 import OfficePowerBIConnectorDataTypes -from ._models_py3 import OfficePowerBIConnectorDataTypesLogs -from ._models_py3 import OfficePowerBIDataConnector -from ._models_py3 import OfficePowerBIDataConnectorProperties from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList -from ._models_py3 import Permissions -from ._models_py3 import PermissionsCustomsItem -from ._models_py3 import PermissionsResourceProviderItem from ._models_py3 import PlaybookActionProperties from ._models_py3 import ProcessEntity from ._models_py3 import ProcessEntityProperties from ._models_py3 import PropertyArrayChangedConditionProperties -from ._models_py3 import PropertyArrayConditionProperties from ._models_py3 import PropertyChangedConditionProperties from ._models_py3 import PropertyConditionProperties -from ._models_py3 import QueryBasedAlertRuleTemplateProperties -from ._models_py3 import Recommendation -from ._models_py3 import RecommendationList -from ._models_py3 import RecommendationPatch -from ._models_py3 import RecommendedAction from ._models_py3 import RegistryKeyEntity from ._models_py3 import RegistryKeyEntityProperties from ._models_py3 import RegistryValueEntity from ._models_py3 import RegistryValueEntityProperties from ._models_py3 import Relation from ._models_py3 import RelationList -from ._models_py3 import Repo -from ._models_py3 import RepoList -from ._models_py3 import Repository -from ._models_py3 import RepositoryResourceInfo -from ._models_py3 import RequiredPermissions from ._models_py3 import Resource -from ._models_py3 import ResourceProvider from ._models_py3 import ResourceWithEtag -from ._models_py3 import SampleQueries from ._models_py3 import ScheduledAlertRule from ._models_py3 import ScheduledAlertRuleCommonProperties from ._models_py3 import ScheduledAlertRuleProperties @@ -344,34 +134,20 @@ from ._models_py3 import SecurityAlert from ._models_py3 import SecurityAlertProperties from ._models_py3 import SecurityAlertPropertiesConfidenceReasonsItem -from ._models_py3 import SecurityAlertTimelineItem from ._models_py3 import SecurityGroupEntity from ._models_py3 import SecurityGroupEntityProperties from ._models_py3 import SecurityMLAnalyticsSetting from ._models_py3 import SecurityMLAnalyticsSettingsDataSource from ._models_py3 import SecurityMLAnalyticsSettingsList -from ._models_py3 import SentinelEntityMapping from ._models_py3 import SentinelOnboardingState from ._models_py3 import SentinelOnboardingStatesList -from ._models_py3 import SettingList -from ._models_py3 import Settings -from ._models_py3 import SourceControl -from ._models_py3 import SourceControlList from ._models_py3 import SubmissionMailEntity from ._models_py3 import SubmissionMailEntityProperties from ._models_py3 import SystemData -from ._models_py3 import TICheckRequirements -from ._models_py3 import TICheckRequirementsProperties from ._models_py3 import TIDataConnector from ._models_py3 import TIDataConnectorDataTypes from ._models_py3 import TIDataConnectorDataTypesIndicators -from ._models_py3 import TIDataConnectorProperties -from ._models_py3 import TeamInformation -from ._models_py3 import TeamProperties from ._models_py3 import ThreatIntelligence -from ._models_py3 import ThreatIntelligenceAlertRule -from ._models_py3 import ThreatIntelligenceAlertRuleTemplate -from ._models_py3 import ThreatIntelligenceAlertRuleTemplateProperties from ._models_py3 import ThreatIntelligenceAppendTags from ._models_py3 import ThreatIntelligenceExternalReference from ._models_py3 import ThreatIntelligenceFilteringCriteria @@ -388,25 +164,13 @@ from ._models_py3 import ThreatIntelligenceParsedPattern from ._models_py3 import ThreatIntelligenceParsedPatternTypeValue from ._models_py3 import ThreatIntelligenceSortingCriteria -from ._models_py3 import TiTaxiiCheckRequirements -from ._models_py3 import TiTaxiiCheckRequirementsProperties -from ._models_py3 import TiTaxiiDataConnector -from ._models_py3 import TiTaxiiDataConnectorDataTypes -from ._models_py3 import TiTaxiiDataConnectorDataTypesTaxiiClient -from ._models_py3 import TiTaxiiDataConnectorProperties -from ._models_py3 import TimelineAggregation -from ._models_py3 import TimelineError -from ._models_py3 import TimelineResultsMetadata -from ._models_py3 import Ueba from ._models_py3 import UrlEntity from ._models_py3 import UrlEntityProperties from ._models_py3 import UserInfo -from ._models_py3 import ValidationError from ._models_py3 import Watchlist from ._models_py3 import WatchlistItem from ._models_py3 import WatchlistItemList from ._models_py3 import WatchlistList -from ._models_py3 import Webhook from ._security_insights_enums import ActionType from ._security_insights_enums import AlertDetail @@ -416,105 +180,53 @@ from ._security_insights_enums import AlertStatus from ._security_insights_enums import AntispamMailDirection from ._security_insights_enums import AttackTactic -from ._security_insights_enums import AutomationRuleBooleanConditionSupportedOperator from ._security_insights_enums import AutomationRulePropertyArrayChangedConditionSupportedArrayType from ._security_insights_enums import AutomationRulePropertyArrayChangedConditionSupportedChangeType -from ._security_insights_enums import AutomationRulePropertyArrayConditionSupportedArrayConditionType -from ._security_insights_enums import AutomationRulePropertyArrayConditionSupportedArrayType from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedChangedType from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedPropertyType from ._security_insights_enums import AutomationRulePropertyConditionSupportedOperator from ._security_insights_enums import AutomationRulePropertyConditionSupportedProperty -from ._security_insights_enums import Category from ._security_insights_enums import ConditionType from ._security_insights_enums import ConfidenceLevel from ._security_insights_enums import ConfidenceScoreStatus -from ._security_insights_enums import ConnectAuthKind -from ._security_insights_enums import ConnectivityType -from ._security_insights_enums import ContentType -from ._security_insights_enums import Context from ._security_insights_enums import CreatedByType -from ._security_insights_enums import CustomEntityQueryKind -from ._security_insights_enums import DataConnectorAuthorizationState from ._security_insights_enums import DataConnectorKind -from ._security_insights_enums import DataConnectorLicenseState from ._security_insights_enums import DataTypeState -from ._security_insights_enums import DeleteStatus from ._security_insights_enums import DeliveryAction from ._security_insights_enums import DeliveryLocation -from ._security_insights_enums import DeploymentFetchStatus -from ._security_insights_enums import DeploymentResult -from ._security_insights_enums import DeploymentState -from ._security_insights_enums import DeviceImportance from ._security_insights_enums import ElevationToken -from ._security_insights_enums import EntityItemQueryKind -from ._security_insights_enums import EntityKind +from ._security_insights_enums import EntityKindEnum from ._security_insights_enums import EntityMappingType -from ._security_insights_enums import EntityProviders -from ._security_insights_enums import EntityQueryKind -from ._security_insights_enums import EntityQueryTemplateKind -from ._security_insights_enums import EntityTimelineKind -from ._security_insights_enums import EntityType -from ._security_insights_enums import Enum13 -from ._security_insights_enums import Enum15 from ._security_insights_enums import EventGroupingAggregationKind -from ._security_insights_enums import FileFormat from ._security_insights_enums import FileHashAlgorithm -from ._security_insights_enums import FileImportContentType -from ._security_insights_enums import FileImportState -from ._security_insights_enums import GetInsightsError from ._security_insights_enums import IncidentClassification from ._security_insights_enums import IncidentClassificationReason from ._security_insights_enums import IncidentLabelType from ._security_insights_enums import IncidentSeverity from ._security_insights_enums import IncidentStatus -from ._security_insights_enums import IncidentTaskStatus -from ._security_insights_enums import IngestionMode from ._security_insights_enums import KillChainIntent -from ._security_insights_enums import Kind from ._security_insights_enums import MatchingMethod from ._security_insights_enums import MicrosoftSecurityProductName from ._security_insights_enums import OSFamily -from ._security_insights_enums import Operator -from ._security_insights_enums import OutputType from ._security_insights_enums import OwnerType -from ._security_insights_enums import PermissionProviderScope -from ._security_insights_enums import PollingFrequency -from ._security_insights_enums import Priority -from ._security_insights_enums import ProviderName from ._security_insights_enums import RegistryHive from ._security_insights_enums import RegistryValueKind -from ._security_insights_enums import RepoType from ._security_insights_enums import SecurityMLAnalyticsSettingsKind -from ._security_insights_enums import SettingKind -from ._security_insights_enums import SettingType from ._security_insights_enums import SettingsStatus -from ._security_insights_enums import SourceKind -from ._security_insights_enums import SourceType -from ._security_insights_enums import State -from ._security_insights_enums import SupportTier +from ._security_insights_enums import Source from ._security_insights_enums import TemplateStatus -from ._security_insights_enums import ThreatIntelligenceResourceKindEnum -from ._security_insights_enums import ThreatIntelligenceSortingCriteriaEnum +from ._security_insights_enums import ThreatIntelligenceResourceInnerKind +from ._security_insights_enums import ThreatIntelligenceSortingOrder from ._security_insights_enums import TriggerOperator from ._security_insights_enums import TriggersOn from ._security_insights_enums import TriggersWhen -from ._security_insights_enums import UebaDataSources -from ._security_insights_enums import Version from ._patch import __all__ as _patch_all from ._patch import * # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk __all__ = [ - "AADCheckRequirements", - "AADCheckRequirementsProperties", "AADDataConnector", - "AADDataConnectorProperties", - "AATPCheckRequirements", - "AATPCheckRequirementsProperties", "AATPDataConnector", - "AATPDataConnectorProperties", - "ASCCheckRequirements", "ASCDataConnector", "ASCDataConnectorProperties", "AccountEntity", @@ -525,162 +237,55 @@ "ActionResponse", "ActionResponseProperties", "ActionsList", - "ActivityCustomEntityQuery", - "ActivityEntityQueriesPropertiesQueryDefinitions", - "ActivityEntityQuery", - "ActivityEntityQueryTemplate", - "ActivityEntityQueryTemplatePropertiesQueryDefinitions", - "ActivityTimelineItem", - "AddIncidentTaskActionProperties", "AlertDetailsOverride", "AlertPropertyMapping", "AlertRule", "AlertRuleTemplate", "AlertRuleTemplateDataSource", - "AlertRuleTemplatePropertiesBase", - "AlertRuleTemplateWithMitreProperties", "AlertRuleTemplatesList", "AlertRulesList", "AlertsDataTypeOfDataConnector", - "Anomalies", "AnomalySecurityMLAnalyticsSettings", - "AnomalyTimelineItem", "AutomationRule", "AutomationRuleAction", - "AutomationRuleAddIncidentTaskAction", - "AutomationRuleBooleanCondition", "AutomationRuleCondition", "AutomationRuleModifyPropertiesAction", "AutomationRulePropertyArrayChangedValuesCondition", - "AutomationRulePropertyArrayValuesCondition", "AutomationRulePropertyValuesChangedCondition", "AutomationRulePropertyValuesCondition", "AutomationRuleRunPlaybookAction", "AutomationRuleTriggeringLogic", "AutomationRulesList", - "Availability", - "AwsCloudTrailCheckRequirements", "AwsCloudTrailDataConnector", "AwsCloudTrailDataConnectorDataTypes", "AwsCloudTrailDataConnectorDataTypesLogs", - "AwsS3CheckRequirements", - "AwsS3DataConnector", - "AwsS3DataConnectorDataTypes", - "AwsS3DataConnectorDataTypesLogs", - "AzureDevOpsResourceInfo", "AzureResourceEntity", "AzureResourceEntityProperties", "Bookmark", - "BookmarkEntityMappings", - "BookmarkExpandParameters", - "BookmarkExpandResponse", - "BookmarkExpandResponseValue", "BookmarkList", - "BookmarkTimelineItem", - "BooleanConditionProperties", "ClientInfo", "CloudApplicationEntity", "CloudApplicationEntityProperties", "CloudErrorBody", - "CodelessApiPollingDataConnector", - "CodelessConnectorPollingAuthProperties", - "CodelessConnectorPollingConfigProperties", - "CodelessConnectorPollingPagingProperties", - "CodelessConnectorPollingRequestProperties", - "CodelessConnectorPollingResponseProperties", - "CodelessUiConnectorConfigProperties", - "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem", - "CodelessUiConnectorConfigPropertiesDataTypesItem", - "CodelessUiConnectorConfigPropertiesGraphQueriesItem", - "CodelessUiConnectorConfigPropertiesInstructionStepsItem", - "CodelessUiConnectorConfigPropertiesSampleQueriesItem", - "CodelessUiDataConnector", - "ConnectedEntity", - "ConnectivityCriteria", - "ConnectorInstructionModelBase", - "Content", - "ContentPathMap", - "CustomEntityQuery", - "Customs", - "CustomsPermission", "DataConnector", - "DataConnectorConnectBody", "DataConnectorDataTypeCommon", "DataConnectorList", - "DataConnectorRequirementsState", "DataConnectorTenantId", "DataConnectorWithAlertsProperties", - "DataConnectorsCheckRequirements", - "DataTypeDefinitions", - "Deployment", - "DeploymentInfo", "DnsEntity", "DnsEntityProperties", - "Dynamics365CheckRequirements", - "Dynamics365CheckRequirementsProperties", - "Dynamics365DataConnector", - "Dynamics365DataConnectorDataTypes", - "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - "Dynamics365DataConnectorProperties", - "EnrichmentDomainWhois", - "EnrichmentDomainWhoisContact", - "EnrichmentDomainWhoisContacts", - "EnrichmentDomainWhoisDetails", - "EnrichmentDomainWhoisRegistrarDetails", - "EnrichmentIpGeodata", "Entity", - "EntityAnalytics", "EntityCommonProperties", - "EntityEdges", - "EntityExpandParameters", - "EntityExpandResponse", - "EntityExpandResponseValue", - "EntityFieldMapping", - "EntityGetInsightsParameters", - "EntityGetInsightsResponse", - "EntityInsightItem", - "EntityInsightItemQueryTimeInterval", - "EntityList", "EntityMapping", - "EntityQuery", - "EntityQueryItem", - "EntityQueryItemProperties", - "EntityQueryItemPropertiesDataTypesItem", - "EntityQueryList", - "EntityQueryTemplate", - "EntityQueryTemplateList", - "EntityTimelineItem", - "EntityTimelineParameters", - "EntityTimelineResponse", "EventGroupingSettings", - "ExpansionEntityQuery", - "ExpansionResultAggregation", - "ExpansionResultsMetadata", - "EyesOn", "FieldMapping", "FileEntity", "FileEntityProperties", "FileHashEntity", "FileHashEntityProperties", - "FileImport", - "FileImportList", - "FileMetadata", "FusionAlertRule", "FusionAlertRuleTemplate", - "FusionScenarioExclusionPattern", - "FusionSourceSettings", - "FusionSourceSubTypeSetting", - "FusionSubTypeSeverityFilter", - "FusionSubTypeSeverityFiltersItem", - "FusionTemplateSourceSetting", - "FusionTemplateSourceSubType", - "FusionTemplateSubTypeSeverityFilter", "GeoLocation", - "GetInsightsErrorKind", - "GetInsightsResultsMetadata", - "GetQueriesResponse", - "GitHubResourceInfo", - "GraphQueries", "GroupingConfiguration", "HostEntity", "HostEntityProperties", @@ -700,54 +305,13 @@ "IncidentList", "IncidentOwnerInfo", "IncidentPropertiesAction", - "IncidentTask", - "IncidentTaskList", - "InsightQueryItem", - "InsightQueryItemProperties", - "InsightQueryItemPropertiesAdditionalQuery", - "InsightQueryItemPropertiesDefaultTimeRange", - "InsightQueryItemPropertiesReferenceTimeRange", - "InsightQueryItemPropertiesTableQuery", - "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem", - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem", - "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", - "InsightsTableResult", - "InsightsTableResultColumnsItem", - "InstructionSteps", - "InstructionStepsInstructionsItem", - "Instructions", - "IoTCheckRequirements", - "IoTDataConnector", - "IoTDataConnectorProperties", "IoTDeviceEntity", "IoTDeviceEntityProperties", "IpEntity", "IpEntityProperties", - "LastDataReceivedDataType", - "MCASCheckRequirements", - "MCASCheckRequirementsProperties", "MCASDataConnector", "MCASDataConnectorDataTypes", - "MCASDataConnectorProperties", - "MDATPCheckRequirements", - "MDATPCheckRequirementsProperties", "MDATPDataConnector", - "MDATPDataConnectorProperties", - "MLBehaviorAnalyticsAlertRule", - "MLBehaviorAnalyticsAlertRuleTemplate", - "MLBehaviorAnalyticsAlertRuleTemplateProperties", - "MSTICheckRequirements", - "MSTICheckRequirementsProperties", - "MSTIDataConnector", - "MSTIDataConnectorDataTypes", - "MSTIDataConnectorDataTypesBingSafetyPhishingURL", - "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - "MSTIDataConnectorProperties", - "MTPCheckRequirementsProperties", - "MTPDataConnector", - "MTPDataConnectorDataTypes", - "MTPDataConnectorDataTypesIncidents", - "MTPDataConnectorProperties", "MailClusterEntity", "MailClusterEntityProperties", "MailMessageEntity", @@ -756,87 +320,32 @@ "MailboxEntityProperties", "MalwareEntity", "MalwareEntityProperties", - "ManualTriggerRequestBody", - "MetadataAuthor", - "MetadataCategories", - "MetadataDependencies", - "MetadataList", - "MetadataModel", - "MetadataPatch", - "MetadataSource", - "MetadataSupport", "MicrosoftSecurityIncidentCreationAlertRule", "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", "MicrosoftSecurityIncidentCreationAlertRuleProperties", "MicrosoftSecurityIncidentCreationAlertRuleTemplate", - "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - "MtpCheckRequirements", - "NicEntity", - "NicEntityProperties", - "NrtAlertRule", - "NrtAlertRuleTemplate", - "NrtAlertRuleTemplateProperties", - "Office365ProjectCheckRequirements", - "Office365ProjectCheckRequirementsProperties", - "Office365ProjectConnectorDataTypes", - "Office365ProjectConnectorDataTypesLogs", - "Office365ProjectDataConnector", - "Office365ProjectDataConnectorProperties", - "OfficeATPCheckRequirements", - "OfficeATPCheckRequirementsProperties", - "OfficeATPDataConnector", - "OfficeATPDataConnectorProperties", - "OfficeConsent", - "OfficeConsentList", "OfficeDataConnector", "OfficeDataConnectorDataTypes", "OfficeDataConnectorDataTypesExchange", "OfficeDataConnectorDataTypesSharePoint", "OfficeDataConnectorDataTypesTeams", - "OfficeDataConnectorProperties", - "OfficeIRMCheckRequirements", - "OfficeIRMCheckRequirementsProperties", - "OfficeIRMDataConnector", - "OfficeIRMDataConnectorProperties", - "OfficePowerBICheckRequirements", - "OfficePowerBICheckRequirementsProperties", - "OfficePowerBIConnectorDataTypes", - "OfficePowerBIConnectorDataTypesLogs", - "OfficePowerBIDataConnector", - "OfficePowerBIDataConnectorProperties", "Operation", "OperationDisplay", "OperationsList", - "Permissions", - "PermissionsCustomsItem", - "PermissionsResourceProviderItem", "PlaybookActionProperties", "ProcessEntity", "ProcessEntityProperties", "PropertyArrayChangedConditionProperties", - "PropertyArrayConditionProperties", "PropertyChangedConditionProperties", "PropertyConditionProperties", - "QueryBasedAlertRuleTemplateProperties", - "Recommendation", - "RecommendationList", - "RecommendationPatch", - "RecommendedAction", "RegistryKeyEntity", "RegistryKeyEntityProperties", "RegistryValueEntity", "RegistryValueEntityProperties", "Relation", "RelationList", - "Repo", - "RepoList", - "Repository", - "RepositoryResourceInfo", - "RequiredPermissions", "Resource", - "ResourceProvider", "ResourceWithEtag", - "SampleQueries", "ScheduledAlertRule", "ScheduledAlertRuleCommonProperties", "ScheduledAlertRuleProperties", @@ -844,34 +353,20 @@ "SecurityAlert", "SecurityAlertProperties", "SecurityAlertPropertiesConfidenceReasonsItem", - "SecurityAlertTimelineItem", "SecurityGroupEntity", "SecurityGroupEntityProperties", "SecurityMLAnalyticsSetting", "SecurityMLAnalyticsSettingsDataSource", "SecurityMLAnalyticsSettingsList", - "SentinelEntityMapping", "SentinelOnboardingState", "SentinelOnboardingStatesList", - "SettingList", - "Settings", - "SourceControl", - "SourceControlList", "SubmissionMailEntity", "SubmissionMailEntityProperties", "SystemData", - "TICheckRequirements", - "TICheckRequirementsProperties", "TIDataConnector", "TIDataConnectorDataTypes", "TIDataConnectorDataTypesIndicators", - "TIDataConnectorProperties", - "TeamInformation", - "TeamProperties", "ThreatIntelligence", - "ThreatIntelligenceAlertRule", - "ThreatIntelligenceAlertRuleTemplate", - "ThreatIntelligenceAlertRuleTemplateProperties", "ThreatIntelligenceAppendTags", "ThreatIntelligenceExternalReference", "ThreatIntelligenceFilteringCriteria", @@ -888,25 +383,13 @@ "ThreatIntelligenceParsedPattern", "ThreatIntelligenceParsedPatternTypeValue", "ThreatIntelligenceSortingCriteria", - "TiTaxiiCheckRequirements", - "TiTaxiiCheckRequirementsProperties", - "TiTaxiiDataConnector", - "TiTaxiiDataConnectorDataTypes", - "TiTaxiiDataConnectorDataTypesTaxiiClient", - "TiTaxiiDataConnectorProperties", - "TimelineAggregation", - "TimelineError", - "TimelineResultsMetadata", - "Ueba", "UrlEntity", "UrlEntityProperties", "UserInfo", - "ValidationError", "Watchlist", "WatchlistItem", "WatchlistItemList", "WatchlistList", - "Webhook", "ActionType", "AlertDetail", "AlertProperty", @@ -915,91 +398,46 @@ "AlertStatus", "AntispamMailDirection", "AttackTactic", - "AutomationRuleBooleanConditionSupportedOperator", "AutomationRulePropertyArrayChangedConditionSupportedArrayType", "AutomationRulePropertyArrayChangedConditionSupportedChangeType", - "AutomationRulePropertyArrayConditionSupportedArrayConditionType", - "AutomationRulePropertyArrayConditionSupportedArrayType", "AutomationRulePropertyChangedConditionSupportedChangedType", "AutomationRulePropertyChangedConditionSupportedPropertyType", "AutomationRulePropertyConditionSupportedOperator", "AutomationRulePropertyConditionSupportedProperty", - "Category", "ConditionType", "ConfidenceLevel", "ConfidenceScoreStatus", - "ConnectAuthKind", - "ConnectivityType", - "ContentType", - "Context", "CreatedByType", - "CustomEntityQueryKind", - "DataConnectorAuthorizationState", "DataConnectorKind", - "DataConnectorLicenseState", "DataTypeState", - "DeleteStatus", "DeliveryAction", "DeliveryLocation", - "DeploymentFetchStatus", - "DeploymentResult", - "DeploymentState", - "DeviceImportance", "ElevationToken", - "EntityItemQueryKind", - "EntityKind", + "EntityKindEnum", "EntityMappingType", - "EntityProviders", - "EntityQueryKind", - "EntityQueryTemplateKind", - "EntityTimelineKind", - "EntityType", - "Enum13", - "Enum15", "EventGroupingAggregationKind", - "FileFormat", "FileHashAlgorithm", - "FileImportContentType", - "FileImportState", - "GetInsightsError", "IncidentClassification", "IncidentClassificationReason", "IncidentLabelType", "IncidentSeverity", "IncidentStatus", - "IncidentTaskStatus", - "IngestionMode", "KillChainIntent", - "Kind", "MatchingMethod", "MicrosoftSecurityProductName", "OSFamily", - "Operator", - "OutputType", "OwnerType", - "PermissionProviderScope", - "PollingFrequency", - "Priority", - "ProviderName", "RegistryHive", "RegistryValueKind", - "RepoType", "SecurityMLAnalyticsSettingsKind", - "SettingKind", - "SettingType", "SettingsStatus", - "SourceKind", - "SourceType", - "State", - "SupportTier", + "Source", "TemplateStatus", - "ThreatIntelligenceResourceKindEnum", - "ThreatIntelligenceSortingCriteriaEnum", + "ThreatIntelligenceResourceInnerKind", + "ThreatIntelligenceSortingOrder", "TriggerOperator", "TriggersOn", "TriggersWhen", - "UebaDataSources", - "Version", ] __all__.extend([p for p in _patch_all if p not in __all__]) _patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py index 5a15e9c34571..39998bfd40b4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py @@ -17,10 +17,6 @@ from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports @@ -28,152 +24,6 @@ JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object -class DataConnectorsCheckRequirements(_serialization.Model): - """Data connector requirements properties. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - AwsCloudTrailCheckRequirements, AwsS3CheckRequirements, AADCheckRequirements, - AATPCheckRequirements, ASCCheckRequirements, Dynamics365CheckRequirements, - IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, MSTICheckRequirements, - MtpCheckRequirements, Office365ProjectCheckRequirements, OfficeATPCheckRequirements, - OfficeIRMCheckRequirements, OfficePowerBICheckRequirements, TICheckRequirements, - TiTaxiiCheckRequirements - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - } - - _subtype_map = { - "kind": { - "AmazonWebServicesCloudTrail": "AwsCloudTrailCheckRequirements", - "AmazonWebServicesS3": "AwsS3CheckRequirements", - "AzureActiveDirectory": "AADCheckRequirements", - "AzureAdvancedThreatProtection": "AATPCheckRequirements", - "AzureSecurityCenter": "ASCCheckRequirements", - "Dynamics365": "Dynamics365CheckRequirements", - "IOT": "IoTCheckRequirements", - "MicrosoftCloudAppSecurity": "MCASCheckRequirements", - "MicrosoftDefenderAdvancedThreatProtection": "MDATPCheckRequirements", - "MicrosoftThreatIntelligence": "MSTICheckRequirements", - "MicrosoftThreatProtection": "MtpCheckRequirements", - "Office365Project": "Office365ProjectCheckRequirements", - "OfficeATP": "OfficeATPCheckRequirements", - "OfficeIRM": "OfficeIRMCheckRequirements", - "OfficePowerBI": "OfficePowerBICheckRequirements", - "ThreatIntelligence": "TICheckRequirements", - "ThreatIntelligenceTaxii": "TiTaxiiCheckRequirements", - } - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: Optional[str] = None - - -class AADCheckRequirements(DataConnectorsCheckRequirements): - """Represents AAD (Azure Active Directory) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "AzureActiveDirectory" - self.tenant_id = tenant_id - - -class DataConnectorTenantId(_serialization.Model): - """Properties data connector on tenant level. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.tenant_id = tenant_id - - -class AADCheckRequirementsProperties(DataConnectorTenantId): - """AAD (Azure Active Directory) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - class Resource(_serialization.Model): """Common fields that are returned in the response for all Azure Resource Manager resources. @@ -206,7 +56,7 @@ class Resource(_serialization.Model): "system_data": {"key": "systemData", "type": "SystemData"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.id = None @@ -250,7 +100,7 @@ class ResourceWithEtag(Resource): "etag": {"key": "etag", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -263,12 +113,8 @@ class DataConnector(ResourceWithEtag): """Data connector. You probably want to use the sub-classes and not this class directly. Known sub-classes are: - CodelessApiPollingDataConnector, AwsCloudTrailDataConnector, AwsS3DataConnector, - AADDataConnector, AATPDataConnector, ASCDataConnector, Dynamics365DataConnector, - CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, MDATPDataConnector, - MSTIDataConnector, MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, - OfficeATPDataConnector, OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, - TiTaxiiDataConnector + AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, + MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -288,12 +134,9 @@ class DataConnector(ResourceWithEtag): :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -316,30 +159,18 @@ class DataConnector(ResourceWithEtag): _subtype_map = { "kind": { - "APIPolling": "CodelessApiPollingDataConnector", "AmazonWebServicesCloudTrail": "AwsCloudTrailDataConnector", - "AmazonWebServicesS3": "AwsS3DataConnector", "AzureActiveDirectory": "AADDataConnector", "AzureAdvancedThreatProtection": "AATPDataConnector", "AzureSecurityCenter": "ASCDataConnector", - "Dynamics365": "Dynamics365DataConnector", - "GenericUI": "CodelessUiDataConnector", - "IOT": "IoTDataConnector", "MicrosoftCloudAppSecurity": "MCASDataConnector", "MicrosoftDefenderAdvancedThreatProtection": "MDATPDataConnector", - "MicrosoftThreatIntelligence": "MSTIDataConnector", - "MicrosoftThreatProtection": "MTPDataConnector", "Office365": "OfficeDataConnector", - "Office365Project": "Office365ProjectDataConnector", - "OfficeATP": "OfficeATPDataConnector", - "OfficeIRM": "OfficeIRMDataConnector", - "OfficePowerBI": "OfficePowerBIDataConnector", "ThreatIntelligence": "TIDataConnector", - "ThreatIntelligenceTaxii": "TiTaxiiDataConnector", } } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -369,12 +200,9 @@ class AADDataConnector(DataConnector): :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -407,8 +235,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -423,121 +251,6 @@ def __init__( self.data_types = data_types -class DataConnectorWithAlertsProperties(_serialization.Model): - """Data connector properties. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - } - - def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - super().__init__(**kwargs) - self.data_types = data_types - - -class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """AAD (Azure Active Directory) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - - -class AATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents AATP (Azure Advanced Threat Protection) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "AzureAdvancedThreatProtection" - self.tenant_id = tenant_id - - -class AATPCheckRequirementsProperties(DataConnectorTenantId): - """AATP (Azure Advanced Threat Protection) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - class AATPDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. @@ -559,12 +272,9 @@ class AATPDataConnector(DataConnector): :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -597,8 +307,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -613,47 +323,13 @@ def __init__( self.data_types = data_types -class AATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """AATP (Azure Advanced Threat Protection) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - - class Entity(Resource): """Specific entity. You probably want to use the sub-classes and not this class directly. Known sub-classes are: AccountEntity, AzureResourceEntity, HuntingBookmark, CloudApplicationEntity, DnsEntity, FileEntity, FileHashEntity, HostEntity, IoTDeviceEntity, IpEntity, MailClusterEntity, - MailMessageEntity, MailboxEntity, MalwareEntity, NicEntity, ProcessEntity, RegistryKeyEntity, + MailMessageEntity, MailboxEntity, MalwareEntity, ProcessEntity, RegistryKeyEntity, RegistryValueEntity, SecurityAlert, SecurityGroupEntity, SubmissionMailEntity, UrlEntity Variables are only populated by the server, and will be ignored when sending a request. @@ -674,8 +350,8 @@ class Entity(Resource): :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ _validation = { @@ -710,7 +386,6 @@ class Entity(Resource): "MailMessage": "MailMessageEntity", "Mailbox": "MailboxEntity", "Malware": "MalwareEntity", - "Nic": "NicEntity", "Process": "ProcessEntity", "RegistryKey": "RegistryKeyEntity", "RegistryValue": "RegistryValueEntity", @@ -721,7 +396,7 @@ class Entity(Resource): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -748,11 +423,11 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -831,7 +506,7 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "Account" @@ -858,7 +533,7 @@ class EntityCommonProperties(_serialization.Model): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -874,7 +549,7 @@ class EntityCommonProperties(_serialization.Model): "friendly_name": {"key": "friendlyName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.additional_data = None @@ -888,7 +563,7 @@ class AccountEntityProperties(EntityCommonProperties): # pylint: disable=too-ma :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -957,7 +632,7 @@ class AccountEntityProperties(EntityCommonProperties): # pylint: disable=too-ma "dns_domain": {"key": "dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.aad_tenant_id = None @@ -993,7 +668,7 @@ class ActionPropertiesBase(_serialization.Model): "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1052,8 +727,8 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, trigger_uri: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1091,7 +766,7 @@ class ActionRequestProperties(ActionPropertiesBase): "trigger_uri": {"key": "triggerUri", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1104,7 +779,7 @@ def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs): self.trigger_uri = trigger_uri -class ActionResponse(ResourceWithEtag): +class ActionResponse(Resource): """Action for alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -1120,7 +795,7 @@ class ActionResponse(ResourceWithEtag): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. + :ivar etag: Etag of the action. :vartype etag: str :ivar logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1152,10 +827,10 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, workflow_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. + :keyword etag: Etag of the action. :paramtype etag: str :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1163,7 +838,8 @@ def __init__( :keyword workflow_id: The name of the logic app's workflow. :paramtype workflow_id: str """ - super().__init__(etag=etag, **kwargs) + super().__init__(**kwargs) + self.etag = etag self.logic_app_resource_id = logic_app_resource_id self.workflow_id = workflow_id @@ -1190,7 +866,7 @@ class ActionResponseProperties(ActionPropertiesBase): "workflow_id": {"key": "workflowId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs): + def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1226,7 +902,7 @@ class ActionsList(_serialization.Model): "value": {"key": "value", "type": "[ActionResponse]"}, } - def __init__(self, *, value: List["_models.ActionResponse"], **kwargs): + def __init__(self, *, value: List["_models.ActionResponse"], **kwargs: Any) -> None: """ :keyword value: Array of actions. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.ActionResponse] @@ -1236,63 +912,106 @@ def __init__(self, *, value: List["_models.ActionResponse"], **kwargs): self.value = value -class CustomEntityQuery(ResourceWithEtag): - """Specific entity query that supports put requests. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - ActivityCustomEntityQuery - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. +class AlertDetailsOverride(_serialization.Model): + """Settings for how to dynamically override alert static details. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: the entity query kind. Required. "Activity" - :vartype kind: str or ~azure.mgmt.securityinsight.models.CustomEntityQueryKind + :ivar alert_display_name_format: the format containing columns name(s) to override the alert + name. + :vartype alert_display_name_format: str + :ivar alert_description_format: the format containing columns name(s) to override the alert + description. + :vartype alert_description_format: str + :ivar alert_tactics_column_name: the column name to take the alert tactics from. + :vartype alert_tactics_column_name: str + :ivar alert_severity_column_name: the column name to take the alert severity from. + :vartype alert_severity_column_name: str + :ivar alert_dynamic_properties: List of additional dynamic properties to override. + :vartype alert_dynamic_properties: + list[~azure.mgmt.securityinsight.models.AlertPropertyMapping] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, + "alert_display_name_format": {"key": "alertDisplayNameFormat", "type": "str"}, + "alert_description_format": {"key": "alertDescriptionFormat", "type": "str"}, + "alert_tactics_column_name": {"key": "alertTacticsColumnName", "type": "str"}, + "alert_severity_column_name": {"key": "alertSeverityColumnName", "type": "str"}, + "alert_dynamic_properties": {"key": "alertDynamicProperties", "type": "[AlertPropertyMapping]"}, } - _subtype_map = {"kind": {"Activity": "ActivityCustomEntityQuery"}} + def __init__( + self, + *, + alert_display_name_format: Optional[str] = None, + alert_description_format: Optional[str] = None, + alert_tactics_column_name: Optional[str] = None, + alert_severity_column_name: Optional[str] = None, + alert_dynamic_properties: Optional[List["_models.AlertPropertyMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword alert_display_name_format: the format containing columns name(s) to override the alert + name. + :paramtype alert_display_name_format: str + :keyword alert_description_format: the format containing columns name(s) to override the alert + description. + :paramtype alert_description_format: str + :keyword alert_tactics_column_name: the column name to take the alert tactics from. + :paramtype alert_tactics_column_name: str + :keyword alert_severity_column_name: the column name to take the alert severity from. + :paramtype alert_severity_column_name: str + :keyword alert_dynamic_properties: List of additional dynamic properties to override. + :paramtype alert_dynamic_properties: + list[~azure.mgmt.securityinsight.models.AlertPropertyMapping] + """ + super().__init__(**kwargs) + self.alert_display_name_format = alert_display_name_format + self.alert_description_format = alert_description_format + self.alert_tactics_column_name = alert_tactics_column_name + self.alert_severity_column_name = alert_severity_column_name + self.alert_dynamic_properties = alert_dynamic_properties + + +class AlertPropertyMapping(_serialization.Model): + """A single alert property mapping to override. + + :ivar alert_property: The V3 alert property. Known values are: "AlertLink", "ConfidenceLevel", + "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", "ProductComponentName", + "RemediationSteps", and "Techniques". + :vartype alert_property: str or ~azure.mgmt.securityinsight.models.AlertProperty + :ivar value: the column name to use to override this property. + :vartype value: str + """ + + _attribute_map = { + "alert_property": {"key": "alertProperty", "type": "str"}, + "value": {"key": "value", "type": "str"}, + } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + alert_property: Optional[Union[str, "_models.AlertProperty"]] = None, + value: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword alert_property: The V3 alert property. Known values are: "AlertLink", + "ConfidenceLevel", "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", + "ProductComponentName", "RemediationSteps", and "Techniques". + :paramtype alert_property: str or ~azure.mgmt.securityinsight.models.AlertProperty + :keyword value: the column name to use to override this property. + :paramtype value: str """ - super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None + super().__init__(**kwargs) + self.alert_property = alert_property + self.value = value -class ActivityCustomEntityQuery(CustomEntityQuery): # pylint: disable=too-many-instance-attributes - """Represents Activity entity query. +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + FusionAlertRule, MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule Variables are only populated by the server, and will be ignored when sending a request. @@ -1311,36 +1030,9 @@ class ActivityCustomEntityQuery(CustomEntityQuery): # pylint: disable=too-many- :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: the entity query kind. Required. "Activity" - :vartype kind: str or ~azure.mgmt.securityinsight.models.CustomEntityQueryKind - :ivar title: The entity query title. - :vartype title: str - :ivar content: The entity query content to display in timeline. - :vartype content: str - :ivar description: The entity query description. - :vartype description: str - :ivar query_definitions: The Activity query definitions. - :vartype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: List of the fields of the source entity that are required to - run the query. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: dict[str, list[str]] - :ivar template_name: The template id this activity was created from. - :vartype template_name: str - :ivar enabled: Determines whether this activity is enabled or disabled. - :vartype enabled: bool - :ivar created_time_utc: The time the activity was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the activity was updated. - :vartype last_modified_time_utc: ~datetime.datetime + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ _validation = { @@ -1349,8 +1041,6 @@ class ActivityCustomEntityQuery(CustomEntityQuery): # pylint: disable=too-many- "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, } _attribute_map = { @@ -1360,105 +1050,64 @@ class ActivityCustomEntityQuery(CustomEntityQuery): # pylint: disable=too-many- "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "content": {"key": "properties.content", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query_definitions": { - "key": "properties.queryDefinitions", - "type": "ActivityEntityQueriesPropertiesQueryDefinitions", - }, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, - "template_name": {"key": "properties.templateName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - title: Optional[str] = None, - content: Optional[str] = None, - description: Optional[str] = None, - query_definitions: Optional["_models.ActivityEntityQueriesPropertiesQueryDefinitions"] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[Dict[str, List[str]]] = None, - template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): + _subtype_map = { + "kind": { + "Fusion": "FusionAlertRule", + "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRule", + "Scheduled": "ScheduledAlertRule", + } + } + + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword title: The entity query title. - :paramtype title: str - :keyword content: The entity query content to display in timeline. - :paramtype content: str - :keyword description: The entity query description. - :paramtype description: str - :keyword query_definitions: The Activity query definitions. - :paramtype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: List of the fields of the source entity that are required - to run the query. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: dict[str, list[str]] - :keyword template_name: The template id this activity was created from. - :paramtype template_name: str - :keyword enabled: Determines whether this activity is enabled or disabled. - :paramtype enabled: bool """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Activity" - self.title = title - self.content = content - self.description = description - self.query_definitions = query_definitions - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter - self.template_name = template_name - self.enabled = enabled - self.created_time_utc = None - self.last_modified_time_utc = None + self.kind: Optional[str] = None -class ActivityEntityQueriesPropertiesQueryDefinitions(_serialization.Model): - """The Activity query definitions. +class AlertRulesList(_serialization.Model): + """List all the alert rules. - :ivar query: The Activity query to run on a given entity. - :vartype query: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :ivar value: Array of alert rules. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.AlertRule] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "query": {"key": "query", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[AlertRule]"}, } - def __init__(self, *, query: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.AlertRule"], **kwargs: Any) -> None: """ - :keyword query: The Activity query to run on a given entity. - :paramtype query: str + :keyword value: Array of alert rules. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] """ super().__init__(**kwargs) - self.query = query + self.next_link = None + self.value = value -class EntityQuery(ResourceWithEtag): - """Specific entity query. +class AlertRuleTemplate(Resource): + """Alert rule template. You probably want to use the sub-classes and not this class directly. Known sub-classes are: - ActivityEntityQuery, ExpansionEntityQuery + FusionAlertRuleTemplate, MicrosoftSecurityIncidentCreationAlertRuleTemplate, + ScheduledAlertRuleTemplate Variables are only populated by the server, and will be ignored when sending a request. @@ -1475,11 +1124,9 @@ class EntityQuery(ResourceWithEtag): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and - "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ _validation = { @@ -1495,23 +1142,109 @@ class EntityQuery(ResourceWithEtag): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, } - _subtype_map = {"kind": {"Activity": "ActivityEntityQuery", "Expansion": "ExpansionEntityQuery"}} + _subtype_map = { + "kind": { + "Fusion": "FusionAlertRuleTemplate", + "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + "Scheduled": "ScheduledAlertRuleTemplate", + } + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: Optional[str] = None + + +class AlertRuleTemplateDataSource(_serialization.Model): + """alert rule template data sources. + + :ivar connector_id: The connector id that provides the following data types. + :vartype connector_id: str + :ivar data_types: The data types used by the alert rule template. + :vartype data_types: list[str] + """ - def __init__(self, *, etag: Optional[str] = None, **kwargs): + _attribute_map = { + "connector_id": {"key": "connectorId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "[str]"}, + } + + def __init__( + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword connector_id: The connector id that provides the following data types. + :paramtype connector_id: str + :keyword data_types: The data types used by the alert rule template. + :paramtype data_types: list[str] """ - super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None + super().__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types + + +class AlertRuleTemplatesList(_serialization.Model): + """List all the alert rule templates. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of alert rule templates. + :vartype next_link: str + :ivar value: Array of alert rule templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[AlertRuleTemplate]"}, + } + + def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs: Any) -> None: + """ + :keyword value: Array of alert rule templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class AlertsDataTypeOfDataConnector(_serialization.Model): + """Alerts data type for data connectors. + + :ivar alerts: Alerts data type connection. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + _attribute_map = { + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + } + + def __init__(self, *, alerts: Optional["_models.DataConnectorDataTypeCommon"] = None, **kwargs: Any) -> None: + """ + :keyword alerts: Alerts data type connection. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + super().__init__(**kwargs) + self.alerts = alerts + + +class SecurityMLAnalyticsSetting(ResourceWithEtag): + """Security ML Analytics Setting. -class ActivityEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes - """Represents Activity entity query. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AnomalySecurityMLAnalyticsSettings Variables are only populated by the server, and will be ignored when sending a request. @@ -1530,37 +1263,8 @@ class ActivityEntityQuery(EntityQuery): # pylint: disable=too-many-instance-att :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and - "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar title: The entity query title. - :vartype title: str - :ivar content: The entity query content to display in timeline. - :vartype content: str - :ivar description: The entity query description. - :vartype description: str - :ivar query_definitions: The Activity query definitions. - :vartype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: List of the fields of the source entity that are required to - run the query. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: dict[str, list[str]] - :ivar template_name: The template id this activity was created from. - :vartype template_name: str - :ivar enabled: Determines whether this activity is enabled or disabled. - :vartype enabled: bool - :ivar created_time_utc: The time the activity was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the activity was updated. - :vartype last_modified_time_utc: ~datetime.datetime + :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" + :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind """ _validation = { @@ -1569,8 +1273,6 @@ class ActivityEntityQuery(EntityQuery): # pylint: disable=too-many-instance-att "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, } _attribute_map = { @@ -1580,85 +1282,21 @@ class ActivityEntityQuery(EntityQuery): # pylint: disable=too-many-instance-att "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "content": {"key": "properties.content", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query_definitions": { - "key": "properties.queryDefinitions", - "type": "ActivityEntityQueriesPropertiesQueryDefinitions", - }, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, - "template_name": {"key": "properties.templateName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - title: Optional[str] = None, - content: Optional[str] = None, - description: Optional[str] = None, - query_definitions: Optional["_models.ActivityEntityQueriesPropertiesQueryDefinitions"] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[Dict[str, List[str]]] = None, - template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): + _subtype_map = {"kind": {"Anomaly": "AnomalySecurityMLAnalyticsSettings"}} + + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword title: The entity query title. - :paramtype title: str - :keyword content: The entity query content to display in timeline. - :paramtype content: str - :keyword description: The entity query description. - :paramtype description: str - :keyword query_definitions: The Activity query definitions. - :paramtype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: List of the fields of the source entity that are required - to run the query. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: dict[str, list[str]] - :keyword template_name: The template id this activity was created from. - :paramtype template_name: str - :keyword enabled: Determines whether this activity is enabled or disabled. - :paramtype enabled: bool """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Activity" - self.title = title - self.content = content - self.description = description - self.query_definitions = query_definitions - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter - self.template_name = template_name - self.enabled = enabled - self.created_time_utc = None - self.last_modified_time_utc = None - + self.kind: Optional[str] = None -class EntityQueryTemplate(Resource): - """Specific entity query template. - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - ActivityEntityQueryTemplate +class AnomalySecurityMLAnalyticsSettings(SecurityMLAnalyticsSetting): # pylint: disable=too-many-instance-attributes + """Represents Anomaly Security ML Analytics Settings. Variables are only populated by the server, and will be ignored when sending a request. @@ -1675,8 +1313,43 @@ class EntityQueryTemplate(Resource): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: the entity query template kind. Required. "Activity" - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryTemplateKind + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" + :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind + :ivar description: The description of the SecurityMLAnalyticsSettings. + :vartype description: str + :ivar display_name: The display name for settings created by this SecurityMLAnalyticsSettings. + :vartype display_name: str + :ivar enabled: Determines whether this settings is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this SecurityMLAnalyticsSettings has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar required_data_connectors: The required data sources for this SecurityMLAnalyticsSettings. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] + :ivar tactics: The tactics of the SecurityMLAnalyticsSettings. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the SecurityMLAnalyticsSettings. + :vartype techniques: list[str] + :ivar anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. + :vartype anomaly_version: str + :ivar customizable_observations: The customizable observations of the + AnomalySecurityMLAnalyticsSettings. + :vartype customizable_observations: JSON + :ivar frequency: The frequency that this SecurityMLAnalyticsSettings will be run. + :vartype frequency: ~datetime.timedelta + :ivar settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: + "Production" and "Flighting". + :vartype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus + :ivar is_default_settings: Determines whether this anomaly security ml analytics settings is a + default settings. + :vartype is_default_settings: bool + :ivar anomaly_settings_version: The anomaly settings version of the Anomaly security ml + analytics settings that dictates whether job version gets updated or not. + :vartype anomaly_settings_version: int + :ivar settings_definition_id: The anomaly settings definition Id. + :vartype settings_definition_id: str """ _validation = { @@ -1685,6 +1358,7 @@ class EntityQueryTemplate(Resource): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { @@ -1692,19 +1366,103 @@ class EntityQueryTemplate(Resource): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[SecurityMLAnalyticsSettingsDataSource]", + }, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "anomaly_version": {"key": "properties.anomalyVersion", "type": "str"}, + "customizable_observations": {"key": "properties.customizableObservations", "type": "object"}, + "frequency": {"key": "properties.frequency", "type": "duration"}, + "settings_status": {"key": "properties.settingsStatus", "type": "str"}, + "is_default_settings": {"key": "properties.isDefaultSettings", "type": "bool"}, + "anomaly_settings_version": {"key": "properties.anomalySettingsVersion", "type": "int"}, + "settings_definition_id": {"key": "properties.settingsDefinitionId", "type": "str"}, } - _subtype_map = {"kind": {"Activity": "ActivityEntityQueryTemplate"}} - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: Optional[str] = None + def __init__( + self, + *, + etag: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + required_data_connectors: Optional[List["_models.SecurityMLAnalyticsSettingsDataSource"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + anomaly_version: Optional[str] = None, + customizable_observations: Optional[JSON] = None, + frequency: Optional[datetime.timedelta] = None, + settings_status: Optional[Union[str, "_models.SettingsStatus"]] = None, + is_default_settings: Optional[bool] = None, + anomaly_settings_version: Optional[int] = None, + settings_definition_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword description: The description of the SecurityMLAnalyticsSettings. + :paramtype description: str + :keyword display_name: The display name for settings created by this + SecurityMLAnalyticsSettings. + :paramtype display_name: str + :keyword enabled: Determines whether this settings is enabled or disabled. + :paramtype enabled: bool + :keyword required_data_connectors: The required data sources for this + SecurityMLAnalyticsSettings. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] + :keyword tactics: The tactics of the SecurityMLAnalyticsSettings. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the SecurityMLAnalyticsSettings. + :paramtype techniques: list[str] + :keyword anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. + :paramtype anomaly_version: str + :keyword customizable_observations: The customizable observations of the + AnomalySecurityMLAnalyticsSettings. + :paramtype customizable_observations: JSON + :keyword frequency: The frequency that this SecurityMLAnalyticsSettings will be run. + :paramtype frequency: ~datetime.timedelta + :keyword settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: + "Production" and "Flighting". + :paramtype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus + :keyword is_default_settings: Determines whether this anomaly security ml analytics settings is + a default settings. + :paramtype is_default_settings: bool + :keyword anomaly_settings_version: The anomaly settings version of the Anomaly security ml + analytics settings that dictates whether job version gets updated or not. + :paramtype anomaly_settings_version: int + :keyword settings_definition_id: The anomaly settings definition Id. + :paramtype settings_definition_id: str + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Anomaly" + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.required_data_connectors = required_data_connectors + self.tactics = tactics + self.techniques = techniques + self.anomaly_version = anomaly_version + self.customizable_observations = customizable_observations + self.frequency = frequency + self.settings_status = settings_status + self.is_default_settings = is_default_settings + self.anomaly_settings_version = anomaly_settings_version + self.settings_definition_id = settings_definition_id -class ActivityEntityQueryTemplate(EntityQueryTemplate): # pylint: disable=too-many-instance-attributes - """Represents Activity entity query. +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1721,30 +1479,17 @@ class ActivityEntityQueryTemplate(EntityQueryTemplate): # pylint: disable=too-m :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: the entity query template kind. Required. "Activity" - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryTemplateKind - :ivar title: The entity query title. - :vartype title: str - :ivar content: The entity query content to display in timeline. - :vartype content: str - :ivar description: The entity query description. - :vartype description: str - :ivar query_definitions: The Activity query definitions. - :vartype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueryTemplatePropertiesQueryDefinitions - :ivar data_types: List of required data types for the given entity query template. - :vartype data_types: list[~azure.mgmt.securityinsight.models.DataTypeDefinitions] - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: List of the fields of the source entity that are required to - run the query. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: dict[str, list[str]] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { @@ -1760,355 +1505,89 @@ class ActivityEntityQueryTemplate(EntityQueryTemplate): # pylint: disable=too-m "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "content": {"key": "properties.content", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query_definitions": { - "key": "properties.queryDefinitions", - "type": "ActivityEntityQueryTemplatePropertiesQueryDefinitions", - }, - "data_types": {"key": "properties.dataTypes", "type": "[DataTypeDefinitions]"}, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } def __init__( self, *, - title: Optional[str] = None, - content: Optional[str] = None, - description: Optional[str] = None, - query_definitions: Optional["_models.ActivityEntityQueryTemplatePropertiesQueryDefinitions"] = None, - data_types: Optional[List["_models.DataTypeDefinitions"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[Dict[str, List[str]]] = None, - **kwargs - ): + etag: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword title: The entity query title. - :paramtype title: str - :keyword content: The entity query content to display in timeline. - :paramtype content: str - :keyword description: The entity query description. - :paramtype description: str - :keyword query_definitions: The Activity query definitions. - :paramtype query_definitions: - ~azure.mgmt.securityinsight.models.ActivityEntityQueryTemplatePropertiesQueryDefinitions - :keyword data_types: List of required data types for the given entity query template. - :paramtype data_types: list[~azure.mgmt.securityinsight.models.DataTypeDefinitions] - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: List of the fields of the source entity that are required - to run the query. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: dict[str, list[str]] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ - super().__init__(**kwargs) - self.kind: str = "Activity" - self.title = title - self.content = content - self.description = description - self.query_definitions = query_definitions + super().__init__(etag=etag, **kwargs) + self.kind: str = "AzureSecurityCenter" self.data_types = data_types - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter + self.subscription_id = subscription_id -class ActivityEntityQueryTemplatePropertiesQueryDefinitions(_serialization.Model): - """The Activity query definitions. +class DataConnectorWithAlertsProperties(_serialization.Model): + """Data connector properties. - :ivar query: The Activity query to run on a given entity. - :vartype query: str - :ivar summarize_by: The dimensions we want to summarize the timeline results on, this is comma - separated list. - :vartype summarize_by: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _attribute_map = { - "query": {"key": "query", "type": "str"}, - "summarize_by": {"key": "summarizeBy", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } - def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs): + def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any) -> None: """ - :keyword query: The Activity query to run on a given entity. - :paramtype query: str - :keyword summarize_by: The dimensions we want to summarize the timeline results on, this is - comma separated list. - :paramtype summarize_by: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ super().__init__(**kwargs) - self.query = query - self.summarize_by = summarize_by - - -class EntityTimelineItem(_serialization.Model): - """Entity timeline Item. + self.data_types = data_types - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - ActivityTimelineItem, AnomalyTimelineItem, BookmarkTimelineItem, SecurityAlertTimelineItem - All required parameters must be populated in order to send to Azure. +class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. - :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, } - _subtype_map = { - "kind": { - "Activity": "ActivityTimelineItem", - "Anomaly": "AnomalyTimelineItem", - "Bookmark": "BookmarkTimelineItem", - "SecurityAlert": "SecurityAlertTimelineItem", - } - } + def __init__( + self, + *, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: Optional[str] = None +class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """AutomationRule. -class ActivityTimelineItem(EntityTimelineItem): - """Represents Activity timeline item. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar query_id: The activity query id. Required. - :vartype query_id: str - :ivar bucket_start_time_utc: The grouping bucket start time. Required. - :vartype bucket_start_time_utc: ~datetime.datetime - :ivar bucket_end_time_utc: The grouping bucket end time. Required. - :vartype bucket_end_time_utc: ~datetime.datetime - :ivar first_activity_time_utc: The time of the first activity in the grouping bucket. Required. - :vartype first_activity_time_utc: ~datetime.datetime - :ivar last_activity_time_utc: The time of the last activity in the grouping bucket. Required. - :vartype last_activity_time_utc: ~datetime.datetime - :ivar content: The activity timeline content. Required. - :vartype content: str - :ivar title: The activity timeline title. Required. - :vartype title: str - """ - - _validation = { - "kind": {"required": True}, - "query_id": {"required": True}, - "bucket_start_time_utc": {"required": True}, - "bucket_end_time_utc": {"required": True}, - "first_activity_time_utc": {"required": True}, - "last_activity_time_utc": {"required": True}, - "content": {"required": True}, - "title": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "bucket_start_time_utc": {"key": "bucketStartTimeUTC", "type": "iso-8601"}, - "bucket_end_time_utc": {"key": "bucketEndTimeUTC", "type": "iso-8601"}, - "first_activity_time_utc": {"key": "firstActivityTimeUTC", "type": "iso-8601"}, - "last_activity_time_utc": {"key": "lastActivityTimeUTC", "type": "iso-8601"}, - "content": {"key": "content", "type": "str"}, - "title": {"key": "title", "type": "str"}, - } - - def __init__( - self, - *, - query_id: str, - bucket_start_time_utc: datetime.datetime, - bucket_end_time_utc: datetime.datetime, - first_activity_time_utc: datetime.datetime, - last_activity_time_utc: datetime.datetime, - content: str, - title: str, - **kwargs - ): - """ - :keyword query_id: The activity query id. Required. - :paramtype query_id: str - :keyword bucket_start_time_utc: The grouping bucket start time. Required. - :paramtype bucket_start_time_utc: ~datetime.datetime - :keyword bucket_end_time_utc: The grouping bucket end time. Required. - :paramtype bucket_end_time_utc: ~datetime.datetime - :keyword first_activity_time_utc: The time of the first activity in the grouping bucket. - Required. - :paramtype first_activity_time_utc: ~datetime.datetime - :keyword last_activity_time_utc: The time of the last activity in the grouping bucket. - Required. - :paramtype last_activity_time_utc: ~datetime.datetime - :keyword content: The activity timeline content. Required. - :paramtype content: str - :keyword title: The activity timeline title. Required. - :paramtype title: str - """ - super().__init__(**kwargs) - self.kind: str = "Activity" - self.query_id = query_id - self.bucket_start_time_utc = bucket_start_time_utc - self.bucket_end_time_utc = bucket_end_time_utc - self.first_activity_time_utc = first_activity_time_utc - self.last_activity_time_utc = last_activity_time_utc - self.content = content - self.title = title - - -class AddIncidentTaskActionProperties(_serialization.Model): - """AddIncidentTaskActionProperties. - - All required parameters must be populated in order to send to Azure. - - :ivar title: The title of the task. Required. - :vartype title: str - :ivar description: The description of the task. - :vartype description: str - """ - - _validation = { - "title": {"required": True}, - } - - _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, title: str, description: Optional[str] = None, **kwargs): - """ - :keyword title: The title of the task. Required. - :paramtype title: str - :keyword description: The description of the task. - :paramtype description: str - """ - super().__init__(**kwargs) - self.title = title - self.description = description - - -class AlertDetailsOverride(_serialization.Model): - """Settings for how to dynamically override alert static details. - - :ivar alert_display_name_format: the format containing columns name(s) to override the alert - name. - :vartype alert_display_name_format: str - :ivar alert_description_format: the format containing columns name(s) to override the alert - description. - :vartype alert_description_format: str - :ivar alert_tactics_column_name: the column name to take the alert tactics from. - :vartype alert_tactics_column_name: str - :ivar alert_severity_column_name: the column name to take the alert severity from. - :vartype alert_severity_column_name: str - :ivar alert_dynamic_properties: List of additional dynamic properties to override. - :vartype alert_dynamic_properties: - list[~azure.mgmt.securityinsight.models.AlertPropertyMapping] - """ - - _attribute_map = { - "alert_display_name_format": {"key": "alertDisplayNameFormat", "type": "str"}, - "alert_description_format": {"key": "alertDescriptionFormat", "type": "str"}, - "alert_tactics_column_name": {"key": "alertTacticsColumnName", "type": "str"}, - "alert_severity_column_name": {"key": "alertSeverityColumnName", "type": "str"}, - "alert_dynamic_properties": {"key": "alertDynamicProperties", "type": "[AlertPropertyMapping]"}, - } - - def __init__( - self, - *, - alert_display_name_format: Optional[str] = None, - alert_description_format: Optional[str] = None, - alert_tactics_column_name: Optional[str] = None, - alert_severity_column_name: Optional[str] = None, - alert_dynamic_properties: Optional[List["_models.AlertPropertyMapping"]] = None, - **kwargs - ): - """ - :keyword alert_display_name_format: the format containing columns name(s) to override the alert - name. - :paramtype alert_display_name_format: str - :keyword alert_description_format: the format containing columns name(s) to override the alert - description. - :paramtype alert_description_format: str - :keyword alert_tactics_column_name: the column name to take the alert tactics from. - :paramtype alert_tactics_column_name: str - :keyword alert_severity_column_name: the column name to take the alert severity from. - :paramtype alert_severity_column_name: str - :keyword alert_dynamic_properties: List of additional dynamic properties to override. - :paramtype alert_dynamic_properties: - list[~azure.mgmt.securityinsight.models.AlertPropertyMapping] - """ - super().__init__(**kwargs) - self.alert_display_name_format = alert_display_name_format - self.alert_description_format = alert_description_format - self.alert_tactics_column_name = alert_tactics_column_name - self.alert_severity_column_name = alert_severity_column_name - self.alert_dynamic_properties = alert_dynamic_properties - - -class AlertPropertyMapping(_serialization.Model): - """A single alert property mapping to override. - - :ivar alert_property: The V3 alert property. Known values are: "AlertLink", "ConfidenceLevel", - "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", "ProductComponentName", - "RemediationSteps", and "Techniques". - :vartype alert_property: str or ~azure.mgmt.securityinsight.models.AlertProperty - :ivar value: the column name to use to override this property. - :vartype value: str - """ - - _attribute_map = { - "alert_property": {"key": "alertProperty", "type": "str"}, - "value": {"key": "value", "type": "str"}, - } - - def __init__( - self, - *, - alert_property: Optional[Union[str, "_models.AlertProperty"]] = None, - value: Optional[str] = None, - **kwargs - ): - """ - :keyword alert_property: The V3 alert property. Known values are: "AlertLink", - "ConfidenceLevel", "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", - "ProductComponentName", "RemediationSteps", and "Techniques". - :paramtype alert_property: str or ~azure.mgmt.securityinsight.models.AlertProperty - :keyword value: the column name to use to override this property. - :paramtype value: str - """ - super().__init__(**kwargs) - self.alert_property = alert_property - self.value = value - - -class AlertRule(ResourceWithEtag): - """Alert rule. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - FusionAlertRule, MLBehaviorAnalyticsAlertRule, MicrosoftSecurityIncidentCreationAlertRule, - NrtAlertRule, ScheduledAlertRule, ThreatIntelligenceAlertRule - - Variables are only populated by the server, and will be ignored when sending a request. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. @@ -2125,10 +1604,22 @@ class AlertRule(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar display_name: The display name of the automation rule. Required. + :vartype display_name: str + :ivar order: The order of execution of the automation rule. Required. + :vartype order: int + :ivar triggering_logic: Describes automation rule triggering logic. Required. + :vartype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic + :ivar actions: The actions to execute when the automation rule is triggered. Required. + :vartype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] + :ivar last_modified_time_utc: The last time the automation rule was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_time_utc: The time the automation rule was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_by: Information on the client (user or application) that made some action. + :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar created_by: Information on the client (user or application) that made some action. + :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo """ _validation = { @@ -2136,7 +1627,14 @@ class AlertRule(ResourceWithEtag): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, + "display_name": {"required": True, "max_length": 500}, + "order": {"required": True, "maximum": 1000, "minimum": 1}, + "triggering_logic": {"required": True}, + "actions": {"required": True, "max_items": 20, "min_items": 0}, + "last_modified_time_utc": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_by": {"readonly": True}, + "created_by": {"readonly": True}, } _attribute_map = { @@ -2145,490 +1643,472 @@ class AlertRule(ResourceWithEtag): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - } - - _subtype_map = { - "kind": { - "Fusion": "FusionAlertRule", - "MLBehaviorAnalytics": "MLBehaviorAnalyticsAlertRule", - "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRule", - "NRT": "NrtAlertRule", - "Scheduled": "ScheduledAlertRule", - "ThreatIntelligence": "ThreatIntelligenceAlertRule", - } + "display_name": {"key": "properties.displayName", "type": "str"}, + "order": {"key": "properties.order", "type": "int"}, + "triggering_logic": {"key": "properties.triggeringLogic", "type": "AutomationRuleTriggeringLogic"}, + "actions": {"key": "properties.actions", "type": "[AutomationRuleAction]"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, + "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + display_name: str, + order: int, + triggering_logic: "_models.AutomationRuleTriggeringLogic", + actions: List["_models.AutomationRuleAction"], + etag: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str + :keyword display_name: The display name of the automation rule. Required. + :paramtype display_name: str + :keyword order: The order of execution of the automation rule. Required. + :paramtype order: int + :keyword triggering_logic: Describes automation rule triggering logic. Required. + :paramtype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic + :keyword actions: The actions to execute when the automation rule is triggered. Required. + :paramtype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] """ super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None + self.display_name = display_name + self.order = order + self.triggering_logic = triggering_logic + self.actions = actions + self.last_modified_time_utc = None + self.created_time_utc = None + self.last_modified_by = None + self.created_by = None -class AlertRulesList(_serialization.Model): - """List all the alert rules. +class AutomationRuleAction(_serialization.Model): + """Describes an automation rule action. - Variables are only populated by the server, and will be ignored when sending a request. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AutomationRuleModifyPropertiesAction, AutomationRuleRunPlaybookAction All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of alert rules. - :vartype next_link: str - :ivar value: Array of alert rules. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.AlertRule] + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "order": {"required": True}, + "action_type": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[AlertRule]"}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, + } + + _subtype_map = { + "action_type": { + "ModifyProperties": "AutomationRuleModifyPropertiesAction", + "RunPlaybook": "AutomationRuleRunPlaybookAction", + } } - def __init__(self, *, value: List["_models.AlertRule"], **kwargs): + def __init__(self, *, order: int, **kwargs: Any) -> None: """ - :keyword value: Array of alert rules. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] + :keyword order: Required. + :paramtype order: int """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.order = order + self.action_type: Optional[str] = None -class AlertRuleTemplate(Resource): - """Alert rule template. +class AutomationRuleCondition(_serialization.Model): + """Describes an automation rule condition. You probably want to use the sub-classes and not this class directly. Known sub-classes are: - FusionAlertRuleTemplate, MLBehaviorAnalyticsAlertRuleTemplate, - MicrosoftSecurityIncidentCreationAlertRuleTemplate, NrtAlertRuleTemplate, - ScheduledAlertRuleTemplate, ThreatIntelligenceAlertRuleTemplate - - Variables are only populated by the server, and will be ignored when sending a request. + PropertyConditionProperties, PropertyArrayChangedConditionProperties, + PropertyChangedConditionProperties All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar condition_type: Required. Known values are: "Property", "PropertyChanged", and + "PropertyArrayChanged". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, + "condition_type": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, + "condition_type": {"key": "conditionType", "type": "str"}, } _subtype_map = { - "kind": { - "Fusion": "FusionAlertRuleTemplate", - "MLBehaviorAnalytics": "MLBehaviorAnalyticsAlertRuleTemplate", - "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRuleTemplate", - "NRT": "NrtAlertRuleTemplate", - "Scheduled": "ScheduledAlertRuleTemplate", - "ThreatIntelligence": "ThreatIntelligenceAlertRuleTemplate", + "condition_type": { + "Property": "PropertyConditionProperties", + "PropertyArrayChanged": "PropertyArrayChangedConditionProperties", + "PropertyChanged": "PropertyChangedConditionProperties", } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.kind: Optional[str] = None + self.condition_type: Optional[str] = None -class AlertRuleTemplateDataSource(_serialization.Model): - """alert rule template data sources. +class AutomationRuleModifyPropertiesAction(AutomationRuleAction): + """Describes an automation rule action to modify an object's properties. - :ivar connector_id: The connector id that provides the following data types. - :vartype connector_id: str - :ivar data_types: The data types used by the alert rule template. - :vartype data_types: list[str] + All required parameters must be populated in order to send to Azure. + + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar action_configuration: + :vartype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction """ + _validation = { + "order": {"required": True}, + "action_type": {"required": True}, + } + _attribute_map = { - "connector_id": {"key": "connectorId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "[str]"}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, + "action_configuration": {"key": "actionConfiguration", "type": "IncidentPropertiesAction"}, } - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + def __init__( + self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs: Any + ) -> None: """ - :keyword connector_id: The connector id that provides the following data types. - :paramtype connector_id: str - :keyword data_types: The data types used by the alert rule template. - :paramtype data_types: list[str] + :keyword order: Required. + :paramtype order: int + :keyword action_configuration: + :paramtype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction """ - super().__init__(**kwargs) - self.connector_id = connector_id - self.data_types = data_types - + super().__init__(order=order, **kwargs) + self.action_type: str = "ModifyProperties" + self.action_configuration = action_configuration -class AlertRuleTemplatePropertiesBase(_serialization.Model): - """Base alert rule template property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class AutomationRulePropertyArrayChangedValuesCondition(_serialization.Model): + """AutomationRulePropertyArrayChangedValuesCondition. - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". + :vartype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType + :ivar change_type: "Added" + :vartype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType """ - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, + "array_type": {"key": "arrayType", "type": "str"}, + "change_type": {"key": "changeType", "type": "str"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - **kwargs - ): + array_type: Optional[ + Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedArrayType"] + ] = None, + change_type: Optional[ + Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedChangeType"] + ] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". + :paramtype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType + :keyword change_type: "Added" + :paramtype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType """ super().__init__(**kwargs) - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - - -class AlertRuleTemplatesList(_serialization.Model): - """List all the alert rule templates. + self.array_type = array_type + self.change_type = change_type - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class AutomationRulePropertyValuesChangedCondition(_serialization.Model): + """AutomationRulePropertyValuesChangedCondition. - :ivar next_link: URL to fetch the next set of alert rule templates. - :vartype next_link: str - :ivar value: Array of alert rule templates. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :ivar property_name: Known values are: "IncidentSeverity", "IncidentStatus", and + "IncidentOwner". + :vartype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType + :ivar change_type: Known values are: "ChangedFrom" and "ChangedTo". + :vartype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType + :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :vartype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :ivar property_values: + :vartype property_values: list[str] """ - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[AlertRuleTemplate]"}, + "property_name": {"key": "propertyName", "type": "str"}, + "change_type": {"key": "changeType", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "property_values": {"key": "propertyValues", "type": "[str]"}, } - def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs): + def __init__( + self, + *, + property_name: Optional[ + Union[str, "_models.AutomationRulePropertyChangedConditionSupportedPropertyType"] + ] = None, + change_type: Optional[Union[str, "_models.AutomationRulePropertyChangedConditionSupportedChangedType"]] = None, + operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, + property_values: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of alert rule templates. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :keyword property_name: Known values are: "IncidentSeverity", "IncidentStatus", and + "IncidentOwner". + :paramtype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType + :keyword change_type: Known values are: "ChangedFrom" and "ChangedTo". + :paramtype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType + :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :paramtype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :keyword property_values: + :paramtype property_values: list[str] """ super().__init__(**kwargs) - self.next_link = None - self.value = value - + self.property_name = property_name + self.change_type = change_type + self.operator = operator + self.property_values = property_values -class AlertRuleTemplateWithMitreProperties(AlertRuleTemplatePropertiesBase): - """Alert rule template with MITRE property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class AutomationRulePropertyValuesCondition(_serialization.Model): + """AutomationRulePropertyValuesCondition. - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar property_name: The property to evaluate in an automation rule property condition. Known + values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", + "IncidentUpdatedBySource", "AccountAadTenantId", "AccountAadUserId", "AccountName", + "AccountNTDomain", "AccountPUID", "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", + "AlertProductNames", "AlertAnalyticRuleIds", "AzureResourceResourceId", + "AzureResourceSubscriptionId", "CloudApplicationAppId", "CloudApplicationAppName", + "DNSDomainName", "FileDirectory", "FileName", "FileHashValue", "HostAzureID", "HostName", + "HostNetBiosName", "HostNTDomain", "HostOSVersion", "IoTDeviceId", "IoTDeviceName", + "IoTDeviceType", "IoTDeviceVendor", "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", + "MailboxDisplayName", "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", + "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", + "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and + "Url". + :vartype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty + :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :vartype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :ivar property_values: + :vartype property_values: list[str] """ - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, + _attribute_map = { + "property_name": {"key": "propertyName", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "property_values": {"key": "propertyValues", "type": "[str]"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): + property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, + operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, + property_values: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] + :keyword property_name: The property to evaluate in an automation rule property condition. + Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", + "IncidentUpdatedBySource", "AccountAadTenantId", "AccountAadUserId", "AccountName", + "AccountNTDomain", "AccountPUID", "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", + "AlertProductNames", "AlertAnalyticRuleIds", "AzureResourceResourceId", + "AzureResourceSubscriptionId", "CloudApplicationAppId", "CloudApplicationAppName", + "DNSDomainName", "FileDirectory", "FileName", "FileHashValue", "HostAzureID", "HostName", + "HostNetBiosName", "HostNTDomain", "HostOSVersion", "IoTDeviceId", "IoTDeviceName", + "IoTDeviceType", "IoTDeviceVendor", "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", + "MailboxDisplayName", "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", + "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", + "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and + "Url". + :paramtype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty + :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :paramtype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :keyword property_values: + :paramtype property_values: list[str] """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - **kwargs - ) - self.tactics = tactics - self.techniques = techniques + super().__init__(**kwargs) + self.property_name = property_name + self.operator = operator + self.property_values = property_values -class AlertsDataTypeOfDataConnector(_serialization.Model): - """Alerts data type for data connectors. +class AutomationRuleRunPlaybookAction(AutomationRuleAction): + """Describes an automation rule action to run a playbook. All required parameters must be populated in order to send to Azure. - :ivar alerts: Alerts data type connection. Required. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar action_configuration: + :vartype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties """ _validation = { - "alerts": {"required": True}, + "order": {"required": True}, + "action_type": {"required": True}, } _attribute_map = { - "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, + "action_configuration": {"key": "actionConfiguration", "type": "PlaybookActionProperties"}, } - def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): + def __init__( + self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs: Any + ) -> None: """ - :keyword alerts: Alerts data type connection. Required. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword order: Required. + :paramtype order: int + :keyword action_configuration: + :paramtype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties """ - super().__init__(**kwargs) - self.alerts = alerts - - -class Settings(ResourceWithEtag): - """The Setting. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - Anomalies, EntityAnalytics, EyesOn, Ueba + super().__init__(order=order, **kwargs) + self.action_type: str = "RunPlaybook" + self.action_configuration = action_configuration - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class AutomationRulesList(_serialization.Model): + """AutomationRulesList. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.AutomationRule] + :ivar next_link: + :vartype next_link: str """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - } - - _subtype_map = { - "kind": {"Anomalies": "Anomalies", "EntityAnalytics": "EntityAnalytics", "EyesOn": "EyesOn", "Ueba": "Ueba"} + "value": {"key": "value", "type": "[AutomationRule]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] + :keyword next_link: + :paramtype next_link: str """ - super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None - + super().__init__(**kwargs) + self.value = value + self.next_link = next_link -class Anomalies(Settings): - """Settings with single toggle. - Variables are only populated by the server, and will be ignored when sending a request. +class AutomationRuleTriggeringLogic(_serialization.Model): + """Describes automation rule triggering logic. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar is_enabled: Determines whether the setting is enable or disabled. + :ivar is_enabled: Determines whether the automation rule is enabled or disabled. Required. :vartype is_enabled: bool + :ivar expiration_time_utc: Determines when the automation rule should automatically expire and + be disabled. + :vartype expiration_time_utc: ~datetime.datetime + :ivar triggers_on: Required. Known values are: "Incidents" and "Alerts". + :vartype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn + :ivar triggers_when: Required. Known values are: "Created" and "Updated". + :vartype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen + :ivar conditions: The conditions to evaluate to determine if the automation rule should be + triggered on a given object. + :vartype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "is_enabled": {"readonly": True}, + "is_enabled": {"required": True}, + "triggers_on": {"required": True}, + "triggers_when": {"required": True}, + "conditions": {"max_items": 50, "min_items": 0}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, + "is_enabled": {"key": "isEnabled", "type": "bool"}, + "expiration_time_utc": {"key": "expirationTimeUtc", "type": "iso-8601"}, + "triggers_on": {"key": "triggersOn", "type": "str"}, + "triggers_when": {"key": "triggersWhen", "type": "str"}, + "conditions": {"key": "conditions", "type": "[AutomationRuleCondition]"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + is_enabled: bool, + triggers_on: Union[str, "_models.TriggersOn"], + triggers_when: Union[str, "_models.TriggersWhen"], + expiration_time_utc: Optional[datetime.datetime] = None, + conditions: Optional[List["_models.AutomationRuleCondition"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword is_enabled: Determines whether the automation rule is enabled or disabled. Required. + :paramtype is_enabled: bool + :keyword expiration_time_utc: Determines when the automation rule should automatically expire + and be disabled. + :paramtype expiration_time_utc: ~datetime.datetime + :keyword triggers_on: Required. Known values are: "Incidents" and "Alerts". + :paramtype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn + :keyword triggers_when: Required. Known values are: "Created" and "Updated". + :paramtype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen + :keyword conditions: The conditions to evaluate to determine if the automation rule should be + triggered on a given object. + :paramtype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Anomalies" - self.is_enabled = None - + super().__init__(**kwargs) + self.is_enabled = is_enabled + self.expiration_time_utc = expiration_time_utc + self.triggers_on = triggers_on + self.triggers_when = triggers_when + self.conditions = conditions -class SecurityMLAnalyticsSetting(ResourceWithEtag): - """Security ML Analytics Setting. - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - AnomalySecurityMLAnalyticsSettings +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -2647,8 +2127,16 @@ class SecurityMLAnalyticsSetting(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" - :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :vartype aws_role_arn: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { @@ -2666,334 +2154,100 @@ class SecurityMLAnalyticsSetting(ResourceWithEtag): "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, + "aws_role_arn": {"key": "properties.awsRoleArn", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AwsCloudTrailDataConnectorDataTypes"}, } - _subtype_map = {"kind": {"Anomaly": "AnomalySecurityMLAnalyticsSettings"}} - - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + aws_role_arn: Optional[str] = None, + data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str + :keyword aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :paramtype aws_role_arn: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None - + self.kind: str = "AmazonWebServicesCloudTrail" + self.aws_role_arn = aws_role_arn + self.data_types = data_types -class AnomalySecurityMLAnalyticsSettings(SecurityMLAnalyticsSetting): # pylint: disable=too-many-instance-attributes - """Represents Anomaly Security ML Analytics Settings. - Variables are only populated by the server, and will be ignored when sending a request. +class AwsCloudTrailDataConnectorDataTypes(_serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" - :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind - :ivar description: The description of the SecurityMLAnalyticsSettings. - :vartype description: str - :ivar display_name: The display name for settings created by this SecurityMLAnalyticsSettings. - :vartype display_name: str - :ivar enabled: Determines whether this settings is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this SecurityMLAnalyticsSettings has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar required_data_connectors: The required data sources for this SecurityMLAnalyticsSettings. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] - :ivar tactics: The tactics of the SecurityMLAnalyticsSettings. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the SecurityMLAnalyticsSettings. - :vartype techniques: list[str] - :ivar anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. - :vartype anomaly_version: str - :ivar customizable_observations: The customizable observations of the - AnomalySecurityMLAnalyticsSettings. - :vartype customizable_observations: JSON - :ivar frequency: The frequency that this SecurityMLAnalyticsSettings will be run. - :vartype frequency: ~datetime.timedelta - :ivar settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: - "Production" and "Flighting". - :vartype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus - :ivar is_default_settings: Determines whether this anomaly security ml analytics settings is a - default settings. - :vartype is_default_settings: bool - :ivar anomaly_settings_version: The anomaly settings version of the Anomaly security ml - analytics settings that dictates whether job version gets updated or not. - :vartype anomaly_settings_version: int - :ivar settings_definition_id: The anomaly settings definition Id. - :vartype settings_definition_id: str + :ivar logs: Logs data type. + :vartype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[SecurityMLAnalyticsSettingsDataSource]", - }, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "anomaly_version": {"key": "properties.anomalyVersion", "type": "str"}, - "customizable_observations": {"key": "properties.customizableObservations", "type": "object"}, - "frequency": {"key": "properties.frequency", "type": "duration"}, - "settings_status": {"key": "properties.settingsStatus", "type": "str"}, - "is_default_settings": {"key": "properties.isDefaultSettings", "type": "bool"}, - "anomaly_settings_version": {"key": "properties.anomalySettingsVersion", "type": "int"}, - "settings_definition_id": {"key": "properties.settingsDefinitionId", "type": "str"}, + "logs": {"key": "logs", "type": "AwsCloudTrailDataConnectorDataTypesLogs"}, } def __init__( - self, - *, - etag: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - required_data_connectors: Optional[List["_models.SecurityMLAnalyticsSettingsDataSource"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - anomaly_version: Optional[str] = None, - customizable_observations: Optional[JSON] = None, - frequency: Optional[datetime.timedelta] = None, - settings_status: Optional[Union[str, "_models.SettingsStatus"]] = None, - is_default_settings: Optional[bool] = None, - anomaly_settings_version: Optional[int] = None, - settings_definition_id: Optional[str] = None, - **kwargs - ): + self, *, logs: Optional["_models.AwsCloudTrailDataConnectorDataTypesLogs"] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword description: The description of the SecurityMLAnalyticsSettings. - :paramtype description: str - :keyword display_name: The display name for settings created by this - SecurityMLAnalyticsSettings. - :paramtype display_name: str - :keyword enabled: Determines whether this settings is enabled or disabled. - :paramtype enabled: bool - :keyword required_data_connectors: The required data sources for this - SecurityMLAnalyticsSettings. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] - :keyword tactics: The tactics of the SecurityMLAnalyticsSettings. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the SecurityMLAnalyticsSettings. - :paramtype techniques: list[str] - :keyword anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. - :paramtype anomaly_version: str - :keyword customizable_observations: The customizable observations of the - AnomalySecurityMLAnalyticsSettings. - :paramtype customizable_observations: JSON - :keyword frequency: The frequency that this SecurityMLAnalyticsSettings will be run. - :paramtype frequency: ~datetime.timedelta - :keyword settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: - "Production" and "Flighting". - :paramtype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus - :keyword is_default_settings: Determines whether this anomaly security ml analytics settings is - a default settings. - :paramtype is_default_settings: bool - :keyword anomaly_settings_version: The anomaly settings version of the Anomaly security ml - analytics settings that dictates whether job version gets updated or not. - :paramtype anomaly_settings_version: int - :keyword settings_definition_id: The anomaly settings definition Id. - :paramtype settings_definition_id: str + :keyword logs: Logs data type. + :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Anomaly" - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.required_data_connectors = required_data_connectors - self.tactics = tactics - self.techniques = techniques - self.anomaly_version = anomaly_version - self.customizable_observations = customizable_observations - self.frequency = frequency - self.settings_status = settings_status - self.is_default_settings = is_default_settings - self.anomaly_settings_version = anomaly_settings_version - self.settings_definition_id = settings_definition_id - + super().__init__(**kwargs) + self.logs = logs -class AnomalyTimelineItem(EntityTimelineItem): # pylint: disable=too-many-instance-attributes - """Represents anomaly timeline item. - All required parameters must be populated in order to send to Azure. +class DataConnectorDataTypeCommon(_serialization.Model): + """Common field for data type in data connectors. - :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar azure_resource_id: The anomaly azure resource id. Required. - :vartype azure_resource_id: str - :ivar product_name: The anomaly product name. - :vartype product_name: str - :ivar description: The anomaly description. - :vartype description: str - :ivar display_name: The anomaly name. Required. - :vartype display_name: str - :ivar end_time_utc: The anomaly end time. Required. - :vartype end_time_utc: ~datetime.datetime - :ivar start_time_utc: The anomaly start time. Required. - :vartype start_time_utc: ~datetime.datetime - :ivar time_generated: The anomaly generated time. Required. - :vartype time_generated: ~datetime.datetime - :ivar vendor: The name of the anomaly vendor. - :vartype vendor: str - :ivar intent: The intent of the anomaly. - :vartype intent: str - :ivar techniques: The techniques of the anomaly. - :vartype techniques: list[str] - :ivar reasons: The reasons that cause the anomaly. - :vartype reasons: list[str] + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - _validation = { - "kind": {"required": True}, - "azure_resource_id": {"required": True}, - "display_name": {"required": True}, - "end_time_utc": {"required": True}, - "start_time_utc": {"required": True}, - "time_generated": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "azure_resource_id": {"key": "azureResourceId", "type": "str"}, - "product_name": {"key": "productName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, - "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, - "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, - "vendor": {"key": "vendor", "type": "str"}, - "intent": {"key": "intent", "type": "str"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "reasons": {"key": "reasons", "type": "[str]"}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - azure_resource_id: str, - display_name: str, - end_time_utc: datetime.datetime, - start_time_utc: datetime.datetime, - time_generated: datetime.datetime, - product_name: Optional[str] = None, - description: Optional[str] = None, - vendor: Optional[str] = None, - intent: Optional[str] = None, - techniques: Optional[List[str]] = None, - reasons: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: """ - :keyword azure_resource_id: The anomaly azure resource id. Required. - :paramtype azure_resource_id: str - :keyword product_name: The anomaly product name. - :paramtype product_name: str - :keyword description: The anomaly description. - :paramtype description: str - :keyword display_name: The anomaly name. Required. - :paramtype display_name: str - :keyword end_time_utc: The anomaly end time. Required. - :paramtype end_time_utc: ~datetime.datetime - :keyword start_time_utc: The anomaly start time. Required. - :paramtype start_time_utc: ~datetime.datetime - :keyword time_generated: The anomaly generated time. Required. - :paramtype time_generated: ~datetime.datetime - :keyword vendor: The name of the anomaly vendor. - :paramtype vendor: str - :keyword intent: The intent of the anomaly. - :paramtype intent: str - :keyword techniques: The techniques of the anomaly. - :paramtype techniques: list[str] - :keyword reasons: The reasons that cause the anomaly. - :paramtype reasons: list[str] + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ super().__init__(**kwargs) - self.kind: str = "Anomaly" - self.azure_resource_id = azure_resource_id - self.product_name = product_name - self.description = description - self.display_name = display_name - self.end_time_utc = end_time_utc - self.start_time_utc = start_time_utc - self.time_generated = time_generated - self.vendor = vendor - self.intent = intent - self.techniques = techniques - self.reasons = reasons - + self.state = state -class ASCCheckRequirements(DataConnectorsCheckRequirements): - """Represents ASC (Azure Security Center) requirements check request. - All required parameters must be populated in order to send to Azure. +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + "state": {"key": "state", "type": "str"}, } - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: """ - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(**kwargs) - self.kind: str = "AzureSecurityCenter" - self.subscription_id = subscription_id + super().__init__(state=state, **kwargs) -class ASCDataConnector(DataConnector): - """Represents ASC (Azure Security Center) data connector. +class AzureResourceEntity(Entity): + """Represents an azure resource entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -3010,19 +2264,20 @@ class ASCDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar resource_id: The azure resource id of the resource. + :vartype resource_id: str + :ivar subscription_id: The subscription id of the resource. :vartype subscription_id: str """ @@ -3032,6 +2287,10 @@ class ASCDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "resource_id": {"readonly": True}, + "subscription_id": {"readonly": True}, } _attribute_map = { @@ -3039,72 +2298,66 @@ class ASCDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "resource_id": {"key": "properties.resourceId", "type": "str"}, "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "AzureSecurityCenter" - self.data_types = data_types - self.subscription_id = subscription_id + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "AzureResource" + self.additional_data = None + self.friendly_name = None + self.resource_id = None + self.subscription_id = None -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): - """ASC (Azure Security Center) data connector properties. +class AzureResourceEntityProperties(EntityCommonProperties): + """AzureResource entity property bag. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar resource_id: The azure resource id of the resource. + :vartype resource_id: str + :ivar subscription_id: The subscription id of the resource. :vartype subscription_id: str """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "resource_id": {"readonly": True}, + "subscription_id": {"readonly": True}, + } + _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, "subscription_id": {"key": "subscriptionId", "type": "str"}, } - def __init__( - self, - *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(data_types=data_types, **kwargs) - self.subscription_id = subscription_id + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.resource_id = None + self.subscription_id = None -class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """AutomationRule. +class Bookmark(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a bookmark in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -3118,22 +2371,32 @@ class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-att :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar display_name: The display name of the automation rule. Required. + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. :vartype display_name: str - :ivar order: The order of execution of the automation rule. Required. - :vartype order: int - :ivar triggering_logic: Describes automation rule triggering logic. Required. - :vartype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic - :ivar actions: The actions to execute when the automation rule is triggered. Required. - :vartype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] - :ivar last_modified_time_utc: The last time the automation rule was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_time_utc: The time the automation rule was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_by: Information on the client (user or application) that made some action. - :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo - :ivar created_by: Information on the client (user or application) that made some action. - :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar event_time: The bookmark event time. + :vartype event_time: ~datetime.datetime + :ivar query_start_time: The start time for the query. + :vartype query_start_time: ~datetime.datetime + :ivar query_end_time: The end time for the query. + :vartype query_end_time: ~datetime.datetime + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ _validation = { @@ -3141,14 +2404,6 @@ class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-att "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "display_name": {"required": True, "max_length": 500}, - "order": {"required": True, "maximum": 1000, "minimum": 1}, - "triggering_logic": {"required": True}, - "actions": {"required": True, "max_items": 20, "min_items": 0}, - "last_modified_time_utc": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "last_modified_by": {"readonly": True}, - "created_by": {"readonly": True}, } _attribute_map = { @@ -3157,661 +2412,586 @@ class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-att "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "order": {"key": "properties.order", "type": "int"}, - "triggering_logic": {"key": "properties.triggeringLogic", "type": "AutomationRuleTriggeringLogic"}, - "actions": {"key": "properties.actions", "type": "[AutomationRuleAction]"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, - "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "query_start_time": {"key": "properties.queryStartTime", "type": "iso-8601"}, + "query_end_time": {"key": "properties.queryEndTime", "type": "iso-8601"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, } def __init__( self, *, - display_name: str, - order: int, - triggering_logic: "_models.AutomationRuleTriggeringLogic", - actions: List["_models.AutomationRuleAction"], etag: Optional[str] = None, - **kwargs - ): + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + display_name: Optional[str] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + query_start_time: Optional[datetime.datetime] = None, + query_end_time: Optional[datetime.datetime] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword display_name: The display name of the automation rule. Required. + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. :paramtype display_name: str - :keyword order: The order of execution of the automation rule. Required. - :paramtype order: int - :keyword triggering_logic: Describes automation rule triggering logic. Required. - :paramtype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic - :keyword actions: The actions to execute when the automation rule is triggered. Required. - :paramtype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword event_time: The bookmark event time. + :paramtype event_time: ~datetime.datetime + :keyword query_start_time: The start time for the query. + :paramtype query_start_time: ~datetime.datetime + :keyword query_end_time: The end time for the query. + :paramtype query_end_time: ~datetime.datetime + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ super().__init__(etag=etag, **kwargs) + self.created = created + self.created_by = created_by self.display_name = display_name - self.order = order - self.triggering_logic = triggering_logic - self.actions = actions - self.last_modified_time_utc = None - self.created_time_utc = None - self.last_modified_by = None - self.created_by = None + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.event_time = event_time + self.query_start_time = query_start_time + self.query_end_time = query_end_time + self.incident_info = incident_info -class AutomationRuleAction(_serialization.Model): - """Describes an automation rule action. +class BookmarkList(_serialization.Model): + """List all the bookmarks. - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - AutomationRuleAddIncidentTaskAction, AutomationRuleModifyPropertiesAction, - AutomationRuleRunPlaybookAction + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar order: Required. - :vartype order: int - :ivar action_type: The type of the automation rule action. Required. Known values are: - "ModifyProperties", "RunPlaybook", and "AddIncidentTask". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar next_link: URL to fetch the next set of cases. + :vartype next_link: str + :ivar value: Array of bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Bookmark] """ _validation = { - "order": {"required": True}, - "action_type": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "order": {"key": "order", "type": "int"}, - "action_type": {"key": "actionType", "type": "str"}, - } - - _subtype_map = { - "action_type": { - "AddIncidentTask": "AutomationRuleAddIncidentTaskAction", - "ModifyProperties": "AutomationRuleModifyPropertiesAction", - "RunPlaybook": "AutomationRuleRunPlaybookAction", - } + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Bookmark]"}, } - def __init__(self, *, order: int, **kwargs): + def __init__(self, *, value: List["_models.Bookmark"], **kwargs: Any) -> None: """ - :keyword order: Required. - :paramtype order: int + :keyword value: Array of bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] """ super().__init__(**kwargs) - self.order = order - self.action_type: Optional[str] = None + self.next_link = None + self.value = value -class AutomationRuleAddIncidentTaskAction(AutomationRuleAction): - """Describes an automation rule action to add a task to an incident. +class ClientInfo(_serialization.Model): + """Information on the client (user or application) that made some action. - All required parameters must be populated in order to send to Azure. - - :ivar order: Required. - :vartype order: int - :ivar action_type: The type of the automation rule action. Required. Known values are: - "ModifyProperties", "RunPlaybook", and "AddIncidentTask". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType - :ivar action_configuration: - :vartype action_configuration: - ~azure.mgmt.securityinsight.models.AddIncidentTaskActionProperties - """ - - _validation = { - "order": {"required": True}, - "action_type": {"required": True}, - } + :ivar email: The email of the client. + :vartype email: str + :ivar name: The name of the client. + :vartype name: str + :ivar object_id: The object id of the client. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the client. + :vartype user_principal_name: str + """ _attribute_map = { - "order": {"key": "order", "type": "int"}, - "action_type": {"key": "actionType", "type": "str"}, - "action_configuration": {"key": "actionConfiguration", "type": "AddIncidentTaskActionProperties"}, + "email": {"key": "email", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, } def __init__( - self, *, order: int, action_configuration: Optional["_models.AddIncidentTaskActionProperties"] = None, **kwargs - ): + self, + *, + email: Optional[str] = None, + name: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword order: Required. - :paramtype order: int - :keyword action_configuration: - :paramtype action_configuration: - ~azure.mgmt.securityinsight.models.AddIncidentTaskActionProperties + :keyword email: The email of the client. + :paramtype email: str + :keyword name: The name of the client. + :paramtype name: str + :keyword object_id: The object id of the client. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the client. + :paramtype user_principal_name: str """ - super().__init__(order=order, **kwargs) - self.action_type: str = "AddIncidentTask" - self.action_configuration = action_configuration + super().__init__(**kwargs) + self.email = email + self.name = name + self.object_id = object_id + self.user_principal_name = user_principal_name -class AutomationRuleBooleanCondition(_serialization.Model): - """AutomationRuleBooleanCondition. +class CloudApplicationEntity(Entity): + """Represents a cloud application entity. - :ivar operator: Known values are: "And" and "Or". - :vartype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator - :ivar inner_conditions: - :vartype inner_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud application. It is often used + to distinguish between several applications of the same type that a customer has. + :vartype instance_name: str """ _validation = { - "inner_conditions": {"max_items": 10, "min_items": 2}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "app_id": {"readonly": True}, + "app_name": {"readonly": True}, + "instance_name": {"readonly": True}, } _attribute_map = { - "operator": {"key": "operator", "type": "str"}, - "inner_conditions": {"key": "innerConditions", "type": "[AutomationRuleCondition]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "app_id": {"key": "properties.appId", "type": "int"}, + "app_name": {"key": "properties.appName", "type": "str"}, + "instance_name": {"key": "properties.instanceName", "type": "str"}, } - def __init__( - self, - *, - operator: Optional[Union[str, "_models.AutomationRuleBooleanConditionSupportedOperator"]] = None, - inner_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): - """ - :keyword operator: Known values are: "And" and "Or". - :paramtype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator - :keyword inner_conditions: - :paramtype inner_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.operator = operator - self.inner_conditions = inner_conditions - + self.kind: str = "CloudApplication" + self.additional_data = None + self.friendly_name = None + self.app_id = None + self.app_name = None + self.instance_name = None -class AutomationRuleCondition(_serialization.Model): - """Describes an automation rule condition. - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - BooleanConditionProperties, PropertyConditionProperties, PropertyArrayConditionProperties, - PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties +class CloudApplicationEntityProperties(EntityCommonProperties): + """CloudApplication entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud application. It is often used + to distinguish between several applications of the same type that a customer has. + :vartype instance_name: str """ _validation = { - "condition_type": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "app_id": {"readonly": True}, + "app_name": {"readonly": True}, + "instance_name": {"readonly": True}, } _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - } - - _subtype_map = { - "condition_type": { - "Boolean": "BooleanConditionProperties", - "Property": "PropertyConditionProperties", - "PropertyArray": "PropertyArrayConditionProperties", - "PropertyArrayChanged": "PropertyArrayChangedConditionProperties", - "PropertyChanged": "PropertyChangedConditionProperties", - } + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "app_id": {"key": "appId", "type": "int"}, + "app_name": {"key": "appName", "type": "str"}, + "instance_name": {"key": "instanceName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.condition_type: Optional[str] = None + self.app_id = None + self.app_name = None + self.instance_name = None -class AutomationRuleModifyPropertiesAction(AutomationRuleAction): - """Describes an automation rule action to modify an object's properties. +class CloudErrorBody(_serialization.Model): + """Error details. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar order: Required. - :vartype order: int - :ivar action_type: The type of the automation rule action. Required. Known values are: - "ModifyProperties", "RunPlaybook", and "AddIncidentTask". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType - :ivar action_configuration: - :vartype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction + :ivar code: An identifier for the error. Codes are invariant and are intended to be consumed + programmatically. + :vartype code: str + :ivar message: A message describing the error, intended to be suitable for display in a user + interface. + :vartype message: str """ _validation = { - "order": {"required": True}, - "action_type": {"required": True}, + "code": {"readonly": True}, + "message": {"readonly": True}, } _attribute_map = { - "order": {"key": "order", "type": "int"}, - "action_type": {"key": "actionType", "type": "str"}, - "action_configuration": {"key": "actionConfiguration", "type": "IncidentPropertiesAction"}, + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, } - def __init__( - self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs - ): - """ - :keyword order: Required. - :paramtype order: int - :keyword action_configuration: - :paramtype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction - """ - super().__init__(order=order, **kwargs) - self.action_type: str = "ModifyProperties" - self.action_configuration = action_configuration + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None -class AutomationRulePropertyArrayChangedValuesCondition(_serialization.Model): - """AutomationRulePropertyArrayChangedValuesCondition. +class DataConnectorList(_serialization.Model): + """List all the data connectors. - :ivar array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". - :vartype array_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType - :ivar change_type: "Added" - :vartype change_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :ivar value: Array of data connectors. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "array_type": {"key": "arrayType", "type": "str"}, - "change_type": {"key": "changeType", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[DataConnector]"}, } - def __init__( - self, - *, - array_type: Optional[ - Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedArrayType"] - ] = None, - change_type: Optional[ - Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedChangeType"] - ] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.DataConnector"], **kwargs: Any) -> None: """ - :keyword array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". - :paramtype array_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType - :keyword change_type: "Added" - :paramtype change_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType + :keyword value: Array of data connectors. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ super().__init__(**kwargs) - self.array_type = array_type - self.change_type = change_type + self.next_link = None + self.value = value -class AutomationRulePropertyArrayValuesCondition(_serialization.Model): - """AutomationRulePropertyArrayValuesCondition. +class DataConnectorTenantId(_serialization.Model): + """Properties data connector on tenant level. - :ivar array_type: Known values are: "CustomDetails" and "CustomDetailValues". - :vartype array_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayType - :ivar array_condition_type: "AnyItem" - :vartype array_condition_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayConditionType - :ivar item_conditions: - :vartype item_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ - _validation = { - "item_conditions": {"max_items": 10, "min_items": 0}, - } - _attribute_map = { - "array_type": {"key": "arrayType", "type": "str"}, - "array_condition_type": {"key": "arrayConditionType", "type": "str"}, - "item_conditions": {"key": "itemConditions", "type": "[AutomationRuleCondition]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - array_type: Optional[Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayType"]] = None, - array_condition_type: Optional[ - Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayConditionType"] - ] = None, - item_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword array_type: Known values are: "CustomDetails" and "CustomDetailValues". - :paramtype array_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayType - :keyword array_condition_type: "AnyItem" - :paramtype array_condition_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayConditionType - :keyword item_conditions: - :paramtype item_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ super().__init__(**kwargs) - self.array_type = array_type - self.array_condition_type = array_condition_type - self.item_conditions = item_conditions - - -class AutomationRulePropertyValuesChangedCondition(_serialization.Model): - """AutomationRulePropertyValuesChangedCondition. - - :ivar property_name: Known values are: "IncidentSeverity", "IncidentStatus", and - "IncidentOwner". - :vartype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType - :ivar change_type: Known values are: "ChangedFrom" and "ChangedTo". - :vartype change_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType - :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". - :vartype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :ivar property_values: - :vartype property_values: list[str] - """ + self.tenant_id = tenant_id - _attribute_map = { - "property_name": {"key": "propertyName", "type": "str"}, - "change_type": {"key": "changeType", "type": "str"}, - "operator": {"key": "operator", "type": "str"}, - "property_values": {"key": "propertyValues", "type": "[str]"}, - } - def __init__( - self, - *, - property_name: Optional[ - Union[str, "_models.AutomationRulePropertyChangedConditionSupportedPropertyType"] - ] = None, - change_type: Optional[Union[str, "_models.AutomationRulePropertyChangedConditionSupportedChangedType"]] = None, - operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, - property_values: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword property_name: Known values are: "IncidentSeverity", "IncidentStatus", and - "IncidentOwner". - :paramtype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType - :keyword change_type: Known values are: "ChangedFrom" and "ChangedTo". - :paramtype change_type: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType - :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". - :paramtype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :keyword property_values: - :paramtype property_values: list[str] - """ - super().__init__(**kwargs) - self.property_name = property_name - self.change_type = change_type - self.operator = operator - self.property_values = property_values +class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a dns entity. + Variables are only populated by the server, and will be ignored when sending a request. -class AutomationRulePropertyValuesCondition(_serialization.Model): - """AutomationRulePropertyValuesCondition. + All required parameters must be populated in order to send to Azure. - :ivar property_name: The property to evaluate in an automation rule property condition. Known - values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", - "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", - "IncidentUpdatedBySource", "IncidentCustomDetailsKey", "IncidentCustomDetailsValue", - "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", - "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", - "AlertAnalyticRuleIds", "AzureResourceResourceId", "AzureResourceSubscriptionId", - "CloudApplicationAppId", "CloudApplicationAppName", "DNSDomainName", "FileDirectory", - "FileName", "FileHashValue", "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", - "HostOSVersion", "IoTDeviceId", "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", - "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", - "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", - "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", - "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", - "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and - "Url". - :vartype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty - :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". - :vartype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :ivar property_values: - :vartype property_values: list[str] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, + } + _attribute_map = { - "property_name": {"key": "propertyName", "type": "str"}, - "operator": {"key": "operator", "type": "str"}, - "property_values": {"key": "propertyValues", "type": "[str]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "properties.domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, } - def __init__( - self, - *, - property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, - operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, - property_values: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword property_name: The property to evaluate in an automation rule property condition. - Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", - "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", - "IncidentUpdatedBySource", "IncidentCustomDetailsKey", "IncidentCustomDetailsValue", - "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", - "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", - "AlertAnalyticRuleIds", "AzureResourceResourceId", "AzureResourceSubscriptionId", - "CloudApplicationAppId", "CloudApplicationAppName", "DNSDomainName", "FileDirectory", - "FileName", "FileHashValue", "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", - "HostOSVersion", "IoTDeviceId", "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", - "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", - "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", - "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", - "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", - "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and - "Url". - :paramtype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty - :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". - :paramtype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :keyword property_values: - :paramtype property_values: list[str] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.property_name = property_name - self.operator = operator - self.property_values = property_values + self.kind: str = "DnsResolution" + self.additional_data = None + self.friendly_name = None + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class AutomationRuleRunPlaybookAction(AutomationRuleAction): - """Describes an automation rule action to run a playbook. +class DnsEntityProperties(EntityCommonProperties): + """Dns entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar order: Required. - :vartype order: int - :ivar action_type: The type of the automation rule action. Required. Known values are: - "ModifyProperties", "RunPlaybook", and "AddIncidentTask". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType - :ivar action_configuration: - :vartype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ _validation = { - "order": {"required": True}, - "action_type": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, } _attribute_map = { - "order": {"key": "order", "type": "int"}, - "action_type": {"key": "actionType", "type": "str"}, - "action_configuration": {"key": "actionConfiguration", "type": "PlaybookActionProperties"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, } - def __init__( - self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs - ): - """ - :keyword order: Required. - :paramtype order: int - :keyword action_configuration: - :paramtype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties - """ - super().__init__(order=order, **kwargs) - self.action_type: str = "RunPlaybook" - self.action_configuration = action_configuration + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class AutomationRulesList(_serialization.Model): - """AutomationRulesList. +class EntityMapping(_serialization.Model): + """Single entity mapping for the alert rule. - :ivar value: - :vartype value: list[~azure.mgmt.securityinsight.models.AutomationRule] - :ivar next_link: - :vartype next_link: str + :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", + "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :ivar field_mappings: array of field mappings for the given entity mapping. + :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] """ _attribute_map = { - "value": {"key": "value", "type": "[AutomationRule]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "entity_type": {"key": "entityType", "type": "str"}, + "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, } def __init__( - self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs - ): - """ - :keyword value: - :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] - :keyword next_link: - :paramtype next_link: str + self, + *, + entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, + field_mappings: Optional[List["_models.FieldMapping"]] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.value = value - self.next_link = next_link - + :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", + "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :keyword field_mappings: array of field mappings for the given entity mapping. + :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + super().__init__(**kwargs) + self.entity_type = entity_type + self.field_mappings = field_mappings -class AutomationRuleTriggeringLogic(_serialization.Model): - """Describes automation rule triggering logic. - All required parameters must be populated in order to send to Azure. +class EventGroupingSettings(_serialization.Model): + """Event grouping settings property bag. - :ivar is_enabled: Determines whether the automation rule is enabled or disabled. Required. - :vartype is_enabled: bool - :ivar expiration_time_utc: Determines when the automation rule should automatically expire and - be disabled. - :vartype expiration_time_utc: ~datetime.datetime - :ivar triggers_on: Required. Known values are: "Incidents" and "Alerts". - :vartype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn - :ivar triggers_when: Required. Known values are: "Created" and "Updated". - :vartype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen - :ivar conditions: The conditions to evaluate to determine if the automation rule should be - triggered on a given object. - :vartype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" + and "AlertPerResult". + :vartype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind """ - _validation = { - "is_enabled": {"required": True}, - "triggers_on": {"required": True}, - "triggers_when": {"required": True}, - "conditions": {"max_items": 50, "min_items": 0}, - } - _attribute_map = { - "is_enabled": {"key": "isEnabled", "type": "bool"}, - "expiration_time_utc": {"key": "expirationTimeUtc", "type": "iso-8601"}, - "triggers_on": {"key": "triggersOn", "type": "str"}, - "triggers_when": {"key": "triggersWhen", "type": "str"}, - "conditions": {"key": "conditions", "type": "[AutomationRuleCondition]"}, + "aggregation_kind": {"key": "aggregationKind", "type": "str"}, } def __init__( - self, - *, - is_enabled: bool, - triggers_on: Union[str, "_models.TriggersOn"], - triggers_when: Union[str, "_models.TriggersWhen"], - expiration_time_utc: Optional[datetime.datetime] = None, - conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs: Any + ) -> None: """ - :keyword is_enabled: Determines whether the automation rule is enabled or disabled. Required. - :paramtype is_enabled: bool - :keyword expiration_time_utc: Determines when the automation rule should automatically expire - and be disabled. - :paramtype expiration_time_utc: ~datetime.datetime - :keyword triggers_on: Required. Known values are: "Incidents" and "Alerts". - :paramtype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn - :keyword triggers_when: Required. Known values are: "Created" and "Updated". - :paramtype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen - :keyword conditions: The conditions to evaluate to determine if the automation rule should be - triggered on a given object. - :paramtype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: + "SingleAlert" and "AlertPerResult". + :paramtype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind """ super().__init__(**kwargs) - self.is_enabled = is_enabled - self.expiration_time_utc = expiration_time_utc - self.triggers_on = triggers_on - self.triggers_when = triggers_when - self.conditions = conditions + self.aggregation_kind = aggregation_kind -class Availability(_serialization.Model): - """Connector Availability Status. +class FieldMapping(_serialization.Model): + """A single field mapping of the mapped entity. - :ivar status: The connector Availability Status. Default value is 1. - :vartype status: int - :ivar is_preview: Set connector as preview. - :vartype is_preview: bool + :ivar identifier: the V3 identifier of the entity. + :vartype identifier: str + :ivar column_name: the column name to be mapped to the identifier. + :vartype column_name: str """ _attribute_map = { - "status": {"key": "status", "type": "int"}, - "is_preview": {"key": "isPreview", "type": "bool"}, + "identifier": {"key": "identifier", "type": "str"}, + "column_name": {"key": "columnName", "type": "str"}, } - def __init__(self, *, status: Optional[Literal[1]] = None, is_preview: Optional[bool] = None, **kwargs): + def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword status: The connector Availability Status. Default value is 1. - :paramtype status: int - :keyword is_preview: Set connector as preview. - :paramtype is_preview: bool + :keyword identifier: the V3 identifier of the entity. + :paramtype identifier: str + :keyword column_name: the column name to be mapped to the identifier. + :paramtype column_name: str """ super().__init__(**kwargs) - self.status = status - self.is_preview = is_preview - - -class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): - """Amazon Web Services CloudTrail requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "AmazonWebServicesCloudTrail" + self.identifier = identifier + self.column_name = column_name -class AwsCloudTrailDataConnector(DataConnector): - """Represents Amazon Web Services CloudTrail data connector. +class FileEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a file entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -3828,21 +3008,25 @@ class AwsCloudTrailDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access - the Aws account. - :vartype aws_role_arn: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { @@ -3851,6 +3035,12 @@ class AwsCloudTrailDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { @@ -3858,147 +3048,186 @@ class AwsCloudTrailDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "aws_role_arn": {"key": "properties.awsRoleArn", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AwsCloudTrailDataConnectorDataTypes"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "directory": {"key": "properties.directory", "type": "str"}, + "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "properties.fileName", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - aws_role_arn: Optional[str] = None, - data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access - the Aws account. - :paramtype aws_role_arn: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "AmazonWebServicesCloudTrail" - self.aws_role_arn = aws_role_arn - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "File" + self.additional_data = None + self.friendly_name = None + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class AwsCloudTrailDataConnectorDataTypes(_serialization.Model): - """The available data types for Amazon Web Services CloudTrail data connector. +class FileEntityProperties(EntityCommonProperties): + """File entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { - "logs": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { - "logs": {"key": "logs", "type": "AwsCloudTrailDataConnectorDataTypesLogs"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "directory": {"key": "directory", "type": "str"}, + "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "fileName", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, } - def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs): - """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.logs = logs + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class DataConnectorDataTypeCommon(_serialization.Model): - """Common field for data type in data connectors. +class FileHashEntity(Entity): + """Represents a file hash entity. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "state": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "algorithm": {"key": "properties.algorithm", "type": "str"}, + "hash_value": {"key": "properties.hashValue", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.state = state - - -class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) + self.kind: str = "FileHash" + self.additional_data = None + self.friendly_name = None + self.algorithm = None + self.hash_value = None -class AwsS3CheckRequirements(DataConnectorsCheckRequirements): - """Amazon Web Services S3 requirements check request. +class FileHashEntityProperties(EntityCommonProperties): + """FileHash entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "algorithm": {"key": "algorithm", "type": "str"}, + "hash_value": {"key": "hashValue", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.kind: str = "AmazonWebServicesS3" + self.algorithm = None + self.hash_value = None -class AwsS3DataConnector(DataConnector): - """Represents Amazon Web Services S3 data connector. +class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -4017,22 +3246,26 @@ class AwsS3DataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar destination_table: The logs destination table name in LogAnalytics. - :vartype destination_table: str - :ivar sqs_urls: The AWS sqs urls for the connector. - :vartype sqs_urls: list[str] - :ivar role_arn: The Aws Role Arn that is used to access the Aws account. - :vartype role_arn: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypes + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ _validation = { @@ -4041,6 +3274,12 @@ class AwsS3DataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, } _attribute_map = { @@ -4050,123 +3289,47 @@ class AwsS3DataConnector(DataConnector): "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "destination_table": {"key": "properties.destinationTable", "type": "str"}, - "sqs_urls": {"key": "properties.sqsUrls", "type": "[str]"}, - "role_arn": {"key": "properties.roleArn", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AwsS3DataConnectorDataTypes"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } def __init__( self, *, etag: Optional[str] = None, - destination_table: Optional[str] = None, - sqs_urls: Optional[List[str]] = None, - role_arn: Optional[str] = None, - data_types: Optional["_models.AwsS3DataConnectorDataTypes"] = None, - **kwargs - ): + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword destination_table: The logs destination table name in LogAnalytics. - :paramtype destination_table: str - :keyword sqs_urls: The AWS sqs urls for the connector. - :paramtype sqs_urls: list[str] - :keyword role_arn: The Aws Role Arn that is used to access the Aws account. - :paramtype role_arn: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypes + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool """ super().__init__(etag=etag, **kwargs) - self.kind: str = "AmazonWebServicesS3" - self.destination_table = destination_table - self.sqs_urls = sqs_urls - self.role_arn = role_arn - self.data_types = data_types - - -class AwsS3DataConnectorDataTypes(_serialization.Model): - """The available data types for Amazon Web Services S3 data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs - """ - - _validation = { - "logs": {"required": True}, - } - - _attribute_map = { - "logs": {"key": "logs", "type": "AwsS3DataConnectorDataTypesLogs"}, - } - - def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs): - """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs - """ - super().__init__(**kwargs) - self.logs = logs - - -class AwsS3DataConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class AzureDevOpsResourceInfo(_serialization.Model): - """Resources created in Azure DevOps repository. - - :ivar pipeline_id: Id of the pipeline created for the source-control. - :vartype pipeline_id: str - :ivar service_connection_id: Id of the service-connection created for the source-control. - :vartype service_connection_id: str - """ - - _attribute_map = { - "pipeline_id": {"key": "pipelineId", "type": "str"}, - "service_connection_id": {"key": "serviceConnectionId", "type": "str"}, - } - - def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs): - """ - :keyword pipeline_id: Id of the pipeline created for the source-control. - :paramtype pipeline_id: str - :keyword service_connection_id: Id of the service-connection created for the source-control. - :paramtype service_connection_id: str - """ - super().__init__(**kwargs) - self.pipeline_id = pipeline_id - self.service_connection_id = service_connection_id + self.kind: str = "Fusion" + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None -class AzureResourceEntity(Entity): - """Represents an azure resource entity. +class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -4183,21 +3346,33 @@ class AzureResourceEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar resource_id: The azure resource id of the resource. - :vartype resource_id: str - :ivar subscription_id: The subscription id of the resource. - :vartype subscription_id: str + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule template. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule template. + :vartype techniques: list[str] """ _validation = { @@ -4206,10 +3381,8 @@ class AzureResourceEntity(Entity): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "resource_id": {"readonly": True}, - "subscription_id": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } _attribute_map = { @@ -4218,559 +3391,409 @@ class AzureResourceEntity(Entity): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "resource_id": {"key": "properties.resourceId", "type": "str"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "AzureResource" - self.additional_data = None - self.friendly_name = None - self.resource_id = None - self.subscription_id = None - - -class AzureResourceEntityProperties(EntityCommonProperties): - """AzureResource entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar resource_id: The azure resource id of the resource. - :vartype resource_id: str - :ivar subscription_id: The subscription id of the resource. - :vartype subscription_id: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "resource_id": {"readonly": True}, - "subscription_id": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "resource_id": {"key": "resourceId", "type": "str"}, - "subscription_id": {"key": "subscriptionId", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.resource_id = None - self.subscription_id = None - - -class Bookmark(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a bookmark in Azure Security Insights. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. - :vartype display_name: str - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar event_time: The bookmark event time. - :vartype event_time: ~datetime.datetime - :ivar query_start_time: The start time for the query. - :vartype query_start_time: ~datetime.datetime - :ivar query_end_time: The end time for the query. - :vartype query_end_time: ~datetime.datetime - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - :ivar entity_mappings: Describes the entity mappings of the bookmark. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.BookmarkEntityMappings] - :ivar tactics: A list of relevant mitre attacks. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: A list of relevant mitre techniques. - :vartype techniques: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "notes": {"key": "properties.notes", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_result": {"key": "properties.queryResult", "type": "str"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, - "query_start_time": {"key": "properties.queryStartTime", "type": "iso-8601"}, - "query_end_time": {"key": "properties.queryEndTime", "type": "iso-8601"}, - "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[BookmarkEntityMappings]"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } def __init__( self, *, - etag: Optional[str] = None, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, display_name: Optional[str] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - query_start_time: Optional[datetime.datetime] = None, - query_end_time: Optional[datetime.datetime] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - entity_mappings: Optional[List["_models.BookmarkEntityMappings"]] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. :paramtype display_name: str - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword event_time: The bookmark event time. - :paramtype event_time: ~datetime.datetime - :keyword query_start_time: The start time for the query. - :paramtype query_start_time: ~datetime.datetime - :keyword query_end_time: The end time for the query. - :paramtype query_end_time: ~datetime.datetime - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - :keyword entity_mappings: Describes the entity mappings of the bookmark. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.BookmarkEntityMappings] - :keyword tactics: A list of relevant mitre attacks. + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword tactics: The tactics of the alert rule template. :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: A list of relevant mitre techniques. + :keyword techniques: The techniques of the alert rule template. :paramtype techniques: list[str] """ - super().__init__(etag=etag, **kwargs) - self.created = created - self.created_by = created_by + super().__init__(**kwargs) + self.kind: str = "Fusion" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description self.display_name = display_name - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.event_time = event_time - self.query_start_time = query_start_time - self.query_end_time = query_end_time - self.incident_info = incident_info - self.entity_mappings = entity_mappings + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity self.tactics = tactics self.techniques = techniques -class BookmarkEntityMappings(_serialization.Model): - """Describes the entity mappings of a single entity. +class GeoLocation(_serialization.Model): + """The geo-location context attached to the ip entity. + + Variables are only populated by the server, and will be ignored when sending a request. - :ivar entity_type: The entity type. - :vartype entity_type: str - :ivar field_mappings: Array of fields mapping for that entity type. - :vartype field_mappings: list[~azure.mgmt.securityinsight.models.EntityFieldMapping] + :ivar asn: Autonomous System Number. + :vartype asn: int + :ivar city: City name. + :vartype city: str + :ivar country_code: The country code according to ISO 3166 format. + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English + Short Name. + :vartype country_name: str + :ivar latitude: The longitude of the identified location, expressed as a floating point number + with range of -180 to 180, with positive numbers representing East and negative numbers + representing West. Latitude and longitude are derived from the city or postal code. + :vartype latitude: float + :ivar longitude: The latitude of the identified location, expressed as a floating point number + with range of - 90 to 90, with positive numbers representing North and negative numbers + representing South. Latitude and longitude are derived from the city or postal code. + :vartype longitude: float + :ivar state: State name. + :vartype state: str """ + _validation = { + "asn": {"readonly": True}, + "city": {"readonly": True}, + "country_code": {"readonly": True}, + "country_name": {"readonly": True}, + "latitude": {"readonly": True}, + "longitude": {"readonly": True}, + "state": {"readonly": True}, + } + _attribute_map = { - "entity_type": {"key": "entityType", "type": "str"}, - "field_mappings": {"key": "fieldMappings", "type": "[EntityFieldMapping]"}, + "asn": {"key": "asn", "type": "int"}, + "city": {"key": "city", "type": "str"}, + "country_code": {"key": "countryCode", "type": "str"}, + "country_name": {"key": "countryName", "type": "str"}, + "latitude": {"key": "latitude", "type": "float"}, + "longitude": {"key": "longitude", "type": "float"}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - entity_type: Optional[str] = None, - field_mappings: Optional[List["_models.EntityFieldMapping"]] = None, - **kwargs - ): - """ - :keyword entity_type: The entity type. - :paramtype entity_type: str - :keyword field_mappings: Array of fields mapping for that entity type. - :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.EntityFieldMapping] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.entity_type = entity_type - self.field_mappings = field_mappings + self.asn = None + self.city = None + self.country_code = None + self.country_name = None + self.latitude = None + self.longitude = None + self.state = None -class BookmarkExpandParameters(_serialization.Model): - """The parameters required to execute an expand operation on the given bookmark. +class GroupingConfiguration(_serialization.Model): + """Grouping configuration property bag. - :ivar end_time: The end date filter, so the only expansion results returned are before this - date. - :vartype end_time: ~datetime.datetime - :ivar expansion_id: The Id of the expansion to perform. - :vartype expansion_id: str - :ivar start_time: The start date filter, so the only expansion results returned are after this - date. - :vartype start_time: ~datetime.datetime - """ + All required parameters must be populated in order to send to Azure. - _attribute_map = { - "end_time": {"key": "endTime", "type": "iso-8601"}, - "expansion_id": {"key": "expansionId", "type": "str"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, - } - - def __init__( - self, - *, - end_time: Optional[datetime.datetime] = None, - expansion_id: Optional[str] = None, - start_time: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword end_time: The end date filter, so the only expansion results returned are before this - date. - :paramtype end_time: ~datetime.datetime - :keyword expansion_id: The Id of the expansion to perform. - :paramtype expansion_id: str - :keyword start_time: The start date filter, so the only expansion results returned are after - this date. - :paramtype start_time: ~datetime.datetime - """ - super().__init__(**kwargs) - self.end_time = end_time - self.expansion_id = expansion_id - self.start_time = start_time - - -class BookmarkExpandResponse(_serialization.Model): - """The entity expansion result operation response. - - :ivar meta_data: The metadata from the expansion operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :ivar value: The expansion result values. - :vartype value: ~azure.mgmt.securityinsight.models.BookmarkExpandResponseValue + :ivar enabled: Grouping enabled. Required. + :vartype enabled: bool + :ivar reopen_closed_incident: Re-open closed matching incidents. Required. + :vartype reopen_closed_incident: bool + :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO + 8601 duration format). Required. + :vartype lookback_duration: ~datetime.timedelta + :ivar matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). + Only entities defined in the current alert rule may be used. + :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod + is Selected). Only keys defined in the current alert rule may be used. + :vartype group_by_custom_details: list[str] """ - _attribute_map = { - "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, - "value": {"key": "value", "type": "BookmarkExpandResponseValue"}, + _validation = { + "enabled": {"required": True}, + "reopen_closed_incident": {"required": True}, + "lookback_duration": {"required": True}, + "matching_method": {"required": True}, } - def __init__( - self, - *, - meta_data: Optional["_models.ExpansionResultsMetadata"] = None, - value: Optional["_models.BookmarkExpandResponseValue"] = None, - **kwargs - ): - """ - :keyword meta_data: The metadata from the expansion operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :keyword value: The expansion result values. - :paramtype value: ~azure.mgmt.securityinsight.models.BookmarkExpandResponseValue - """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value - - -class BookmarkExpandResponseValue(_serialization.Model): - """The expansion result values. - - :ivar entities: Array of the expansion result entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar edges: Array of expansion result connected entities. - :vartype edges: list[~azure.mgmt.securityinsight.models.ConnectedEntity] - """ - _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "edges": {"key": "edges", "type": "[ConnectedEntity]"}, + "enabled": {"key": "enabled", "type": "bool"}, + "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, + "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, + "matching_method": {"key": "matchingMethod", "type": "str"}, + "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, + "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, + "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, } def __init__( self, *, - entities: Optional[List["_models.Entity"]] = None, - edges: Optional[List["_models.ConnectedEntity"]] = None, - **kwargs - ): + enabled: bool, + reopen_closed_incident: bool, + lookback_duration: datetime.timedelta, + matching_method: Union[str, "_models.MatchingMethod"], + group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, + group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, + group_by_custom_details: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword entities: Array of the expansion result entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword edges: Array of expansion result connected entities. - :paramtype edges: list[~azure.mgmt.securityinsight.models.ConnectedEntity] + :keyword enabled: Grouping enabled. Required. + :paramtype enabled: bool + :keyword reopen_closed_incident: Re-open closed matching incidents. Required. + :paramtype reopen_closed_incident: bool + :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in + ISO 8601 duration format). Required. + :paramtype lookback_duration: ~datetime.timedelta + :keyword matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :keyword group_by_entities: A list of entity types to group by (when matchingMethod is + Selected). Only entities defined in the current alert rule may be used. + :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :keyword group_by_custom_details: A list of custom details keys to group by (when + matchingMethod is Selected). Only keys defined in the current alert rule may be used. + :paramtype group_by_custom_details: list[str] """ super().__init__(**kwargs) - self.entities = entities - self.edges = edges + self.enabled = enabled + self.reopen_closed_incident = reopen_closed_incident + self.lookback_duration = lookback_duration + self.matching_method = matching_method + self.group_by_entities = group_by_entities + self.group_by_alert_details = group_by_alert_details + self.group_by_custom_details = group_by_custom_details -class BookmarkList(_serialization.Model): - """List all the bookmarks. +class HostEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a host entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of bookmarks. - :vartype next_link: str - :ivar value: Array of bookmarks. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Bookmark] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Bookmark]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "azure_id": {"key": "properties.azureID", "type": "str"}, + "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, + "host_name": {"key": "properties.hostName", "type": "str"}, + "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, + "nt_domain": {"key": "properties.ntDomain", "type": "str"}, + "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, + "os_family": {"key": "properties.osFamily", "type": "str"}, + "os_version": {"key": "properties.osVersion", "type": "str"}, } - def __init__(self, *, value: List["_models.Bookmark"], **kwargs): + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: """ - :keyword value: Array of bookmarks. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.kind: str = "Host" + self.additional_data = None + self.friendly_name = None + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None -class BookmarkTimelineItem(EntityTimelineItem): - """Represents bookmark timeline item. +class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Host entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar azure_resource_id: The bookmark azure resource id. Required. - :vartype azure_resource_id: str - :ivar display_name: The bookmark display name. - :vartype display_name: str - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar end_time_utc: The bookmark end time. - :vartype end_time_utc: ~datetime.datetime - :ivar start_time_utc: The bookmark start time. - :vartype start_time_utc: ~datetime.datetime - :ivar event_time: The bookmark event time. - :vartype event_time: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str """ _validation = { - "kind": {"required": True}, - "azure_resource_id": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "azure_resource_id": {"key": "azureResourceId", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "notes": {"key": "notes", "type": "str"}, - "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, - "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, - "event_time": {"key": "eventTime", "type": "iso-8601"}, - "created_by": {"key": "createdBy", "type": "UserInfo"}, - "labels": {"key": "labels", "type": "[str]"}, - } - - def __init__( - self, - *, - azure_resource_id: str, - display_name: Optional[str] = None, - notes: Optional[str] = None, - end_time_utc: Optional[datetime.datetime] = None, - start_time_utc: Optional[datetime.datetime] = None, - event_time: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - labels: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword azure_resource_id: The bookmark azure resource id. Required. - :paramtype azure_resource_id: str - :keyword display_name: The bookmark display name. - :paramtype display_name: str - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword end_time_utc: The bookmark end time. - :paramtype end_time_utc: ~datetime.datetime - :keyword start_time_utc: The bookmark start time. - :paramtype start_time_utc: ~datetime.datetime - :keyword event_time: The bookmark event time. - :paramtype event_time: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - """ - super().__init__(**kwargs) - self.kind: str = "Bookmark" - self.azure_resource_id = azure_resource_id - self.display_name = display_name - self.notes = notes - self.end_time_utc = end_time_utc - self.start_time_utc = start_time_utc - self.event_time = event_time - self.created_by = created_by - self.labels = labels - - -class BooleanConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions. - - All required parameters must be populated in order to send to Azure. - - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType - :ivar condition_properties: - :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRuleBooleanCondition - """ - - _validation = { - "condition_type": {"required": True}, - } - - _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - "condition_properties": {"key": "conditionProperties", "type": "AutomationRuleBooleanCondition"}, - } - - def __init__(self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs): - """ - :keyword condition_properties: - :paramtype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRuleBooleanCondition - """ - super().__init__(**kwargs) - self.condition_type: str = "Boolean" - self.condition_properties = condition_properties - - -class ClientInfo(_serialization.Model): - """Information on the client (user or application) that made some action. - - :ivar email: The email of the client. - :vartype email: str - :ivar name: The name of the client. - :vartype name: str - :ivar object_id: The object id of the client. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the client. - :vartype user_principal_name: str - """ - - _attribute_map = { - "email": {"key": "email", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, - "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "azure_id": {"key": "azureID", "type": "str"}, + "dns_domain": {"key": "dnsDomain", "type": "str"}, + "host_name": {"key": "hostName", "type": "str"}, + "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "netBiosName", "type": "str"}, + "nt_domain": {"key": "ntDomain", "type": "str"}, + "oms_agent_id": {"key": "omsAgentID", "type": "str"}, + "os_family": {"key": "osFamily", "type": "str"}, + "os_version": {"key": "osVersion", "type": "str"}, } - def __init__( - self, - *, - email: Optional[str] = None, - name: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - **kwargs - ): + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: """ - :keyword email: The email of the client. - :paramtype email: str - :keyword name: The name of the client. - :paramtype name: str - :keyword object_id: The object id of the client. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the client. - :paramtype user_principal_name: str + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily """ super().__init__(**kwargs) - self.email = email - self.name = name - self.object_id = object_id - self.user_principal_name = user_principal_name + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None -class CloudApplicationEntity(Entity): - """Represents a cloud application entity. +class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes + """Represents a Hunting bookmark entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -4790,21 +3813,36 @@ class CloudApplicationEntity(Entity): :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar app_id: The technical identifier of the application. - :vartype app_id: int - :ivar app_name: The name of the related cloud application. - :vartype app_name: str - :ivar instance_name: The user defined instance name of the cloud application. It is often used - to distinguish between several applications of the same type that a customer has. - :vartype instance_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ _validation = { @@ -4815,9 +3853,6 @@ class CloudApplicationEntity(Entity): "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "app_id": {"readonly": True}, - "app_name": {"readonly": True}, - "instance_name": {"readonly": True}, } _attribute_map = { @@ -4828,103 +3863,195 @@ class CloudApplicationEntity(Entity): "kind": {"key": "kind", "type": "str"}, "additional_data": {"key": "properties.additionalData", "type": "{object}"}, "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "app_id": {"key": "properties.appId", "type": "int"}, - "app_name": {"key": "properties.appName", "type": "str"}, - "instance_name": {"key": "properties.instanceName", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + display_name: Optional[str] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: + """ + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ super().__init__(**kwargs) - self.kind: str = "CloudApplication" + self.kind: str = "Bookmark" self.additional_data = None self.friendly_name = None - self.app_id = None - self.app_name = None - self.instance_name = None + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class CloudApplicationEntityProperties(EntityCommonProperties): - """CloudApplication entity property bag. +class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Describes bookmark properties. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar app_id: The technical identifier of the application. - :vartype app_id: int - :ivar app_name: The name of the related cloud application. - :vartype app_name: str - :ivar instance_name: The user defined instance name of the cloud application. It is often used - to distinguish between several applications of the same type that a customer has. - :vartype instance_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. Required. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. Required. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ _validation = { "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "app_id": {"readonly": True}, - "app_name": {"readonly": True}, - "instance_name": {"readonly": True}, + "display_name": {"required": True}, + "query": {"required": True}, } _attribute_map = { "additional_data": {"key": "additionalData", "type": "{object}"}, "friendly_name": {"key": "friendlyName", "type": "str"}, - "app_id": {"key": "appId", "type": "int"}, - "app_name": {"key": "appName", "type": "str"}, - "instance_name": {"key": "instanceName", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.app_id = None - self.app_name = None - self.instance_name = None - - -class CloudErrorBody(_serialization.Model): - """Error details. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar code: An identifier for the error. Codes are invariant and are intended to be consumed - programmatically. - :vartype code: str - :ivar message: A message describing the error, intended to be suitable for display in a user - interface. - :vartype message: str - """ - - _validation = { - "code": {"readonly": True}, - "message": {"readonly": True}, - } - - _attribute_map = { - "code": {"key": "code", "type": "str"}, - "message": {"key": "message", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "created_by": {"key": "createdBy", "type": "UserInfo"}, + "display_name": {"key": "displayName", "type": "str"}, + "event_time": {"key": "eventTime", "type": "iso-8601"}, + "labels": {"key": "labels", "type": "[str]"}, + "notes": {"key": "notes", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "query_result": {"key": "queryResult", "type": "str"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "updated_by": {"key": "updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + display_name: str, + query: str, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: + """ + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. Required. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. Required. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ super().__init__(**kwargs) - self.code = None - self.message = None + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class CodelessApiPollingDataConnector(DataConnector): - """Represents Codeless API Polling data connector. +class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents an incident in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -4938,20 +4065,46 @@ class CodelessApiPollingDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar connector_ui_config: Config to describe the instructions blade. - :vartype connector_ui_config: - ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties - :ivar polling_config: Config to describe the polling instructions. - :vartype polling_config: - ~azure.mgmt.securityinsight.models.CodelessConnectorPollingConfigProperties + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :ivar description: The description of the incident. + :vartype description: str + :ivar first_activity_time_utc: The time of the first activity in the incident. + :vartype first_activity_time_utc: ~datetime.datetime + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar incident_number: A sequential number. + :vartype incident_number: int + :ivar labels: List of labels relevant to this incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar last_activity_time_utc: The time of the last activity in the incident. + :vartype last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar owner: Describes a user that the incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar title: The title of the incident. + :vartype title: str """ _validation = { @@ -4959,7 +4112,12 @@ class CodelessApiPollingDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, + "additional_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "incident_url": {"readonly": True}, + "incident_number": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "related_analytic_rule_ids": {"readonly": True}, } _attribute_map = { @@ -4968,957 +4126,647 @@ class CodelessApiPollingDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CodelessUiConnectorConfigProperties"}, - "polling_config": {"key": "properties.pollingConfig", "type": "CodelessConnectorPollingConfigProperties"}, + "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, + "classification": {"key": "properties.classification", "type": "str"}, + "classification_comment": {"key": "properties.classificationComment", "type": "str"}, + "classification_reason": {"key": "properties.classificationReason", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, + "incident_url": {"key": "properties.incidentUrl", "type": "str"}, + "incident_number": {"key": "properties.incidentNumber", "type": "int"}, + "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, + "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, + "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, } def __init__( self, *, etag: Optional[str] = None, - connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, - polling_config: Optional["_models.CodelessConnectorPollingConfigProperties"] = None, - **kwargs - ): + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_comment: Optional[str] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + description: Optional[str] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + title: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword connector_ui_config: Config to describe the instructions blade. - :paramtype connector_ui_config: - ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties - :keyword polling_config: Config to describe the polling instructions. - :paramtype polling_config: - ~azure.mgmt.securityinsight.models.CodelessConnectorPollingConfigProperties + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword description: The description of the incident. + :paramtype description: str + :keyword first_activity_time_utc: The time of the first activity in the incident. + :paramtype first_activity_time_utc: ~datetime.datetime + :keyword labels: List of labels relevant to this incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword last_activity_time_utc: The time of the last activity in the incident. + :paramtype last_activity_time_utc: ~datetime.datetime + :keyword owner: Describes a user that the incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword title: The title of the incident. + :paramtype title: str """ super().__init__(etag=etag, **kwargs) - self.kind: str = "APIPolling" - self.connector_ui_config = connector_ui_config - self.polling_config = polling_config + self.additional_data = None + self.classification = classification + self.classification_comment = classification_comment + self.classification_reason = classification_reason + self.created_time_utc = None + self.description = description + self.first_activity_time_utc = first_activity_time_utc + self.incident_url = None + self.incident_number = None + self.labels = labels + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.owner = owner + self.related_analytic_rule_ids = None + self.severity = severity + self.status = status + self.title = title -class CodelessConnectorPollingAuthProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Describe the authentication properties needed to successfully authenticate with the server. +class IncidentAdditionalData(_serialization.Model): + """Incident additional data property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar auth_type: The authentication type. Required. - :vartype auth_type: str - :ivar api_key_name: The header name which the token is sent with. - :vartype api_key_name: str - :ivar api_key_identifier: A prefix send in the header before the actual token. - :vartype api_key_identifier: str - :ivar is_api_key_in_post_payload: Marks if the key should sent in header. - :vartype is_api_key_in_post_payload: str - :ivar flow_name: Describes the flow name, for example 'AuthCode' for Oauth 2.0. - :vartype flow_name: str - :ivar token_endpoint: The endpoint used to issue a token, used in Oauth 2.0 flow. - :vartype token_endpoint: str - :ivar authorization_endpoint: The endpoint used to authorize the user, used in Oauth 2.0 flow. - :vartype authorization_endpoint: str - :ivar authorization_endpoint_query_parameters: The query parameters used in authorization - request, used in Oauth 2.0 flow. - :vartype authorization_endpoint_query_parameters: JSON - :ivar redirection_endpoint: The redirect endpoint where we will get the authorization code, - used in Oauth 2.0 flow. - :vartype redirection_endpoint: str - :ivar token_endpoint_headers: The query headers used in token request, used in Oauth 2.0 flow. - :vartype token_endpoint_headers: JSON - :ivar token_endpoint_query_parameters: The query parameters used in token request, used in - Oauth 2.0 flow. - :vartype token_endpoint_query_parameters: JSON - :ivar is_client_secret_in_header: Marks if we should send the client secret in header or - payload, used in Oauth 2.0 flow. - :vartype is_client_secret_in_header: bool - :ivar scope: The OAuth token scope. - :vartype scope: str + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] """ _validation = { - "auth_type": {"required": True}, + "alerts_count": {"readonly": True}, + "bookmarks_count": {"readonly": True}, + "comments_count": {"readonly": True}, + "alert_product_names": {"readonly": True}, + "tactics": {"readonly": True}, } _attribute_map = { - "auth_type": {"key": "authType", "type": "str"}, - "api_key_name": {"key": "apiKeyName", "type": "str"}, - "api_key_identifier": {"key": "apiKeyIdentifier", "type": "str"}, - "is_api_key_in_post_payload": {"key": "isApiKeyInPostPayload", "type": "str"}, - "flow_name": {"key": "flowName", "type": "str"}, - "token_endpoint": {"key": "tokenEndpoint", "type": "str"}, - "authorization_endpoint": {"key": "authorizationEndpoint", "type": "str"}, - "authorization_endpoint_query_parameters": {"key": "authorizationEndpointQueryParameters", "type": "object"}, - "redirection_endpoint": {"key": "redirectionEndpoint", "type": "str"}, - "token_endpoint_headers": {"key": "tokenEndpointHeaders", "type": "object"}, - "token_endpoint_query_parameters": {"key": "tokenEndpointQueryParameters", "type": "object"}, - "is_client_secret_in_header": {"key": "isClientSecretInHeader", "type": "bool"}, - "scope": {"key": "scope", "type": "str"}, + "alerts_count": {"key": "alertsCount", "type": "int"}, + "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, + "comments_count": {"key": "commentsCount", "type": "int"}, + "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, + "tactics": {"key": "tactics", "type": "[str]"}, } - def __init__( - self, - *, - auth_type: str, - api_key_name: Optional[str] = None, - api_key_identifier: Optional[str] = None, - is_api_key_in_post_payload: Optional[str] = None, - flow_name: Optional[str] = None, - token_endpoint: Optional[str] = None, - authorization_endpoint: Optional[str] = None, - authorization_endpoint_query_parameters: Optional[JSON] = None, - redirection_endpoint: Optional[str] = None, - token_endpoint_headers: Optional[JSON] = None, - token_endpoint_query_parameters: Optional[JSON] = None, - is_client_secret_in_header: Optional[bool] = None, - scope: Optional[str] = None, - **kwargs - ): - """ - :keyword auth_type: The authentication type. Required. - :paramtype auth_type: str - :keyword api_key_name: The header name which the token is sent with. - :paramtype api_key_name: str - :keyword api_key_identifier: A prefix send in the header before the actual token. - :paramtype api_key_identifier: str - :keyword is_api_key_in_post_payload: Marks if the key should sent in header. - :paramtype is_api_key_in_post_payload: str - :keyword flow_name: Describes the flow name, for example 'AuthCode' for Oauth 2.0. - :paramtype flow_name: str - :keyword token_endpoint: The endpoint used to issue a token, used in Oauth 2.0 flow. - :paramtype token_endpoint: str - :keyword authorization_endpoint: The endpoint used to authorize the user, used in Oauth 2.0 - flow. - :paramtype authorization_endpoint: str - :keyword authorization_endpoint_query_parameters: The query parameters used in authorization - request, used in Oauth 2.0 flow. - :paramtype authorization_endpoint_query_parameters: JSON - :keyword redirection_endpoint: The redirect endpoint where we will get the authorization code, - used in Oauth 2.0 flow. - :paramtype redirection_endpoint: str - :keyword token_endpoint_headers: The query headers used in token request, used in Oauth 2.0 - flow. - :paramtype token_endpoint_headers: JSON - :keyword token_endpoint_query_parameters: The query parameters used in token request, used in - Oauth 2.0 flow. - :paramtype token_endpoint_query_parameters: JSON - :keyword is_client_secret_in_header: Marks if we should send the client secret in header or - payload, used in Oauth 2.0 flow. - :paramtype is_client_secret_in_header: bool - :keyword scope: The OAuth token scope. - :paramtype scope: str - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.auth_type = auth_type - self.api_key_name = api_key_name - self.api_key_identifier = api_key_identifier - self.is_api_key_in_post_payload = is_api_key_in_post_payload - self.flow_name = flow_name - self.token_endpoint = token_endpoint - self.authorization_endpoint = authorization_endpoint - self.authorization_endpoint_query_parameters = authorization_endpoint_query_parameters - self.redirection_endpoint = redirection_endpoint - self.token_endpoint_headers = token_endpoint_headers - self.token_endpoint_query_parameters = token_endpoint_query_parameters - self.is_client_secret_in_header = is_client_secret_in_header - self.scope = scope - - -class CodelessConnectorPollingConfigProperties(_serialization.Model): - """Config to describe the polling config for API poller connector. + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + + +class IncidentAlertList(_serialization.Model): + """List of incident alerts. All required parameters must be populated in order to send to Azure. - :ivar is_active: The poller active status. - :vartype is_active: bool - :ivar auth: Describe the authentication type of the poller. Required. - :vartype auth: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingAuthProperties - :ivar request: Describe the poll request config parameters of the poller. Required. - :vartype request: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingRequestProperties - :ivar paging: Describe the poll request paging config of the poller. - :vartype paging: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingPagingProperties - :ivar response: Describe the response config parameters of the poller. - :vartype response: - ~azure.mgmt.securityinsight.models.CodelessConnectorPollingResponseProperties + :ivar value: Array of incident alerts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] """ _validation = { - "auth": {"required": True}, - "request": {"required": True}, + "value": {"required": True}, } _attribute_map = { - "is_active": {"key": "isActive", "type": "bool"}, - "auth": {"key": "auth", "type": "CodelessConnectorPollingAuthProperties"}, - "request": {"key": "request", "type": "CodelessConnectorPollingRequestProperties"}, - "paging": {"key": "paging", "type": "CodelessConnectorPollingPagingProperties"}, - "response": {"key": "response", "type": "CodelessConnectorPollingResponseProperties"}, + "value": {"key": "value", "type": "[SecurityAlert]"}, } - def __init__( - self, - *, - auth: "_models.CodelessConnectorPollingAuthProperties", - request: "_models.CodelessConnectorPollingRequestProperties", - is_active: Optional[bool] = None, - paging: Optional["_models.CodelessConnectorPollingPagingProperties"] = None, - response: Optional["_models.CodelessConnectorPollingResponseProperties"] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs: Any) -> None: """ - :keyword is_active: The poller active status. - :paramtype is_active: bool - :keyword auth: Describe the authentication type of the poller. Required. - :paramtype auth: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingAuthProperties - :keyword request: Describe the poll request config parameters of the poller. Required. - :paramtype request: - ~azure.mgmt.securityinsight.models.CodelessConnectorPollingRequestProperties - :keyword paging: Describe the poll request paging config of the poller. - :paramtype paging: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingPagingProperties - :keyword response: Describe the response config parameters of the poller. - :paramtype response: - ~azure.mgmt.securityinsight.models.CodelessConnectorPollingResponseProperties + :keyword value: Array of incident alerts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] """ super().__init__(**kwargs) - self.is_active = is_active - self.auth = auth - self.request = request - self.paging = paging - self.response = response + self.value = value -class CodelessConnectorPollingPagingProperties(_serialization.Model): - """Describe the properties needed to make a pagination call. +class IncidentBookmarkList(_serialization.Model): + """List of incident bookmarks. All required parameters must be populated in order to send to Azure. - :ivar paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'. - Required. - :vartype paging_type: str - :ivar next_page_para_name: Defines the name of a next page attribute. - :vartype next_page_para_name: str - :ivar next_page_token_json_path: Defines the path to a next page token JSON. - :vartype next_page_token_json_path: str - :ivar page_count_attribute_path: Defines the path to a page count attribute. - :vartype page_count_attribute_path: str - :ivar page_total_count_attribute_path: Defines the path to a page total count attribute. - :vartype page_total_count_attribute_path: str - :ivar page_time_stamp_attribute_path: Defines the path to a paging time stamp attribute. - :vartype page_time_stamp_attribute_path: str - :ivar search_the_latest_time_stamp_from_events_list: Determines whether to search for the - latest time stamp in the events list. - :vartype search_the_latest_time_stamp_from_events_list: str - :ivar page_size_para_name: Defines the name of the page size parameter. - :vartype page_size_para_name: str - :ivar page_size: Defines the paging size. - :vartype page_size: int + :ivar value: Array of incident bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] """ _validation = { - "paging_type": {"required": True}, + "value": {"required": True}, } _attribute_map = { - "paging_type": {"key": "pagingType", "type": "str"}, - "next_page_para_name": {"key": "nextPageParaName", "type": "str"}, - "next_page_token_json_path": {"key": "nextPageTokenJsonPath", "type": "str"}, - "page_count_attribute_path": {"key": "pageCountAttributePath", "type": "str"}, - "page_total_count_attribute_path": {"key": "pageTotalCountAttributePath", "type": "str"}, - "page_time_stamp_attribute_path": {"key": "pageTimeStampAttributePath", "type": "str"}, - "search_the_latest_time_stamp_from_events_list": { - "key": "searchTheLatestTimeStampFromEventsList", - "type": "str", - }, - "page_size_para_name": {"key": "pageSizeParaName", "type": "str"}, - "page_size": {"key": "pageSize", "type": "int"}, + "value": {"key": "value", "type": "[HuntingBookmark]"}, } - def __init__( - self, - *, - paging_type: str, - next_page_para_name: Optional[str] = None, - next_page_token_json_path: Optional[str] = None, - page_count_attribute_path: Optional[str] = None, - page_total_count_attribute_path: Optional[str] = None, - page_time_stamp_attribute_path: Optional[str] = None, - search_the_latest_time_stamp_from_events_list: Optional[str] = None, - page_size_para_name: Optional[str] = None, - page_size: Optional[int] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs: Any) -> None: """ - :keyword paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', - 'TimeStamp'. Required. - :paramtype paging_type: str - :keyword next_page_para_name: Defines the name of a next page attribute. - :paramtype next_page_para_name: str - :keyword next_page_token_json_path: Defines the path to a next page token JSON. - :paramtype next_page_token_json_path: str - :keyword page_count_attribute_path: Defines the path to a page count attribute. - :paramtype page_count_attribute_path: str - :keyword page_total_count_attribute_path: Defines the path to a page total count attribute. - :paramtype page_total_count_attribute_path: str - :keyword page_time_stamp_attribute_path: Defines the path to a paging time stamp attribute. - :paramtype page_time_stamp_attribute_path: str - :keyword search_the_latest_time_stamp_from_events_list: Determines whether to search for the - latest time stamp in the events list. - :paramtype search_the_latest_time_stamp_from_events_list: str - :keyword page_size_para_name: Defines the name of the page size parameter. - :paramtype page_size_para_name: str - :keyword page_size: Defines the paging size. - :paramtype page_size: int + :keyword value: Array of incident bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] """ super().__init__(**kwargs) - self.paging_type = paging_type - self.next_page_para_name = next_page_para_name - self.next_page_token_json_path = next_page_token_json_path - self.page_count_attribute_path = page_count_attribute_path - self.page_total_count_attribute_path = page_total_count_attribute_path - self.page_time_stamp_attribute_path = page_time_stamp_attribute_path - self.search_the_latest_time_stamp_from_events_list = search_the_latest_time_stamp_from_events_list - self.page_size_para_name = page_size_para_name - self.page_size = page_size + self.value = value -class CodelessConnectorPollingRequestProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Describe the request properties needed to successfully pull from the server. +class IncidentComment(ResourceWithEtag): + """Represents an incident comment. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar api_endpoint: Describe the endpoint we should pull the data from. Required. - :vartype api_endpoint: str - :ivar rate_limit_qps: Defines the rate limit QPS. - :vartype rate_limit_qps: int - :ivar query_window_in_min: The window interval we will use the pull the data. Required. - :vartype query_window_in_min: int - :ivar http_method: The http method type we will use in the poll request, GET or POST. Required. - :vartype http_method: str - :ivar query_time_format: The time format will be used the query events in a specific window. - Required. - :vartype query_time_format: str - :ivar retry_count: Describe the amount of time we should try and poll the data in case of - failure. - :vartype retry_count: int - :ivar timeout_in_seconds: The number of seconds we will consider as a request timeout. - :vartype timeout_in_seconds: int - :ivar headers: Describe the headers sent in the poll request. - :vartype headers: JSON - :ivar query_parameters: Describe the query parameters sent in the poll request. - :vartype query_parameters: JSON - :ivar query_parameters_template: For advanced scenarios for example user name/password embedded - in nested JSON payload. - :vartype query_parameters_template: str - :ivar start_time_attribute_name: This will be used the query events from a start of the time - window. - :vartype start_time_attribute_name: str - :ivar end_time_attribute_name: This will be used the query events from the end of the time - window. - :vartype end_time_attribute_name: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The time the comment was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar message: The comment message. + :vartype message: str + :ivar author: Describes the client that created the comment. + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo """ _validation = { - "api_endpoint": {"required": True}, - "query_window_in_min": {"required": True}, - "http_method": {"required": True}, - "query_time_format": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "author": {"readonly": True}, } _attribute_map = { - "api_endpoint": {"key": "apiEndpoint", "type": "str"}, - "rate_limit_qps": {"key": "rateLimitQps", "type": "int"}, - "query_window_in_min": {"key": "queryWindowInMin", "type": "int"}, - "http_method": {"key": "httpMethod", "type": "str"}, - "query_time_format": {"key": "queryTimeFormat", "type": "str"}, - "retry_count": {"key": "retryCount", "type": "int"}, - "timeout_in_seconds": {"key": "timeoutInSeconds", "type": "int"}, - "headers": {"key": "headers", "type": "object"}, - "query_parameters": {"key": "queryParameters", "type": "object"}, - "query_parameters_template": {"key": "queryParametersTemplate", "type": "str"}, - "start_time_attribute_name": {"key": "startTimeAttributeName", "type": "str"}, - "end_time_attribute_name": {"key": "endTimeAttributeName", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "message": {"key": "properties.message", "type": "str"}, + "author": {"key": "properties.author", "type": "ClientInfo"}, } - def __init__( - self, - *, - api_endpoint: str, - query_window_in_min: int, - http_method: str, - query_time_format: str, - rate_limit_qps: Optional[int] = None, - retry_count: Optional[int] = None, - timeout_in_seconds: Optional[int] = None, - headers: Optional[JSON] = None, - query_parameters: Optional[JSON] = None, - query_parameters_template: Optional[str] = None, - start_time_attribute_name: Optional[str] = None, - end_time_attribute_name: Optional[str] = None, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword api_endpoint: Describe the endpoint we should pull the data from. Required. - :paramtype api_endpoint: str - :keyword rate_limit_qps: Defines the rate limit QPS. - :paramtype rate_limit_qps: int - :keyword query_window_in_min: The window interval we will use the pull the data. Required. - :paramtype query_window_in_min: int - :keyword http_method: The http method type we will use in the poll request, GET or POST. - Required. - :paramtype http_method: str - :keyword query_time_format: The time format will be used the query events in a specific window. - Required. - :paramtype query_time_format: str - :keyword retry_count: Describe the amount of time we should try and poll the data in case of - failure. - :paramtype retry_count: int - :keyword timeout_in_seconds: The number of seconds we will consider as a request timeout. - :paramtype timeout_in_seconds: int - :keyword headers: Describe the headers sent in the poll request. - :paramtype headers: JSON - :keyword query_parameters: Describe the query parameters sent in the poll request. - :paramtype query_parameters: JSON - :keyword query_parameters_template: For advanced scenarios for example user name/password - embedded in nested JSON payload. - :paramtype query_parameters_template: str - :keyword start_time_attribute_name: This will be used the query events from a start of the time - window. - :paramtype start_time_attribute_name: str - :keyword end_time_attribute_name: This will be used the query events from the end of the time - window. - :paramtype end_time_attribute_name: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The comment message. + :paramtype message: str """ - super().__init__(**kwargs) - self.api_endpoint = api_endpoint - self.rate_limit_qps = rate_limit_qps - self.query_window_in_min = query_window_in_min - self.http_method = http_method - self.query_time_format = query_time_format - self.retry_count = retry_count - self.timeout_in_seconds = timeout_in_seconds - self.headers = headers - self.query_parameters = query_parameters - self.query_parameters_template = query_parameters_template - self.start_time_attribute_name = start_time_attribute_name - self.end_time_attribute_name = end_time_attribute_name - - -class CodelessConnectorPollingResponseProperties(_serialization.Model): - """Describes the response from the external server. + super().__init__(etag=etag, **kwargs) + self.created_time_utc = None + self.last_modified_time_utc = None + self.message = message + self.author = None + + +class IncidentCommentList(_serialization.Model): + """List of incident comments. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar events_json_paths: Describes the path we should extract the data in the response. - Required. - :vartype events_json_paths: list[str] - :ivar success_status_json_path: Describes the path we should extract the status code in the - response. - :vartype success_status_json_path: str - :ivar success_status_value: Describes the path we should extract the status value in the - response. - :vartype success_status_value: str - :ivar is_gzip_compressed: Describes if the data in the response is Gzip. - :vartype is_gzip_compressed: bool + :ivar next_link: URL to fetch the next set of comments. + :vartype next_link: str + :ivar value: Array of comments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] """ _validation = { - "events_json_paths": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "events_json_paths": {"key": "eventsJsonPaths", "type": "[str]"}, - "success_status_json_path": {"key": "successStatusJsonPath", "type": "str"}, - "success_status_value": {"key": "successStatusValue", "type": "str"}, - "is_gzip_compressed": {"key": "isGzipCompressed", "type": "bool"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[IncidentComment]"}, } - def __init__( - self, - *, - events_json_paths: List[str], - success_status_json_path: Optional[str] = None, - success_status_value: Optional[str] = None, - is_gzip_compressed: Optional[bool] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.IncidentComment"], **kwargs: Any) -> None: """ - :keyword events_json_paths: Describes the path we should extract the data in the response. - Required. - :paramtype events_json_paths: list[str] - :keyword success_status_json_path: Describes the path we should extract the status code in the - response. - :paramtype success_status_json_path: str - :keyword success_status_value: Describes the path we should extract the status value in the - response. - :paramtype success_status_value: str - :keyword is_gzip_compressed: Describes if the data in the response is Gzip. - :paramtype is_gzip_compressed: bool + :keyword value: Array of comments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] """ super().__init__(**kwargs) - self.events_json_paths = events_json_paths - self.success_status_json_path = success_status_json_path - self.success_status_value = success_status_value - self.is_gzip_compressed = is_gzip_compressed + self.next_link = None + self.value = value -class CodelessUiConnectorConfigProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Config to describe the instructions blade. +class IncidentConfiguration(_serialization.Model): + """Incident Configuration property bag. All required parameters must be populated in order to send to Azure. - :ivar title: Connector blade title. Required. - :vartype title: str - :ivar publisher: Connector publisher name. Required. - :vartype publisher: str - :ivar description_markdown: Connector description. Required. - :vartype description_markdown: str - :ivar custom_image: An optional custom image to be used when displaying the connector within - Azure Sentinel's connector's gallery. - :vartype custom_image: str - :ivar graph_queries_table_name: Name of the table the connector will insert the data to. - Required. - :vartype graph_queries_table_name: str - :ivar graph_queries: The graph query to show the current data status. Required. - :vartype graph_queries: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesGraphQueriesItem] - :ivar sample_queries: The sample queries for the connector. Required. - :vartype sample_queries: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesSampleQueriesItem] - :ivar data_types: Data types to check for last data received. Required. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesDataTypesItem] - :ivar connectivity_criteria: Define the way the connector check connectivity. Required. - :vartype connectivity_criteria: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem] - :ivar availability: Connector Availability Status. Required. - :vartype availability: ~azure.mgmt.securityinsight.models.Availability - :ivar permissions: Permissions required for the connector. Required. - :vartype permissions: ~azure.mgmt.securityinsight.models.Permissions - :ivar instruction_steps: Instruction steps to enable the connector. Required. - :vartype instruction_steps: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesInstructionStepsItem] + :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. + :vartype create_incident: bool + :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are + grouped into incidents. + :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration """ _validation = { - "title": {"required": True}, - "publisher": {"required": True}, - "description_markdown": {"required": True}, - "graph_queries_table_name": {"required": True}, - "graph_queries": {"required": True}, - "sample_queries": {"required": True}, - "data_types": {"required": True}, - "connectivity_criteria": {"required": True}, - "availability": {"required": True}, - "permissions": {"required": True}, - "instruction_steps": {"required": True}, + "create_incident": {"required": True}, } _attribute_map = { - "title": {"key": "title", "type": "str"}, - "publisher": {"key": "publisher", "type": "str"}, - "description_markdown": {"key": "descriptionMarkdown", "type": "str"}, - "custom_image": {"key": "customImage", "type": "str"}, - "graph_queries_table_name": {"key": "graphQueriesTableName", "type": "str"}, - "graph_queries": {"key": "graphQueries", "type": "[CodelessUiConnectorConfigPropertiesGraphQueriesItem]"}, - "sample_queries": {"key": "sampleQueries", "type": "[CodelessUiConnectorConfigPropertiesSampleQueriesItem]"}, - "data_types": {"key": "dataTypes", "type": "[CodelessUiConnectorConfigPropertiesDataTypesItem]"}, - "connectivity_criteria": { - "key": "connectivityCriteria", - "type": "[CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem]", - }, - "availability": {"key": "availability", "type": "Availability"}, - "permissions": {"key": "permissions", "type": "Permissions"}, - "instruction_steps": { - "key": "instructionSteps", - "type": "[CodelessUiConnectorConfigPropertiesInstructionStepsItem]", - }, + "create_incident": {"key": "createIncident", "type": "bool"}, + "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, } def __init__( self, *, - title: str, - publisher: str, - description_markdown: str, - graph_queries_table_name: str, - graph_queries: List["_models.CodelessUiConnectorConfigPropertiesGraphQueriesItem"], - sample_queries: List["_models.CodelessUiConnectorConfigPropertiesSampleQueriesItem"], - data_types: List["_models.CodelessUiConnectorConfigPropertiesDataTypesItem"], - connectivity_criteria: List["_models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem"], - availability: "_models.Availability", - permissions: "_models.Permissions", - instruction_steps: List["_models.CodelessUiConnectorConfigPropertiesInstructionStepsItem"], - custom_image: Optional[str] = None, - **kwargs - ): + create_incident: bool, + grouping_configuration: Optional["_models.GroupingConfiguration"] = None, + **kwargs: Any + ) -> None: """ - :keyword title: Connector blade title. Required. - :paramtype title: str - :keyword publisher: Connector publisher name. Required. - :paramtype publisher: str - :keyword description_markdown: Connector description. Required. - :paramtype description_markdown: str - :keyword custom_image: An optional custom image to be used when displaying the connector within - Azure Sentinel's connector's gallery. - :paramtype custom_image: str - :keyword graph_queries_table_name: Name of the table the connector will insert the data to. + :keyword create_incident: Create incidents from alerts triggered by this analytics rule. Required. - :paramtype graph_queries_table_name: str - :keyword graph_queries: The graph query to show the current data status. Required. - :paramtype graph_queries: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesGraphQueriesItem] - :keyword sample_queries: The sample queries for the connector. Required. - :paramtype sample_queries: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesSampleQueriesItem] - :keyword data_types: Data types to check for last data received. Required. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesDataTypesItem] - :keyword connectivity_criteria: Define the way the connector check connectivity. Required. - :paramtype connectivity_criteria: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem] - :keyword availability: Connector Availability Status. Required. - :paramtype availability: ~azure.mgmt.securityinsight.models.Availability - :keyword permissions: Permissions required for the connector. Required. - :paramtype permissions: ~azure.mgmt.securityinsight.models.Permissions - :keyword instruction_steps: Instruction steps to enable the connector. Required. - :paramtype instruction_steps: - list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesInstructionStepsItem] + :paramtype create_incident: bool + :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, + are grouped into incidents. + :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration """ super().__init__(**kwargs) - self.title = title - self.publisher = publisher - self.description_markdown = description_markdown - self.custom_image = custom_image - self.graph_queries_table_name = graph_queries_table_name - self.graph_queries = graph_queries - self.sample_queries = sample_queries - self.data_types = data_types - self.connectivity_criteria = connectivity_criteria - self.availability = availability - self.permissions = permissions - self.instruction_steps = instruction_steps + self.create_incident = create_incident + self.grouping_configuration = grouping_configuration -class ConnectivityCriteria(_serialization.Model): - """Setting for the connector check connectivity. +class IncidentEntitiesResponse(_serialization.Model): + """The incident related entities response. - :ivar type: type of connectivity. "IsConnectedQuery" - :vartype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType - :ivar value: Queries for checking connectivity. - :vartype value: list[str] + :ivar entities: Array of the incident related entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar meta_data: The metadata from the incident related entities results. + :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] """ _attribute_map = { - "type": {"key": "type", "type": "str"}, - "value": {"key": "value", "type": "[str]"}, + "entities": {"key": "entities", "type": "[Entity]"}, + "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, } def __init__( self, *, - type: Optional[Union[str, "_models.ConnectivityType"]] = None, - value: Optional[List[str]] = None, - **kwargs - ): + entities: Optional[List["_models.Entity"]] = None, + meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, + **kwargs: Any + ) -> None: """ - :keyword type: type of connectivity. "IsConnectedQuery" - :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType - :keyword value: Queries for checking connectivity. - :paramtype value: list[str] + :keyword entities: Array of the incident related entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword meta_data: The metadata from the incident related entities results. + :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] """ super().__init__(**kwargs) - self.type = type - self.value = value + self.entities = entities + self.meta_data = meta_data + +class IncidentEntitiesResultsMetadata(_serialization.Model): + """Information of a specific aggregation in the incident related entities result. -class CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem(ConnectivityCriteria): - """CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem. + All required parameters must be populated in order to send to Azure. - :ivar type: type of connectivity. "IsConnectedQuery" - :vartype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType - :ivar value: Queries for checking connectivity. - :vartype value: list[str] + :ivar count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :vartype count: int + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ + _validation = { + "count": {"required": True}, + "entity_kind": {"required": True}, + } + _attribute_map = { - "type": {"key": "type", "type": "str"}, - "value": {"key": "value", "type": "[str]"}, + "count": {"key": "count", "type": "int"}, + "entity_kind": {"key": "entityKind", "type": "str"}, } - def __init__( - self, - *, - type: Optional[Union[str, "_models.ConnectivityType"]] = None, - value: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, count: int, entity_kind: Union[str, "_models.EntityKindEnum"], **kwargs: Any) -> None: """ - :keyword type: type of connectivity. "IsConnectedQuery" - :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType - :keyword value: Queries for checking connectivity. - :paramtype value: list[str] + :keyword count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :paramtype count: int + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ - super().__init__(type=type, value=value, **kwargs) + super().__init__(**kwargs) + self.count = count + self.entity_kind = entity_kind -class LastDataReceivedDataType(_serialization.Model): - """Data type for last data received. +class IncidentInfo(_serialization.Model): + """Describes related incident information for the bookmark. - :ivar name: Name of the data type to show in the graph. can be use with - {{graphQueriesTableName}} placeholder. - :vartype name: str - :ivar last_data_received_query: Query for indicate last data received. - :vartype last_data_received_query: str + :ivar incident_id: Incident Id. + :vartype incident_id: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar title: The title of the incident. + :vartype title: str + :ivar relation_name: Relation Name. + :vartype relation_name: str """ _attribute_map = { - "name": {"key": "name", "type": "str"}, - "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, + "incident_id": {"key": "incidentId", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "relation_name": {"key": "relationName", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__( + self, + *, + incident_id: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + title: Optional[str] = None, + relation_name: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword name: Name of the data type to show in the graph. can be use with - {{graphQueriesTableName}} placeholder. - :paramtype name: str - :keyword last_data_received_query: Query for indicate last data received. - :paramtype last_data_received_query: str + :keyword incident_id: Incident Id. + :paramtype incident_id: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword title: The title of the incident. + :paramtype title: str + :keyword relation_name: Relation Name. + :paramtype relation_name: str """ super().__init__(**kwargs) - self.name = name - self.last_data_received_query = last_data_received_query + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name -class CodelessUiConnectorConfigPropertiesDataTypesItem(LastDataReceivedDataType): - """CodelessUiConnectorConfigPropertiesDataTypesItem. +class IncidentLabel(_serialization.Model): + """Represents an incident label. - :ivar name: Name of the data type to show in the graph. can be use with - {{graphQueriesTableName}} placeholder. - :vartype name: str - :ivar last_data_received_query: Query for indicate last data received. - :vartype last_data_received_query: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar label_name: The name of the label. Required. + :vartype label_name: str + :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". + :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType """ + _validation = { + "label_name": {"required": True}, + "label_type": {"readonly": True}, + } + _attribute_map = { - "name": {"key": "name", "type": "str"}, - "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, + "label_name": {"key": "labelName", "type": "str"}, + "label_type": {"key": "labelType", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__(self, *, label_name: str, **kwargs: Any) -> None: """ - :keyword name: Name of the data type to show in the graph. can be use with - {{graphQueriesTableName}} placeholder. - :paramtype name: str - :keyword last_data_received_query: Query for indicate last data received. - :paramtype last_data_received_query: str + :keyword label_name: The name of the label. Required. + :paramtype label_name: str """ - super().__init__(name=name, last_data_received_query=last_data_received_query, **kwargs) + super().__init__(**kwargs) + self.label_name = label_name + self.label_type = None -class GraphQueries(_serialization.Model): - """The graph query to show the current data status. - - :ivar metric_name: the metric that the query is checking. - :vartype metric_name: str - :ivar legend: The legend for the graph. - :vartype legend: str - :ivar base_query: The base query for the graph. - :vartype base_query: str - """ - - _attribute_map = { - "metric_name": {"key": "metricName", "type": "str"}, - "legend": {"key": "legend", "type": "str"}, - "base_query": {"key": "baseQuery", "type": "str"}, - } - - def __init__( - self, - *, - metric_name: Optional[str] = None, - legend: Optional[str] = None, - base_query: Optional[str] = None, - **kwargs - ): - """ - :keyword metric_name: the metric that the query is checking. - :paramtype metric_name: str - :keyword legend: The legend for the graph. - :paramtype legend: str - :keyword base_query: The base query for the graph. - :paramtype base_query: str - """ - super().__init__(**kwargs) - self.metric_name = metric_name - self.legend = legend - self.base_query = base_query +class IncidentList(_serialization.Model): + """List all the incidents. + Variables are only populated by the server, and will be ignored when sending a request. -class CodelessUiConnectorConfigPropertiesGraphQueriesItem(GraphQueries): - """CodelessUiConnectorConfigPropertiesGraphQueriesItem. + All required parameters must be populated in order to send to Azure. - :ivar metric_name: the metric that the query is checking. - :vartype metric_name: str - :ivar legend: The legend for the graph. - :vartype legend: str - :ivar base_query: The base query for the graph. - :vartype base_query: str + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str + :ivar value: Array of incidents. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Incident] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "metric_name": {"key": "metricName", "type": "str"}, - "legend": {"key": "legend", "type": "str"}, - "base_query": {"key": "baseQuery", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Incident]"}, } - def __init__( - self, - *, - metric_name: Optional[str] = None, - legend: Optional[str] = None, - base_query: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.Incident"], **kwargs: Any) -> None: """ - :keyword metric_name: the metric that the query is checking. - :paramtype metric_name: str - :keyword legend: The legend for the graph. - :paramtype legend: str - :keyword base_query: The base query for the graph. - :paramtype base_query: str + :keyword value: Array of incidents. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] """ - super().__init__(metric_name=metric_name, legend=legend, base_query=base_query, **kwargs) + super().__init__(**kwargs) + self.next_link = None + self.value = value -class InstructionSteps(_serialization.Model): - """Instruction steps to enable the connector. +class IncidentOwnerInfo(_serialization.Model): + """Information on the user an incident is assigned to. - :ivar title: Instruction step title. - :vartype title: str - :ivar description: Instruction step description. - :vartype description: str - :ivar instructions: Instruction step details. - :vartype instructions: - list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] + :ivar email: The email of the user the incident is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the incident is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the incident is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the incident is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "instructions": {"key": "instructions", "type": "[InstructionStepsInstructionsItem]"}, + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, } def __init__( self, *, - title: Optional[str] = None, - description: Optional[str] = None, - instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs: Any + ) -> None: """ - :keyword title: Instruction step title. - :paramtype title: str - :keyword description: Instruction step description. - :paramtype description: str - :keyword instructions: Instruction step details. - :paramtype instructions: - list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] + :keyword email: The email of the user the incident is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the incident is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the incident is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the incident is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ super().__init__(**kwargs) - self.title = title - self.description = description - self.instructions = instructions + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type -class CodelessUiConnectorConfigPropertiesInstructionStepsItem(InstructionSteps): - """CodelessUiConnectorConfigPropertiesInstructionStepsItem. +class IncidentPropertiesAction(_serialization.Model): + """IncidentPropertiesAction. - :ivar title: Instruction step title. - :vartype title: str - :ivar description: Instruction step description. - :vartype description: str - :ivar instructions: Instruction step details. - :vartype instructions: - list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Information on the user an incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels to add to the incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] """ _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "instructions": {"key": "instructions", "type": "[InstructionStepsInstructionsItem]"}, + "severity": {"key": "severity", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "classification": {"key": "classification", "type": "str"}, + "classification_reason": {"key": "classificationReason", "type": "str"}, + "classification_comment": {"key": "classificationComment", "type": "str"}, + "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "labels", "type": "[IncidentLabel]"}, } def __init__( self, *, - title: Optional[str] = None, - description: Optional[str] = None, - instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): - """ - :keyword title: Instruction step title. - :paramtype title: str - :keyword description: Instruction step description. - :paramtype description: str - :keyword instructions: Instruction step details. - :paramtype instructions: - list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] - """ - super().__init__(title=title, description=description, instructions=instructions, **kwargs) - - -class SampleQueries(_serialization.Model): - """The sample queries for the connector. - - :ivar description: The sample query description. - :vartype description: str - :ivar query: the sample query. - :vartype query: str - """ - - _attribute_map = { - "description": {"key": "description", "type": "str"}, - "query": {"key": "query", "type": "str"}, - } - - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + **kwargs: Any + ) -> None: """ - :keyword description: The sample query description. - :paramtype description: str - :keyword query: the sample query. - :paramtype query: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Information on the user an incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels to add to the incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] """ super().__init__(**kwargs) - self.description = description - self.query = query - - -class CodelessUiConnectorConfigPropertiesSampleQueriesItem(SampleQueries): - """CodelessUiConnectorConfigPropertiesSampleQueriesItem. - - :ivar description: The sample query description. - :vartype description: str - :ivar query: the sample query. - :vartype query: str - """ - - _attribute_map = { - "description": {"key": "description", "type": "str"}, - "query": {"key": "query", "type": "str"}, - } - - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): - """ - :keyword description: The sample query description. - :paramtype description: str - :keyword query: the sample query. - :paramtype query: str - """ - super().__init__(description=description, query=query, **kwargs) + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels -class CodelessUiDataConnector(DataConnector): - """Represents Codeless UI data connector. +class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents an IoT device entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -5935,19 +4783,51 @@ class CodelessUiDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar connector_ui_config: Config to describe the instructions blade. - :vartype connector_ui_config: - ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] """ _validation = { @@ -5956,6 +4836,25 @@ class CodelessUiDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, } _attribute_map = { @@ -5963,500 +4862,287 @@ class CodelessUiDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CodelessUiConnectorConfigProperties"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "device_id": {"key": "properties.deviceId", "type": "str"}, + "device_name": {"key": "properties.deviceName", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "properties.deviceType", "type": "str"}, + "vendor": {"key": "properties.vendor", "type": "str"}, + "edge_id": {"key": "properties.edgeId", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "model": {"key": "properties.model", "type": "str"}, + "serial_number": {"key": "properties.serialNumber", "type": "str"}, + "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, + "operating_system": {"key": "properties.operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "properties.protocols", "type": "[str]"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword connector_ui_config: Config to describe the instructions blade. - :paramtype connector_ui_config: - ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "GenericUI" - self.connector_ui_config = connector_ui_config + def __init__(self, **kwargs: Any) -> None: # pylint: disable=too-many-locals + """ """ + super().__init__(**kwargs) + self.kind: str = "IoTDevice" + self.additional_data = None + self.friendly_name = None + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + +class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """IoTDevice entity property bag. -class ConnectedEntity(_serialization.Model): - """Expansion result connected entities. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar target_entity_id: Entity Id of the connected entity. - :vartype target_entity_id: str - :ivar additional_data: key-value pairs for a connected entity mapping. - :vartype additional_data: JSON + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + } + _attribute_map = { - "target_entity_id": {"key": "targetEntityId", "type": "str"}, - "additional_data": {"key": "additionalData", "type": "object"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "device_id": {"key": "deviceId", "type": "str"}, + "device_name": {"key": "deviceName", "type": "str"}, + "source": {"key": "source", "type": "str"}, + "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "deviceType", "type": "str"}, + "vendor": {"key": "vendor", "type": "str"}, + "edge_id": {"key": "edgeId", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "model": {"key": "model", "type": "str"}, + "serial_number": {"key": "serialNumber", "type": "str"}, + "firmware_version": {"key": "firmwareVersion", "type": "str"}, + "operating_system": {"key": "operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "protocols", "type": "[str]"}, } - def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs): - """ - :keyword target_entity_id: Entity Id of the connected entity. - :paramtype target_entity_id: str - :keyword additional_data: key-value pairs for a connected entity mapping. - :paramtype additional_data: JSON - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.target_entity_id = target_entity_id - self.additional_data = additional_data + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + +class IpEntity(Entity): + """Represents an ip entity. -class ConnectorInstructionModelBase(_serialization.Model): - """Instruction step details. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] """ _validation = { - "type": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, } _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "address": {"key": "properties.address", "type": "str"}, + "location": {"key": "properties.location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, } - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): - """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.parameters = parameters - self.type = type + self.kind: str = "Ip" + self.additional_data = None + self.friendly_name = None + self.address = None + self.location = None + self.threat_intelligence = None -class Content(_serialization.Model): - """Content section of the recommendation. +class IpEntityProperties(EntityCommonProperties): + """Ip entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar title: Title of the content. Required. - :vartype title: str - :ivar description: Description of the content. Required. - :vartype description: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] """ _validation = { - "title": {"required": True}, - "description": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, } _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "address": {"key": "address", "type": "str"}, + "location": {"key": "location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, } - def __init__(self, *, title: str, description: str, **kwargs): - """ - :keyword title: Title of the content. Required. - :paramtype title: str - :keyword description: Description of the content. Required. - :paramtype description: str - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.title = title - self.description = description + self.address = None + self.location = None + self.threat_intelligence = None -class ContentPathMap(_serialization.Model): - """The mapping of content type to a repo path. +class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mailbox entity. - :ivar content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :ivar path: The path to the content. - :vartype path: str - """ - - _attribute_map = { - "content_type": {"key": "contentType", "type": "str"}, - "path": {"key": "path", "type": "str"}, - } - - def __init__( - self, *, content_type: Optional[Union[str, "_models.ContentType"]] = None, path: Optional[str] = None, **kwargs - ): - """ - :keyword content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :keyword path: The path to the content. - :paramtype path: str - """ - super().__init__(**kwargs) - self.content_type = content_type - self.path = path - - -class CustomsPermission(_serialization.Model): - """Customs permissions required for the connector. - - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str - """ - super().__init__(**kwargs) - self.name = name - self.description = description - - -class Customs(CustomsPermission): - """Customs permissions required for the connector. - - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str - """ - super().__init__(name=name, description=description, **kwargs) - - -class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Represents Codeless API Polling data connector. - - :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", - and "APIKey". - :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :ivar api_key: The API key of the audit server. - :vartype api_key: str - :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :vartype data_collection_endpoint: str - :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :vartype data_collection_rule_immutable_id: str - :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is - the name of the streamDeclarations defined in the DCR. - :vartype output_stream: str - :ivar client_secret: The client secret of the OAuth 2.0 application. - :vartype client_secret: str - :ivar client_id: The client id of the OAuth 2.0 application. - :vartype client_id: str - :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. - :vartype authorization_code: str - :ivar user_name: The user name in the audit log server. - :vartype user_name: str - :ivar password: The user password in the audit log server. - :vartype password: str - :ivar request_config_user_input_values: - :vartype request_config_user_input_values: list[JSON] - """ - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "api_key": {"key": "apiKey", "type": "str"}, - "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, - "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, - "output_stream": {"key": "outputStream", "type": "str"}, - "client_secret": {"key": "clientSecret", "type": "str"}, - "client_id": {"key": "clientId", "type": "str"}, - "authorization_code": {"key": "authorizationCode", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, - } - - def __init__( - self, - *, - kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, - api_key: Optional[str] = None, - data_collection_endpoint: Optional[str] = None, - data_collection_rule_immutable_id: Optional[str] = None, - output_stream: Optional[str] = None, - client_secret: Optional[str] = None, - client_id: Optional[str] = None, - authorization_code: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - request_config_user_input_values: Optional[List[JSON]] = None, - **kwargs - ): - """ - :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", - "OAuth2", and "APIKey". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :keyword api_key: The API key of the audit server. - :paramtype api_key: str - :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :paramtype data_collection_endpoint: str - :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :paramtype data_collection_rule_immutable_id: str - :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this - is the name of the streamDeclarations defined in the DCR. - :paramtype output_stream: str - :keyword client_secret: The client secret of the OAuth 2.0 application. - :paramtype client_secret: str - :keyword client_id: The client id of the OAuth 2.0 application. - :paramtype client_id: str - :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a - token. - :paramtype authorization_code: str - :keyword user_name: The user name in the audit log server. - :paramtype user_name: str - :keyword password: The user password in the audit log server. - :paramtype password: str - :keyword request_config_user_input_values: - :paramtype request_config_user_input_values: list[JSON] - """ - super().__init__(**kwargs) - self.kind = kind - self.api_key = api_key - self.data_collection_endpoint = data_collection_endpoint - self.data_collection_rule_immutable_id = data_collection_rule_immutable_id - self.output_stream = output_stream - self.client_secret = client_secret - self.client_id = client_id - self.authorization_code = authorization_code - self.user_name = user_name - self.password = password - self.request_config_user_input_values = request_config_user_input_values - - -class DataConnectorList(_serialization.Model): - """List all the data connectors. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of data connectors. - :vartype next_link: str - :ivar value: Array of data connectors. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[DataConnector]"}, - } - - def __init__(self, *, value: List["_models.DataConnector"], **kwargs): - """ - :keyword value: Array of data connectors. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class DataConnectorRequirementsState(_serialization.Model): - """Data connector requirements status. - - :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :vartype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState - """ - - _attribute_map = { - "authorization_state": {"key": "authorizationState", "type": "str"}, - "license_state": {"key": "licenseState", "type": "str"}, - } - - def __init__( - self, - *, - authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, - license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, - **kwargs - ): - """ - :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :paramtype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState - """ - super().__init__(**kwargs) - self.authorization_state = authorization_state - self.license_state = license_state - - -class DataTypeDefinitions(_serialization.Model): - """The data type definition. - - :ivar data_type: The data type name. - :vartype data_type: str - """ - - _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, - } - - def __init__(self, *, data_type: Optional[str] = None, **kwargs): - """ - :keyword data_type: The data type name. - :paramtype data_type: str - """ - super().__init__(**kwargs) - self.data_type = data_type - - -class Deployment(_serialization.Model): - """Description about a deployment. - - :ivar deployment_id: Deployment identifier. - :vartype deployment_id: str - :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :ivar deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :ivar deployment_time: The time when the deployment finished. - :vartype deployment_time: ~datetime.datetime - :ivar deployment_logs_url: Url to access repository action logs. - :vartype deployment_logs_url: str - """ - - _attribute_map = { - "deployment_id": {"key": "deploymentId", "type": "str"}, - "deployment_state": {"key": "deploymentState", "type": "str"}, - "deployment_result": {"key": "deploymentResult", "type": "str"}, - "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, - "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - } - - def __init__( - self, - *, - deployment_id: Optional[str] = None, - deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, - deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, - deployment_time: Optional[datetime.datetime] = None, - deployment_logs_url: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_id: Deployment identifier. - :paramtype deployment_id: str - :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :keyword deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :keyword deployment_time: The time when the deployment finished. - :paramtype deployment_time: ~datetime.datetime - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - """ - super().__init__(**kwargs) - self.deployment_id = deployment_id - self.deployment_state = deployment_state - self.deployment_result = deployment_result - self.deployment_time = deployment_time - self.deployment_logs_url = deployment_logs_url - - -class DeploymentInfo(_serialization.Model): - """Information regarding a deployment. - - :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :vartype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :ivar deployment: Deployment information. - :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment - :ivar message: Additional details about the deployment that can be shown to the user. - :vartype message: str - """ - - _attribute_map = { - "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, - "deployment": {"key": "deployment", "type": "Deployment"}, - "message": {"key": "message", "type": "str"}, - } - - def __init__( - self, - *, - deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, - deployment: Optional["_models.Deployment"] = None, - message: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :paramtype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :keyword deployment: Deployment information. - :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment - :keyword message: Additional details about the deployment that can be shown to the user. - :paramtype message: str - """ - super().__init__(**kwargs) - self.deployment_fetch_status = deployment_fetch_status - self.deployment = deployment - self.message = message - - -class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a dns entity. - - Variables are only populated by the server, and will be ignored when sending a request. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. @@ -6474,22 +5160,23 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { @@ -6500,10 +5187,10 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { @@ -6514,139 +5201,79 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "kind": {"key": "kind", "type": "str"}, "additional_data": {"key": "properties.additionalData", "type": "{object}"}, "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "properties.domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "upn": {"key": "properties.upn", "type": "str"}, + "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.kind: str = "DnsResolution" + self.kind: str = "Mailbox" self.additional_data = None self.friendly_name = None - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None -class DnsEntityProperties(EntityCommonProperties): - """Dns entity property bag. +class MailboxEntityProperties(EntityCommonProperties): + """Mailbox entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { "additional_data": {"key": "additionalData", "type": "{object}"}, "friendly_name": {"key": "friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, + "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "upn": {"key": "upn", "type": "str"}, + "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None - - -class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): - """Represents Dynamics365 requirements check request. + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None - All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ +class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail cluster entity. - _validation = { - "kind": {"required": True}, - } + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - - -class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): - """Dynamics365 requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class Dynamics365DataConnector(DataConnector): - """Represents Dynamics365 data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. + All required parameters must be populated in order to send to Azure. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -6659,20 +5286,48 @@ class Dynamics365DataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str """ _validation = { @@ -6681,6 +5336,23 @@ class Dynamics365DataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, } _attribute_map = { @@ -6688,579 +5360,159 @@ class Dynamics365DataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, + "mail_count": {"key": "properties.mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, + "source": {"key": "properties.source", "type": "str"}, + "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "MailCluster" + self.additional_data = None + self.friendly_name = None + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None -class Dynamics365DataConnectorDataTypes(_serialization.Model): - """The available data types for Dynamics365 data connector. +class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail cluster entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. - :vartype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str """ _validation = { - "dynamics365_cds_activities": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, } _attribute_map = { - "dynamics365_cds_activities": { - "key": "dynamics365CdsActivities", - "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - }, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, + "threats": {"key": "threats", "type": "[str]"}, + "query": {"key": "query", "type": "str"}, + "query_time": {"key": "queryTime", "type": "iso-8601"}, + "mail_count": {"key": "mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, + "source": {"key": "source", "type": "str"}, + "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "clusterGroup", "type": "str"}, } - def __init__( - self, - *, - dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - **kwargs - ): - """ - :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. - :paramtype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.dynamics365_cds_activities = dynamics365_cds_activities - - -class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): - """Common Data Service data type connection. + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None - All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ +class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail message entity. - _validation = { - "state": {"required": True}, - } + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class Dynamics365DataConnectorProperties(DataConnectorTenantId): - """Dynamics365 data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class EnrichmentDomainWhois(_serialization.Model): - """Whois information for a given domain and associated metadata. - - :ivar domain: The domain for this whois record. - :vartype domain: str - :ivar server: The hostname of this registrar's whois server. - :vartype server: str - :ivar created: The timestamp at which this record was created. - :vartype created: ~datetime.datetime - :ivar updated: The timestamp at which this record was last updated. - :vartype updated: ~datetime.datetime - :ivar expires: The timestamp at which this record will expire. - :vartype expires: ~datetime.datetime - :ivar parsed_whois: The whois record for a given domain. - :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails - """ - - _attribute_map = { - "domain": {"key": "domain", "type": "str"}, - "server": {"key": "server", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "expires": {"key": "expires", "type": "iso-8601"}, - "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, - } - - def __init__( - self, - *, - domain: Optional[str] = None, - server: Optional[str] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - expires: Optional[datetime.datetime] = None, - parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, - **kwargs - ): - """ - :keyword domain: The domain for this whois record. - :paramtype domain: str - :keyword server: The hostname of this registrar's whois server. - :paramtype server: str - :keyword created: The timestamp at which this record was created. - :paramtype created: ~datetime.datetime - :keyword updated: The timestamp at which this record was last updated. - :paramtype updated: ~datetime.datetime - :keyword expires: The timestamp at which this record will expire. - :paramtype expires: ~datetime.datetime - :keyword parsed_whois: The whois record for a given domain. - :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails - """ - super().__init__(**kwargs) - self.domain = domain - self.server = server - self.created = created - self.updated = updated - self.expires = expires - self.parsed_whois = parsed_whois - - -class EnrichmentDomainWhoisContact(_serialization.Model): - """An individual contact associated with this domain. - - :ivar name: The name of this contact. - :vartype name: str - :ivar org: The organization for this contact. - :vartype org: str - :ivar street: A list describing the street address for this contact. - :vartype street: list[str] - :ivar city: The city for this contact. - :vartype city: str - :ivar state: The state for this contact. - :vartype state: str - :ivar postal: The postal code for this contact. - :vartype postal: str - :ivar country: The country for this contact. - :vartype country: str - :ivar phone: The phone number for this contact. - :vartype phone: str - :ivar fax: The fax number for this contact. - :vartype fax: str - :ivar email: The email address for this contact. - :vartype email: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "org": {"key": "org", "type": "str"}, - "street": {"key": "street", "type": "[str]"}, - "city": {"key": "city", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "postal": {"key": "postal", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "phone": {"key": "phone", "type": "str"}, - "fax": {"key": "fax", "type": "str"}, - "email": {"key": "email", "type": "str"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - org: Optional[str] = None, - street: Optional[List[str]] = None, - city: Optional[str] = None, - state: Optional[str] = None, - postal: Optional[str] = None, - country: Optional[str] = None, - phone: Optional[str] = None, - fax: Optional[str] = None, - email: Optional[str] = None, - **kwargs - ): - """ - :keyword name: The name of this contact. - :paramtype name: str - :keyword org: The organization for this contact. - :paramtype org: str - :keyword street: A list describing the street address for this contact. - :paramtype street: list[str] - :keyword city: The city for this contact. - :paramtype city: str - :keyword state: The state for this contact. - :paramtype state: str - :keyword postal: The postal code for this contact. - :paramtype postal: str - :keyword country: The country for this contact. - :paramtype country: str - :keyword phone: The phone number for this contact. - :paramtype phone: str - :keyword fax: The fax number for this contact. - :paramtype fax: str - :keyword email: The email address for this contact. - :paramtype email: str - """ - super().__init__(**kwargs) - self.name = name - self.org = org - self.street = street - self.city = city - self.state = state - self.postal = postal - self.country = country - self.phone = phone - self.fax = fax - self.email = email - - -class EnrichmentDomainWhoisContacts(_serialization.Model): - """The set of contacts associated with this domain. - - :ivar admin: The admin contact for this whois record. - :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar billing: The billing contact for this whois record. - :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar registrant: The registrant contact for this whois record. - :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar tech: The technical contact for this whois record. - :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - """ - - _attribute_map = { - "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, - "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, - "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, - "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, - } - - def __init__( - self, - *, - admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, - billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, - registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, - tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, - **kwargs - ): - """ - :keyword admin: The admin contact for this whois record. - :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword billing: The billing contact for this whois record. - :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword registrant: The registrant contact for this whois record. - :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword tech: The technical contact for this whois record. - :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - """ - super().__init__(**kwargs) - self.admin = admin - self.billing = billing - self.registrant = registrant - self.tech = tech - - -class EnrichmentDomainWhoisDetails(_serialization.Model): - """The whois record for a given domain. - - :ivar registrar: The registrar associated with this domain. - :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :ivar contacts: The set of contacts associated with this domain. - :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :ivar name_servers: A list of name servers associated with this domain. - :vartype name_servers: list[str] - :ivar statuses: The set of status flags for this whois record. - :vartype statuses: list[str] - """ - - _attribute_map = { - "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, - "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, - "name_servers": {"key": "nameServers", "type": "[str]"}, - "statuses": {"key": "statuses", "type": "[str]"}, - } - - def __init__( - self, - *, - registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, - contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, - name_servers: Optional[List[str]] = None, - statuses: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword registrar: The registrar associated with this domain. - :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :keyword contacts: The set of contacts associated with this domain. - :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :keyword name_servers: A list of name servers associated with this domain. - :paramtype name_servers: list[str] - :keyword statuses: The set of status flags for this whois record. - :paramtype statuses: list[str] - """ - super().__init__(**kwargs) - self.registrar = registrar - self.contacts = contacts - self.name_servers = name_servers - self.statuses = statuses - - -class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): - """The registrar associated with this domain. - - :ivar name: The name of this registrar. - :vartype name: str - :ivar abuse_contact_email: This registrar's abuse contact email. - :vartype abuse_contact_email: str - :ivar abuse_contact_phone: This registrar's abuse contact phone number. - :vartype abuse_contact_phone: str - :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. - :vartype iana_id: str - :ivar url: This registrar's URL. - :vartype url: str - :ivar whois_server: The hostname of this registrar's whois server. - :vartype whois_server: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, - "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, - "iana_id": {"key": "ianaId", "type": "str"}, - "url": {"key": "url", "type": "str"}, - "whois_server": {"key": "whoisServer", "type": "str"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - abuse_contact_email: Optional[str] = None, - abuse_contact_phone: Optional[str] = None, - iana_id: Optional[str] = None, - url: Optional[str] = None, - whois_server: Optional[str] = None, - **kwargs - ): - """ - :keyword name: The name of this registrar. - :paramtype name: str - :keyword abuse_contact_email: This registrar's abuse contact email. - :paramtype abuse_contact_email: str - :keyword abuse_contact_phone: This registrar's abuse contact phone number. - :paramtype abuse_contact_phone: str - :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. - :paramtype iana_id: str - :keyword url: This registrar's URL. - :paramtype url: str - :keyword whois_server: The hostname of this registrar's whois server. - :paramtype whois_server: str - """ - super().__init__(**kwargs) - self.name = name - self.abuse_contact_email = abuse_contact_email - self.abuse_contact_phone = abuse_contact_phone - self.iana_id = iana_id - self.url = url - self.whois_server = whois_server - - -class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Geodata information for a given IP address. - - :ivar asn: The autonomous system number associated with this IP address. - :vartype asn: str - :ivar carrier: The name of the carrier for this IP address. - :vartype carrier: str - :ivar city: The city this IP address is located in. - :vartype city: str - :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on - a scale of 0-100. - :vartype city_cf: int - :ivar continent: The continent this IP address is located on. - :vartype continent: str - :ivar country: The county this IP address is located in. - :vartype country: str - :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :vartype country_cf: int - :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. - :vartype ip_addr: str - :ivar ip_routing_type: A description of the connection type of this IP address. - :vartype ip_routing_type: str - :ivar latitude: The latitude of this IP address. - :vartype latitude: str - :ivar longitude: The longitude of this IP address. - :vartype longitude: str - :ivar organization: The name of the organization for this IP address. - :vartype organization: str - :ivar organization_type: The type of the organization for this IP address. - :vartype organization_type: str - :ivar region: The geographic region this IP address is located in. - :vartype region: str - :ivar state: The state this IP address is located in. - :vartype state: str - :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct - on a scale of 0-100. - :vartype state_cf: int - :ivar state_code: The abbreviated name for the state this IP address is located in. - :vartype state_code: str - """ - - _attribute_map = { - "asn": {"key": "asn", "type": "str"}, - "carrier": {"key": "carrier", "type": "str"}, - "city": {"key": "city", "type": "str"}, - "city_cf": {"key": "cityCf", "type": "int"}, - "continent": {"key": "continent", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "country_cf": {"key": "countryCf", "type": "int"}, - "ip_addr": {"key": "ipAddr", "type": "str"}, - "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, - "latitude": {"key": "latitude", "type": "str"}, - "longitude": {"key": "longitude", "type": "str"}, - "organization": {"key": "organization", "type": "str"}, - "organization_type": {"key": "organizationType", "type": "str"}, - "region": {"key": "region", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "state_cf": {"key": "stateCf", "type": "int"}, - "state_code": {"key": "stateCode", "type": "str"}, - } - - def __init__( - self, - *, - asn: Optional[str] = None, - carrier: Optional[str] = None, - city: Optional[str] = None, - city_cf: Optional[int] = None, - continent: Optional[str] = None, - country: Optional[str] = None, - country_cf: Optional[int] = None, - ip_addr: Optional[str] = None, - ip_routing_type: Optional[str] = None, - latitude: Optional[str] = None, - longitude: Optional[str] = None, - organization: Optional[str] = None, - organization_type: Optional[str] = None, - region: Optional[str] = None, - state: Optional[str] = None, - state_cf: Optional[int] = None, - state_code: Optional[str] = None, - **kwargs - ): - """ - :keyword asn: The autonomous system number associated with this IP address. - :paramtype asn: str - :keyword carrier: The name of the carrier for this IP address. - :paramtype carrier: str - :keyword city: The city this IP address is located in. - :paramtype city: str - :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, - on a scale of 0-100. - :paramtype city_cf: int - :keyword continent: The continent this IP address is located on. - :paramtype continent: str - :keyword country: The county this IP address is located in. - :paramtype country: str - :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :paramtype country_cf: int - :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP - address. - :paramtype ip_addr: str - :keyword ip_routing_type: A description of the connection type of this IP address. - :paramtype ip_routing_type: str - :keyword latitude: The latitude of this IP address. - :paramtype latitude: str - :keyword longitude: The longitude of this IP address. - :paramtype longitude: str - :keyword organization: The name of the organization for this IP address. - :paramtype organization: str - :keyword organization_type: The type of the organization for this IP address. - :paramtype organization_type: str - :keyword region: The geographic region this IP address is located in. - :paramtype region: str - :keyword state: The state this IP address is located in. - :paramtype state: str - :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is - correct on a scale of 0-100. - :paramtype state_cf: int - :keyword state_code: The abbreviated name for the state this IP address is located in. - :paramtype state_code: str - """ - super().__init__(**kwargs) - self.asn = asn - self.carrier = carrier - self.city = city - self.city_cf = city_cf - self.continent = continent - self.country = country - self.country_cf = country_cf - self.ip_addr = ip_addr - self.ip_routing_type = ip_routing_type - self.latitude = latitude - self.longitude = longitude - self.organization = organization - self.organization_type = organization_type - self.region = region - self.state = state - self.state_cf = state_cf - self.state_code = state_code - - -class EntityAnalytics(Settings): - """Settings with single toggle. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. + All required parameters must be populated in order to send to Azure. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -7273,13 +5525,73 @@ class EntityAnalytics(Settings): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar entity_providers: The relevant entity providers that are synced. - :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ _validation = { @@ -7288,6 +5600,25 @@ class EntityAnalytics(Settings): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, } _attribute_map = { @@ -7295,736 +5626,1022 @@ class EntityAnalytics(Settings): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword entity_providers: The relevant entity providers that are synced. - :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EntityAnalytics" - self.entity_providers = entity_providers - - -class EntityEdges(_serialization.Model): - """The edge that connects the entity to the other entity. - - :ivar target_entity_id: The target entity Id. - :vartype target_entity_id: str - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - """ - - _attribute_map = { - "target_entity_id": {"key": "targetEntityId", "type": "str"}, - "additional_data": {"key": "additionalData", "type": "{object}"}, - } - - def __init__( - self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, Any]] = None, **kwargs - ): - """ - :keyword target_entity_id: The target entity Id. - :paramtype target_entity_id: str - :keyword additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :paramtype additional_data: dict[str, any] - """ - super().__init__(**kwargs) - self.target_entity_id = target_entity_id - self.additional_data = additional_data - - -class EntityExpandParameters(_serialization.Model): - """The parameters required to execute an expand operation on the given entity. - - :ivar end_time: The end date filter, so the only expansion results returned are before this - date. - :vartype end_time: ~datetime.datetime - :ivar expansion_id: The Id of the expansion to perform. - :vartype expansion_id: str - :ivar start_time: The start date filter, so the only expansion results returned are after this - date. - :vartype start_time: ~datetime.datetime - """ - - _attribute_map = { - "end_time": {"key": "endTime", "type": "iso-8601"}, - "expansion_id": {"key": "expansionId", "type": "str"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "urls": {"key": "properties.urls", "type": "[str]"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "p1_sender": {"key": "properties.p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "properties.senderIP", "type": "str"}, + "p2_sender": {"key": "properties.p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, + "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, + "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, + "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - end_time: Optional[datetime.datetime] = None, - expansion_id: Optional[str] = None, - start_time: Optional[datetime.datetime] = None, - **kwargs - ): + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: """ - :keyword end_time: The end date filter, so the only expansion results returned are before this - date. - :paramtype end_time: ~datetime.datetime - :keyword expansion_id: The Id of the expansion to perform. - :paramtype expansion_id: str - :keyword start_time: The start date filter, so the only expansion results returned are after - this date. - :paramtype start_time: ~datetime.datetime + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ super().__init__(**kwargs) - self.end_time = end_time - self.expansion_id = expansion_id - self.start_time = start_time + self.kind: str = "MailMessage" + self.additional_data = None + self.friendly_name = None + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location + +class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail message entity property bag. -class EntityExpandResponse(_serialization.Model): - """The entity expansion result operation response. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar meta_data: The metadata from the expansion operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :ivar value: The expansion result values. - :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ - _attribute_map = { - "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, - "value": {"key": "value", "type": "EntityExpandResponseValue"}, + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, } - def __init__( - self, - *, - meta_data: Optional["_models.ExpansionResultsMetadata"] = None, - value: Optional["_models.EntityExpandResponseValue"] = None, - **kwargs - ): - """ - :keyword meta_data: The metadata from the expansion operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :keyword value: The expansion result values. - :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue - """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value - - -class EntityExpandResponseValue(_serialization.Model): - """The expansion result values. - - :ivar entities: Array of the expansion result entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar edges: Array of edges that connects the entity to the list of entities. - :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] - """ - _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "edges": {"key": "edges", "type": "[EntityEdges]"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "recipient": {"key": "recipient", "type": "str"}, + "urls": {"key": "urls", "type": "[str]"}, + "threats": {"key": "threats", "type": "[str]"}, + "p1_sender": {"key": "p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "senderIP", "type": "str"}, + "p2_sender": {"key": "p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, + "receive_date": {"key": "receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "internet_message_id": {"key": "internetMessageId", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "language": {"key": "language", "type": "str"}, + "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "antispamDirection", "type": "str"}, + "delivery_action": {"key": "deliveryAction", "type": "str"}, + "delivery_location": {"key": "deliveryLocation", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - entities: Optional[List["_models.Entity"]] = None, - edges: Optional[List["_models.EntityEdges"]] = None, - **kwargs - ): + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: """ - :keyword entities: Array of the expansion result entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword edges: Array of edges that connects the entity to the list of entities. - :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ super().__init__(**kwargs) - self.entities = entities - self.edges = edges - - -class EntityFieldMapping(_serialization.Model): - """Map identifiers of a single entity. - - :ivar identifier: Alert V3 identifier. - :vartype identifier: str - :ivar value: The value of the identifier. - :vartype value: str - """ - - _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "value": {"key": "value", "type": "str"}, - } + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location - def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs): - """ - :keyword identifier: Alert V3 identifier. - :paramtype identifier: str - :keyword value: The value of the identifier. - :paramtype value: str - """ - super().__init__(**kwargs) - self.identifier = identifier - self.value = value +class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a malware entity. -class EntityGetInsightsParameters(_serialization.Model): - """The parameters required to execute insights operation on the given entity. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :vartype add_default_extended_time_range: bool - :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of - this entity. - :vartype insight_query_ids: list[str] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] """ _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, } _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, - "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, - "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "category": {"key": "properties.category", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "properties.malwareName", "type": "str"}, + "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, } - def __init__( - self, - *, - start_time: datetime.datetime, - end_time: datetime.datetime, - add_default_extended_time_range: Optional[bool] = None, - insight_query_ids: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. - :paramtype end_time: ~datetime.datetime - :keyword add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :paramtype add_default_extended_time_range: bool - :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights - of this entity. - :paramtype insight_query_ids: list[str] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time - self.add_default_extended_time_range = add_default_extended_time_range - self.insight_query_ids = insight_query_ids + self.kind: str = "Malware" + self.additional_data = None + self.friendly_name = None + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + +class MalwareEntityProperties(EntityCommonProperties): + """Malware entity property bag. -class EntityGetInsightsResponse(_serialization.Model): - """The Get Insights result operation response. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar meta_data: The metadata from the get insights operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :ivar value: The insights result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, + } + _attribute_map = { - "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, - "value": {"key": "value", "type": "[EntityInsightItem]"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "category": {"key": "category", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "malwareName", "type": "str"}, + "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, } - def __init__( - self, - *, - meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, - value: Optional[List["_models.EntityInsightItem"]] = None, - **kwargs - ): - """ - :keyword meta_data: The metadata from the get insights operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :keyword value: The insights result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + Variables are only populated by the server, and will be ignored when sending a request. -class EntityInsightItem(_serialization.Model): - """Entity insight Item. + All required parameters must be populated in order to send to Azure. - :ivar query_id: The query id of the insight. - :vartype query_id: str - :ivar query_time_interval: The Time interval that the query actually executed on. - :vartype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :ivar table_query_results: Query results for table insights query. - :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :ivar chart_query_results: Query results for table insights query. - :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - "query_id": {"key": "queryId", "type": "str"}, - "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, - "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, - "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, } def __init__( self, *, - query_id: Optional[str] = None, - query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, - table_query_results: Optional["_models.InsightsTableResult"] = None, - chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, - **kwargs - ): + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ - :keyword query_id: The query id of the insight. - :paramtype query_id: str - :keyword query_time_interval: The Time interval that the query actually executed on. - :paramtype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :keyword table_query_results: Query results for table insights query. - :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :keyword chart_query_results: Query results for table insights query. - :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ - super().__init__(**kwargs) - self.query_id = query_id - self.query_time_interval = query_time_interval - self.table_query_results = table_query_results - self.chart_query_results = chart_query_results + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftCloudAppSecurity" + self.tenant_id = tenant_id + self.data_types = data_types -class EntityInsightItemQueryTimeInterval(_serialization.Model): - """The Time interval that the query actually executed on. +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. - :ivar start_time: Insight query start time. - :vartype start_time: ~datetime.datetime - :ivar end_time: Insight query end time. - :vartype end_time: ~datetime.datetime + :ivar alerts: Alerts data type connection. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar discovery_logs: Discovery log data type connection. + :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, } def __init__( - self, *, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, **kwargs - ): + self, + *, + alerts: Optional["_models.DataConnectorDataTypeCommon"] = None, + discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, + **kwargs: Any + ) -> None: """ - :keyword start_time: Insight query start time. - :paramtype start_time: ~datetime.datetime - :keyword end_time: Insight query end time. - :paramtype end_time: ~datetime.datetime + :keyword alerts: Alerts data type connection. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword discovery_logs: Discovery log data type connection. + :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ - super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time + super().__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs -class EntityList(_serialization.Model): - """List of all the entities. +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entities. - :vartype next_link: str - :ivar value: Array of entities. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Entity] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Entity]"}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } - def __init__(self, *, value: List["_models.Entity"], **kwargs): - """ - :keyword value: Array of entities. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class EntityMapping(_serialization.Model): - """Single entity mapping for the alert rule. - - :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", - "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :ivar field_mappings: array of field mappings for the given entity mapping. - :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] - """ - _attribute_map = { - "entity_type": {"key": "entityType", "type": "str"}, - "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } def __init__( self, *, - entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, - field_mappings: Optional[List["_models.FieldMapping"]] = None, - **kwargs - ): + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: """ - :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", - "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :keyword field_mappings: array of field mappings for the given entity mapping. - :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super().__init__(**kwargs) - self.entity_type = entity_type - self.field_mappings = field_mappings - + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" + self.tenant_id = tenant_id + self.data_types = data_types -class EntityQueryItem(_serialization.Model): - """An abstract Query item for entity. - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - InsightQueryItem +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Query Template ARM ID. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of the resource. :vartype name: str - :ivar type: ARM Type. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", and "Azure Security Center for IoT". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime """ _validation = { "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - } - - _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} - - def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs): - """ - :keyword name: Query Template ARM Name. - :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str - """ - super().__init__(**kwargs) - self.id = None - self.name = name - self.type = type - self.kind: Optional[str] = None - - -class EntityQueryItemProperties(_serialization.Model): - """An properties abstract Query item for entity. - - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, } def __init__( self, *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, - **kwargs - ): - """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - """ - super().__init__(**kwargs) - self.data_types = data_types - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter - - -class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): - """EntityQueryItemPropertiesDataTypesItem. - - :ivar data_type: Data type name. - :vartype data_type: str - """ - - _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, - } - - def __init__(self, *, data_type: Optional[str] = None, **kwargs): + etag: Optional[str] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword data_type: Data type name. - :paramtype data_type: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", and "Azure Security Center for IoT". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool """ - super().__init__(**kwargs) - self.data_type = data_type - + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None -class EntityQueryList(_serialization.Model): - """List of all the entity queries. - Variables are only populated by the server, and will be ignored when sending a request. +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entity queries. - :vartype next_link: str - :ivar value: Array of entity queries. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", and "Azure Security Center + for IoT". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "product_filter": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQuery]"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, } - def __init__(self, *, value: List["_models.EntityQuery"], **kwargs): + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entity queries. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", and "Azure Security + Center for IoT". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter -class EntityQueryTemplateList(_serialization.Model): - """List of all the entity query templates. +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entity query templates. - :vartype next_link: str - :ivar value: Array of entity query templates. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", and "Azure Security Center + for IoT". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. Required. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "product_filter": {"required": True}, + "display_name": {"required": True}, + "enabled": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQueryTemplate]"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, } - def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs): + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entity query templates. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", and "Azure Security + Center for IoT". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. Required. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. + :paramtype enabled: bool """ - super().__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__( + display_names_filter=display_names_filter, + display_names_exclude_filter=display_names_exclude_filter, + product_filter=product_filter, + severities_filter=severities_filter, + **kwargs + ) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None -class EntityTimelineParameters(_serialization.Model): - """The parameters required to execute s timeline operation on the given entity. +class MicrosoftSecurityIncidentCreationAlertRuleTemplate( + AlertRuleTemplate +): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kinds: Array of timeline Item kinds. - :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar number_of_bucket: The number of bucket for timeline queries aggregation. - :vartype number_of_bucket: int + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", and "Azure Security Center for IoT". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, - } - - _attribute_map = { - "kinds": {"key": "kinds", "type": "[str]"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, - "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } - def __init__( - self, - *, - start_time: datetime.datetime, - end_time: datetime.datetime, - kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, - number_of_bucket: Optional[int] = None, - **kwargs - ): - """ - :keyword kinds: Array of timeline Item kinds. - :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. - :paramtype end_time: ~datetime.datetime - :keyword number_of_bucket: The number of bucket for timeline queries aggregation. - :paramtype number_of_bucket: int - """ - super().__init__(**kwargs) - self.kinds = kinds - self.start_time = start_time - self.end_time = end_time - self.number_of_bucket = number_of_bucket - - -class EntityTimelineResponse(_serialization.Model): - """The entity timeline result operation response. - - :ivar meta_data: The metadata from the timeline operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :ivar value: The timeline result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] - """ - _attribute_map = { - "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, - "value": {"key": "value", "type": "[EntityTimelineItem]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, } def __init__( self, *, - meta_data: Optional["_models.TimelineResultsMetadata"] = None, - value: Optional[List["_models.EntityTimelineItem"]] = None, - **kwargs - ): - """ - :keyword meta_data: The metadata from the timeline operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :keyword value: The timeline result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] - """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value - - -class EventGroupingSettings(_serialization.Model): - """Event grouping settings property bag. - - :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" - and "AlertPerResult". - :vartype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind - """ - - _attribute_map = { - "aggregation_kind": {"key": "aggregationKind", "type": "str"}, - } - - def __init__( - self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs - ): + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: - "SingleAlert" and "AlertPerResult". - :paramtype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", and "Azure Security Center for IoT". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.aggregation_kind = aggregation_kind + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter -class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes - """Represents Expansion entity query. +class OfficeDataConnector(DataConnector): + """Represents office data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -8043,25 +6660,15 @@ class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-at :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and - "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar data_sources: List of the data sources that are required to run the query. - :vartype data_sources: list[str] - :ivar display_name: The query display name. - :vartype display_name: str - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar input_fields: List of the fields of the source entity that are required to run the query. - :vartype input_fields: list[str] - :ivar output_entity_types: List of the desired output types to be constructed from the result. - :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :ivar query_template: The template query string to be parsed and formatted. - :vartype query_template: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ _validation = { @@ -8079,225 +6686,294 @@ class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-at "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "input_fields": {"key": "properties.inputFields", "type": "[str]"}, - "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, - "query_template": {"key": "properties.queryTemplate", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, } def __init__( self, *, etag: Optional[str] = None, - data_sources: Optional[List[str]] = None, - display_name: Optional[str] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - input_fields: Optional[List[str]] = None, - output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, - query_template: Optional[str] = None, - **kwargs - ): + tenant_id: Optional[str] = None, + data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword data_sources: List of the data sources that are required to run the query. - :paramtype data_sources: list[str] - :keyword display_name: The query display name. - :paramtype display_name: str - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword input_fields: List of the fields of the source entity that are required to run the - query. - :paramtype input_fields: list[str] - :keyword output_entity_types: List of the desired output types to be constructed from the - result. - :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :keyword query_template: The template query string to be parsed and formatted. - :paramtype query_template: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Expansion" - self.data_sources = data_sources - self.display_name = display_name - self.input_entity_type = input_entity_type - self.input_fields = input_fields - self.output_entity_types = output_entity_types - self.query_template = query_template - + self.kind: str = "Office365" + self.tenant_id = tenant_id + self.data_types = data_types -class ExpansionResultAggregation(_serialization.Model): - """Information of a specific aggregation in the expansion result. - All required parameters must be populated in order to send to Azure. +class OfficeDataConnectorDataTypes(_serialization.Model): + """The available data types for office data connector. - :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :vartype aggregation_type: str - :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in - the expansion result. Required. - :vartype count: int - :ivar display_name: The display name of the aggregation by type. - :vartype display_name: str - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar exchange: Exchange data type connection. + :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :ivar share_point: SharePoint data type connection. + :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :ivar teams: Teams data type connection. + :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams """ - _validation = { - "count": {"required": True}, - "entity_kind": {"required": True}, - } - _attribute_map = { - "aggregation_type": {"key": "aggregationType", "type": "str"}, - "count": {"key": "count", "type": "int"}, - "display_name": {"key": "displayName", "type": "str"}, - "entity_kind": {"key": "entityKind", "type": "str"}, + "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, + "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, + "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, } def __init__( self, *, - count: int, - entity_kind: Union[str, "_models.EntityKind"], - aggregation_type: Optional[str] = None, - display_name: Optional[str] = None, - **kwargs - ): + exchange: Optional["_models.OfficeDataConnectorDataTypesExchange"] = None, + share_point: Optional["_models.OfficeDataConnectorDataTypesSharePoint"] = None, + teams: Optional["_models.OfficeDataConnectorDataTypesTeams"] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :paramtype aggregation_type: str - :keyword count: Total number of aggregations of the given kind (and aggregationType if given) - in the expansion result. Required. - :paramtype count: int - :keyword display_name: The display name of the aggregation by type. - :paramtype display_name: str - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :keyword exchange: Exchange data type connection. + :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :keyword share_point: SharePoint data type connection. + :paramtype share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :keyword teams: Teams data type connection. + :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams """ super().__init__(**kwargs) - self.aggregation_type = aggregation_type - self.count = count - self.display_name = display_name - self.entity_kind = entity_kind + self.exchange = exchange + self.share_point = share_point + self.teams = teams + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class Operation(_serialization.Model): + """Operation provided by provider. + + :ivar display: Properties of the operation. + :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :ivar name: Name of the operation. + :vartype name: str + :ivar origin: The origin of the operation. + :vartype origin: str + :ivar is_data_action: Indicates whether the operation is a data action. + :vartype is_data_action: bool + """ + + _attribute_map = { + "display": {"key": "display", "type": "OperationDisplay"}, + "name": {"key": "name", "type": "str"}, + "origin": {"key": "origin", "type": "str"}, + "is_data_action": {"key": "isDataAction", "type": "bool"}, + } + + def __init__( + self, + *, + display: Optional["_models.OperationDisplay"] = None, + name: Optional[str] = None, + origin: Optional[str] = None, + is_data_action: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword display: Properties of the operation. + :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :keyword name: Name of the operation. + :paramtype name: str + :keyword origin: The origin of the operation. + :paramtype origin: str + :keyword is_data_action: Indicates whether the operation is a data action. + :paramtype is_data_action: bool + """ + super().__init__(**kwargs) + self.display = display + self.name = name + self.origin = origin + self.is_data_action = is_data_action -class ExpansionResultsMetadata(_serialization.Model): - """Expansion result metadata. +class OperationDisplay(_serialization.Model): + """Properties of the operation. - :ivar aggregations: Information of the aggregated nodes in the expansion result. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :ivar description: Description of the operation. + :vartype description: str + :ivar operation: Operation name. + :vartype operation: str + :ivar provider: Provider name. + :vartype provider: str + :ivar resource: Resource name. + :vartype resource: str """ _attribute_map = { - "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, + "description": {"key": "description", "type": "str"}, + "operation": {"key": "operation", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "resource": {"key": "resource", "type": "str"}, } - def __init__(self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs): + def __init__( + self, + *, + description: Optional[str] = None, + operation: Optional[str] = None, + provider: Optional[str] = None, + resource: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregations: Information of the aggregated nodes in the expansion result. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :keyword description: Description of the operation. + :paramtype description: str + :keyword operation: Operation name. + :paramtype operation: str + :keyword provider: Provider name. + :paramtype provider: str + :keyword resource: Resource name. + :paramtype resource: str """ super().__init__(**kwargs) - self.aggregations = aggregations + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource -class EyesOn(Settings): - """Settings with single toggle. +class OperationsList(_serialization.Model): + """Lists the operations available in the SecurityInsights RP. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar is_enabled: Determines whether the setting is enable or disabled. - :vartype is_enabled: bool + :ivar next_link: URL to fetch the next set of operations. + :vartype next_link: str + :ivar value: Array of operations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Operation] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "is_enabled": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Operation]"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.Operation"], **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword value: Array of operations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EyesOn" - self.is_enabled = None + super().__init__(**kwargs) + self.next_link = None + self.value = value -class FieldMapping(_serialization.Model): - """A single field mapping of the mapped entity. +class PlaybookActionProperties(_serialization.Model): + """PlaybookActionProperties. - :ivar identifier: the V3 identifier of the entity. - :vartype identifier: str - :ivar column_name: the column name to be mapped to the identifier. - :vartype column_name: str + All required parameters must be populated in order to send to Azure. + + :ivar logic_app_resource_id: The resource id of the playbook resource. Required. + :vartype logic_app_resource_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str """ + _validation = { + "logic_app_resource_id": {"required": True}, + } + _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "column_name": {"key": "columnName", "type": "str"}, + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs): + def __init__(self, *, logic_app_resource_id: str, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword identifier: the V3 identifier of the entity. - :paramtype identifier: str - :keyword column_name: the column name to be mapped to the identifier. - :paramtype column_name: str + :keyword logic_app_resource_id: The resource id of the playbook resource. Required. + :paramtype logic_app_resource_id: str + :keyword tenant_id: The tenant id of the playbook resource. + :paramtype tenant_id: str """ super().__init__(**kwargs) - self.identifier = identifier - self.column_name = column_name + self.logic_app_resource_id = logic_app_resource_id + self.tenant_id = tenant_id -class FileEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a file entity. +class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a process entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -8317,22 +6993,33 @@ class FileEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str """ _validation = { @@ -8343,11 +7030,15 @@ class FileEntity(Entity): # pylint: disable=too-many-instance-attributes "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, - "host_entity_id": {"readonly": True}, - } + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, + } _attribute_map = { "id": {"key": "id", "type": "str"}, @@ -8357,74 +7048,235 @@ class FileEntity(Entity): # pylint: disable=too-many-instance-attributes "kind": {"key": "kind", "type": "str"}, "additional_data": {"key": "properties.additionalData", "type": "{object}"}, "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "directory": {"key": "properties.directory", "type": "str"}, - "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "properties.fileName", "type": "str"}, + "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, + "command_line": {"key": "properties.commandLine", "type": "str"}, + "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "properties.elevationToken", "type": "str"}, "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, + "process_id": {"key": "properties.processId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: + """ + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + """ super().__init__(**kwargs) - self.kind: str = "File" + self.kind: str = "Process" self.additional_data = None self.friendly_name = None - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None -class FileEntityProperties(EntityCommonProperties): - """File entity property bag. +class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Process entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str """ _validation = { "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, } _attribute_map = { "additional_data": {"key": "additionalData", "type": "{object}"}, "friendly_name": {"key": "friendlyName", "type": "str"}, - "directory": {"key": "directory", "type": "str"}, - "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "fileName", "type": "str"}, + "account_entity_id": {"key": "accountEntityId", "type": "str"}, + "command_line": {"key": "commandLine", "type": "str"}, + "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "elevationToken", "type": "str"}, "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, + "process_id": {"key": "processId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: + """ + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + """ super().__init__(**kwargs) - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None -class FileHashEntity(Entity): - """Represents a file hash entity. +class PropertyArrayChangedConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates an array property's value change. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyChanged", and + "PropertyArrayChanged". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": { + "key": "conditionProperties", + "type": "AutomationRulePropertyArrayChangedValuesCondition", + }, + } + + def __init__( + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyArrayChangedValuesCondition"] = None, + **kwargs: Any + ) -> None: + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition + """ + super().__init__(**kwargs) + self.condition_type: str = "PropertyArrayChanged" + self.condition_properties = condition_properties + + +class PropertyChangedConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates a property's value change. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyChanged", and + "PropertyArrayChanged". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesChangedCondition"}, + } + + def __init__( + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, + **kwargs: Any + ) -> None: + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition + """ + super().__init__(**kwargs) + self.condition_type: str = "PropertyChanged" + self.condition_properties = condition_properties + + +class PropertyConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates a property's value. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyChanged", and + "PropertyArrayChanged". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesCondition"}, + } + + def __init__( + self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs: Any + ) -> None: + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition + """ + super().__init__(**kwargs) + self.condition_type: str = "Property" + self.condition_properties = condition_properties + + +class RegistryKeyEntity(Entity): + """Represents a registry key entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -8444,19 +7296,21 @@ class FileHashEntity(Entity): :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and + "HKEY_CURRENT_USER". + :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive + :ivar key: The registry key path. + :vartype key: str """ _validation = { @@ -8467,8 +7321,8 @@ class FileHashEntity(Entity): "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, + "hive": {"readonly": True}, + "key": {"readonly": True}, } _attribute_map = { @@ -8479,64 +7333,68 @@ class FileHashEntity(Entity): "kind": {"key": "kind", "type": "str"}, "additional_data": {"key": "properties.additionalData", "type": "{object}"}, "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "algorithm": {"key": "properties.algorithm", "type": "str"}, - "hash_value": {"key": "properties.hashValue", "type": "str"}, + "hive": {"key": "properties.hive", "type": "str"}, + "key": {"key": "properties.key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.kind: str = "FileHash" + self.kind: str = "RegistryKey" self.additional_data = None self.friendly_name = None - self.algorithm = None - self.hash_value = None + self.hive = None + self.key = None -class FileHashEntityProperties(EntityCommonProperties): - """FileHash entity property bag. +class RegistryKeyEntityProperties(EntityCommonProperties): + """RegistryKey entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and + "HKEY_CURRENT_USER". + :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive + :ivar key: The registry key path. + :vartype key: str """ _validation = { "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, + "hive": {"readonly": True}, + "key": {"readonly": True}, } _attribute_map = { "additional_data": {"key": "additionalData", "type": "{object}"}, "friendly_name": {"key": "friendlyName", "type": "str"}, - "algorithm": {"key": "algorithm", "type": "str"}, - "hash_value": {"key": "hashValue", "type": "str"}, + "hive": {"key": "hive", "type": "str"}, + "key": {"key": "key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.algorithm = None - self.hash_value = None + self.hive = None + self.key = None -class FileImport(Resource): # pylint: disable=too-many-instance-attributes - """Represents a file import in Azure Security Insights. +class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a registry value entity. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -8548,39 +7406,27 @@ class FileImport(Resource): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :ivar content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :ivar created_time_utc: The time the file was imported. - :vartype created_time_utc: ~datetime.datetime - :ivar error_file: Represents the error file (if the import was ingested with errors or failed - the validation). - :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar errors_preview: An ordered list of some of the errors that were encountered during - validation. - :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] - :ivar import_file: Represents the imported file. - :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar ingested_record_count: The number of records that have been successfully ingested. - :vartype ingested_record_count: int - :ivar source: The source for the data in the file. - :vartype source: str - :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", - "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". - :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState - :ivar total_record_count: The number of records in the file. - :vartype total_record_count: int - :ivar valid_record_count: The number of records that have passed validation. - :vartype valid_record_count: int - :ivar files_valid_until_time_utc: The time the files associated with this import are deleted - from the storage account. - :vartype files_valid_until_time_utc: ~datetime.datetime - :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the - database and history. - :vartype import_valid_until_time_utc: ~datetime.datetime + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar key_entity_id: The registry key entity id. + :vartype key_entity_id: str + :ivar value_data: String formatted representation of the value data. + :vartype value_data: str + :ivar value_name: The registry value name. + :vartype value_name: str + :ivar value_type: Specifies the data types to use when storing values in the registry, or + identifies the data type of a value in the registry. Known values are: "None", "Unknown", + "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". + :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind """ _validation = { @@ -8588,15 +7434,13 @@ class FileImport(Resource): # pylint: disable=too-many-instance-attributes "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "error_file": {"readonly": True}, - "errors_preview": {"readonly": True}, - "ingested_record_count": {"readonly": True}, - "state": {"readonly": True}, - "total_record_count": {"readonly": True}, - "valid_record_count": {"readonly": True}, - "files_valid_until_time_utc": {"readonly": True}, - "import_valid_until_time_utc": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "key_entity_id": {"readonly": True}, + "value_data": {"readonly": True}, + "value_name": {"readonly": True}, + "value_type": {"readonly": True}, } _attribute_map = { @@ -8604,149 +7448,176 @@ class FileImport(Resource): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, - "content_type": {"key": "properties.contentType", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, - "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, - "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, - "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, - "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, - "source": {"key": "properties.source", "type": "str"}, - "state": {"key": "properties.state", "type": "str"}, - "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, - "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, - "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, - "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "key_entity_id": {"key": "properties.keyEntityId", "type": "str"}, + "value_data": {"key": "properties.valueData", "type": "str"}, + "value_name": {"key": "properties.valueName", "type": "str"}, + "value_type": {"key": "properties.valueType", "type": "str"}, } - def __init__( - self, - *, - ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, - content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, - import_file: Optional["_models.FileMetadata"] = None, - source: Optional[str] = None, - **kwargs - ): - """ - :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :keyword content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :keyword import_file: Represents the imported file. - :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :keyword source: The source for the data in the file. - :paramtype source: str - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.ingestion_mode = ingestion_mode - self.content_type = content_type - self.created_time_utc = None - self.error_file = None - self.errors_preview = None - self.import_file = import_file - self.ingested_record_count = None - self.source = source - self.state = None - self.total_record_count = None - self.valid_record_count = None - self.files_valid_until_time_utc = None - self.import_valid_until_time_utc = None + self.kind: str = "RegistryValue" + self.additional_data = None + self.friendly_name = None + self.key_entity_id = None + self.value_data = None + self.value_name = None + self.value_type = None -class FileImportList(_serialization.Model): - """List all the file imports. +class RegistryValueEntityProperties(EntityCommonProperties): + """RegistryValue entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar key_entity_id: The registry key entity id. + :vartype key_entity_id: str + :ivar value_data: String formatted representation of the value data. + :vartype value_data: str + :ivar value_name: The registry value name. + :vartype value_name: str + :ivar value_type: Specifies the data types to use when storing values in the registry, or + identifies the data type of a value in the registry. Known values are: "None", "Unknown", + "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". + :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind + """ - :ivar next_link: URL to fetch the next set of file imports. - :vartype next_link: str - :ivar value: Array of file imports. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "key_entity_id": {"readonly": True}, + "value_data": {"readonly": True}, + "value_name": {"readonly": True}, + "value_type": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "key_entity_id": {"key": "keyEntityId", "type": "str"}, + "value_data": {"key": "valueData", "type": "str"}, + "value_name": {"key": "valueName", "type": "str"}, + "value_type": {"key": "valueType", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.key_entity_id = None + self.value_data = None + self.value_name = None + self.value_type = None + + +class Relation(ResourceWithEtag): + """Represents a relation between two resources. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar related_resource_id: The resource ID of the related resource. + :vartype related_resource_id: str + :ivar related_resource_name: The name of the related resource. + :vartype related_resource_name: str + :ivar related_resource_type: The resource type of the related resource. + :vartype related_resource_type: str + :ivar related_resource_kind: The resource kind of the related resource. + :vartype related_resource_kind: str """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "related_resource_name": {"readonly": True}, + "related_resource_type": {"readonly": True}, + "related_resource_kind": {"readonly": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[FileImport]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "related_resource_id": {"key": "properties.relatedResourceId", "type": "str"}, + "related_resource_name": {"key": "properties.relatedResourceName", "type": "str"}, + "related_resource_type": {"key": "properties.relatedResourceType", "type": "str"}, + "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, } - def __init__(self, *, value: List["_models.FileImport"], **kwargs): + def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword value: Array of file imports. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword related_resource_id: The resource ID of the related resource. + :paramtype related_resource_id: str """ - super().__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__(etag=etag, **kwargs) + self.related_resource_id = related_resource_id + self.related_resource_name = None + self.related_resource_type = None + self.related_resource_kind = None -class FileMetadata(_serialization.Model): - """Represents a file. +class RelationList(_serialization.Model): + """List of relations. Variables are only populated by the server, and will be ignored when sending a request. - :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". - :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :ivar file_name: The name of the file. - :vartype file_name: str - :ivar file_size: The size of the file. - :vartype file_size: int - :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. - :vartype file_content_uri: str - :ivar delete_status: Indicates whether the file was deleted from the storage account. Known - values are: "Deleted", "NotDeleted", and "Unspecified". - :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of relations. + :vartype next_link: str + :ivar value: Array of relations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Relation] """ _validation = { - "file_content_uri": {"readonly": True}, - "delete_status": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "file_format": {"key": "fileFormat", "type": "str"}, - "file_name": {"key": "fileName", "type": "str"}, - "file_size": {"key": "fileSize", "type": "int"}, - "file_content_uri": {"key": "fileContentUri", "type": "str"}, - "delete_status": {"key": "deleteStatus", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Relation]"}, } - def __init__( - self, - *, - file_format: Optional[Union[str, "_models.FileFormat"]] = None, - file_name: Optional[str] = None, - file_size: Optional[int] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.Relation"], **kwargs: Any) -> None: """ - :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and - "Unspecified". - :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :keyword file_name: The name of the file. - :paramtype file_name: str - :keyword file_size: The size of the file. - :paramtype file_size: int + :keyword value: Array of relations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] """ super().__init__(**kwargs) - self.file_format = file_format - self.file_name = file_name - self.file_size = file_size - self.file_content_uri = None - self.delete_status = None + self.next_link = None + self.value = value -class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule. +class ScheduledAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents scheduled alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -8765,32 +7636,58 @@ class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attribute :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :vartype query_frequency: ~datetime.timedelta + :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :vartype query_period: ~datetime.timedelta + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :ivar trigger_threshold: The threshold triggers this alert rule. + :vartype trigger_threshold: int + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. :vartype alert_rule_template_name: str + :ivar template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :vartype template_version: str :ivar description: The description of the alert rule. :vartype description: str :ivar display_name: The display name for alerts created by this alert rule. :vartype display_name: str :ivar enabled: Determines whether this alert rule is enabled or disabled. :vartype enabled: bool - :ivar source_settings: Configuration for all supported source signals in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :vartype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] - :ivar last_modified_utc: The last time that this alert has been modified. + :ivar last_modified_utc: The last time that this alert rule has been modified. :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :vartype suppression_duration: ~datetime.timedelta + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. + :vartype suppression_enabled: bool :ivar tactics: The tactics of the alert rule. :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] :ivar techniques: The techniques of the alert rule. :vartype techniques: list[str] + :ivar incident_configuration: The settings of the incidents that created from alerts triggered + by this analytics rule. + :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ _validation = { @@ -8799,12 +7696,7 @@ class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attribute "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, } _attribute_map = { @@ -8814,811 +7706,626 @@ class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attribute "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, + "query_period": {"key": "properties.queryPeriod", "type": "duration"}, + "severity": {"key": "properties.severity", "type": "str"}, + "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "properties.templateVersion", "type": "str"}, "description": {"key": "properties.description", "type": "str"}, "display_name": {"key": "properties.displayName", "type": "str"}, "enabled": {"key": "properties.enabled", "type": "bool"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, - "scenario_exclusion_patterns": { - "key": "properties.scenarioExclusionPatterns", - "type": "[FusionScenarioExclusionPattern]", - }, "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, + "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, "tactics": {"key": "properties.tactics", "type": "[str]"}, "techniques": {"key": "properties.techniques", "type": "[str]"}, + "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, alert_rule_template_name: Optional[str] = None, + template_version: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, enabled: Optional[bool] = None, - source_settings: Optional[List["_models.FusionSourceSettings"]] = None, - scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, - **kwargs - ): + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + incident_configuration: Optional["_models.IncidentConfiguration"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to + run. + :paramtype query_frequency: ~datetime.timedelta + :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :paramtype query_period: ~datetime.timedelta + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :keyword trigger_threshold: The threshold triggers this alert rule. + :paramtype trigger_threshold: int + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride :keyword alert_rule_template_name: The Name of the alert rule template used to create this rule. :paramtype alert_rule_template_name: str + :keyword template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :paramtype template_version: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str :keyword enabled: Determines whether this alert rule is enabled or disabled. :paramtype enabled: bool - :keyword source_settings: Configuration for all supported source signals in fusion detection. - :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :paramtype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :paramtype suppression_duration: ~datetime.timedelta + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :paramtype suppression_enabled: bool + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword incident_configuration: The settings of the incidents that created from alerts + triggered by this analytics rule. + :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Fusion" + self.kind: str = "Scheduled" + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.event_grouping_settings = event_grouping_settings + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None + self.template_version = template_version + self.description = description + self.display_name = display_name self.enabled = enabled - self.source_settings = source_settings - self.scenario_exclusion_patterns = scenario_exclusion_patterns self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None - - -class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule template. + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + self.techniques = techniques + self.incident_configuration = incident_configuration - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class ScheduledAlertRuleCommonProperties(_serialization.Model): + """Scheduled alert rule template property bag. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :vartype query_frequency: ~datetime.timedelta + :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :vartype query_period: ~datetime.timedelta :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule template. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar source_settings: All supported source signal configurations consumed in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :ivar trigger_threshold: The threshold triggers this alert rule. + :vartype trigger_threshold: int + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "created_date_utc": {"readonly": True}, - "last_updated_date_utc": {"readonly": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, + "query": {"key": "query", "type": "str"}, + "query_frequency": {"key": "queryFrequency", "type": "duration"}, + "query_period": {"key": "queryPeriod", "type": "duration"}, + "severity": {"key": "severity", "type": "str"}, + "trigger_operator": {"key": "triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, - **kwargs - ): + trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to + run. + :paramtype query_frequency: ~datetime.timedelta + :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :paramtype query_period: ~datetime.timedelta :keyword severity: The severity for alerts created by this alert rule. Known values are: "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword tactics: The tactics of the alert rule template. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword source_settings: All supported source signal configurations consumed in fusion - detection. - :paramtype source_settings: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :keyword trigger_threshold: The threshold triggers this alert rule. + :paramtype trigger_threshold: int + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ super().__init__(**kwargs) - self.kind: str = "Fusion" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.severity = severity - self.tactics = tactics - self.techniques = techniques - self.source_settings = source_settings - - -class FusionScenarioExclusionPattern(_serialization.Model): - """Represents a Fusion scenario exclusion patterns in Fusion detection. - - All required parameters must be populated in order to send to Azure. - - :ivar exclusion_pattern: Scenario exclusion pattern. Required. - :vartype exclusion_pattern: str - :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :vartype date_added_in_utc: str - """ - - _validation = { - "exclusion_pattern": {"required": True}, - "date_added_in_utc": {"required": True}, - } - - _attribute_map = { - "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, - "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, - } - - def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs): - """ - :keyword exclusion_pattern: Scenario exclusion pattern. Required. - :paramtype exclusion_pattern: str - :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :paramtype date_added_in_utc: str - """ - super().__init__(**kwargs) - self.exclusion_pattern = exclusion_pattern - self.date_added_in_utc = date_added_in_utc - - -class FusionSourceSettings(_serialization.Model): - """Represents a supported source signal configuration in Fusion detection. - - All required parameters must be populated in order to send to Azure. - - :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :vartype enabled: bool - :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :vartype source_name: str - :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed - in fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] - """ - - _validation = { - "enabled": {"required": True}, - "source_name": {"required": True}, - } - - _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, - } - - def __init__( - self, - *, - enabled: bool, - source_name: str, - source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, - **kwargs - ): - """ - :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :paramtype enabled: bool - :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :paramtype source_name: str - :keyword source_sub_types: Configuration for all source subtypes under this source signal - consumed in fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] - """ - super().__init__(**kwargs) - self.enabled = enabled - self.source_name = source_name - self.source_sub_types = source_sub_types + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.event_grouping_settings = event_grouping_settings + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override -class FusionSourceSubTypeSetting(_serialization.Model): - """Represents a supported source subtype configuration under a source signal in Fusion detection. +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): # pylint: disable=too-many-instance-attributes + """Scheduled alert rule base property bag. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :vartype query_frequency: ~datetime.timedelta + :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :vartype query_period: ~datetime.timedelta + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :ivar trigger_threshold: The threshold triggers this alert rule. + :vartype trigger_threshold: int + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :vartype template_version: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. Required. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. :vartype enabled: bool - :ivar source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. Required. + :vartype suppression_duration: ~datetime.timedelta + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. Required. + :vartype suppression_enabled: bool + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar incident_configuration: The settings of the incidents that created from alerts triggered + by this analytics rule. + :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ _validation = { + "display_name": {"required": True}, "enabled": {"required": True}, - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filters": {"required": True}, + "last_modified_utc": {"readonly": True}, + "suppression_duration": {"required": True}, + "suppression_enabled": {"required": True}, } _attribute_map = { + "query": {"key": "query", "type": "str"}, + "query_frequency": {"key": "queryFrequency", "type": "duration"}, + "query_period": {"key": "queryPeriod", "type": "duration"}, + "severity": {"key": "severity", "type": "str"}, + "trigger_operator": {"key": "triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "templateVersion", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, "enabled": {"key": "enabled", "type": "bool"}, - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "suppressionEnabled", "type": "bool"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "incident_configuration": {"key": "incidentConfiguration", "type": "IncidentConfiguration"}, } def __init__( self, *, + display_name: str, enabled: bool, - source_sub_type_name: str, - severity_filters: "_models.FusionSubTypeSeverityFilter", - **kwargs - ): + suppression_duration: datetime.timedelta, + suppression_enabled: bool, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + alert_rule_template_name: Optional[str] = None, + template_version: Optional[str] = None, + description: Optional[str] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + incident_configuration: Optional["_models.IncidentConfiguration"] = None, + **kwargs: Any + ) -> None: """ - :keyword enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to + run. + :paramtype query_frequency: ~datetime.timedelta + :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :paramtype query_period: ~datetime.timedelta + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :keyword trigger_threshold: The threshold triggers this alert rule. + :paramtype trigger_threshold: int + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :paramtype template_version: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. Required. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. :paramtype enabled: bool - :keyword source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :paramtype source_sub_type_name: str - :keyword severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. Required. + :paramtype suppression_duration: ~datetime.timedelta + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. Required. + :paramtype suppression_enabled: bool + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword incident_configuration: The settings of the incidents that created from alerts + triggered by this analytics rule. + :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ - super().__init__(**kwargs) + super().__init__( + query=query, + query_frequency=query_frequency, + query_period=query_period, + severity=severity, + trigger_operator=trigger_operator, + trigger_threshold=trigger_threshold, + event_grouping_settings=event_grouping_settings, + custom_details=custom_details, + entity_mappings=entity_mappings, + alert_details_override=alert_details_override, + **kwargs + ) + self.alert_rule_template_name = alert_rule_template_name + self.template_version = template_version + self.description = description + self.display_name = display_name self.enabled = enabled - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filters = severity_filters + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.tactics = tactics + self.techniques = techniques + self.incident_configuration = incident_configuration -class FusionSubTypeSeverityFilter(_serialization.Model): - """Represents severity configuration for a source subtype consumed in Fusion detection. +class ScheduledAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents scheduled alert rule template. Variables are only populated by the server, and will be ignored when sending a request. - :ivar is_supported: Determines whether this source subtype supports severity configuration or - not. - :vartype is_supported: bool - :ivar filters: Individual Severity configuration settings for a given source subtype consumed - in Fusion detection. - :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] - """ - - _validation = { - "is_supported": {"readonly": True}, - } - - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, - } - - def __init__(self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs): - """ - :keyword filters: Individual Severity configuration settings for a given source subtype - consumed in Fusion detection. - :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] - """ - super().__init__(**kwargs) - self.is_supported = None - self.filters = filters - - -class FusionSubTypeSeverityFiltersItem(_serialization.Model): - """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. - All required parameters must be populated in order to send to Azure. - :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. - Known values are: "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype - consumed in Fusion detection. Required. - :vartype enabled: bool - """ - - _validation = { - "severity": {"required": True}, - "enabled": {"required": True}, - } - - _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, - } - - def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs): - """ - :keyword severity: The Severity for a given source subtype consumed in Fusion detection. - Required. Known values are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword enabled: Determines whether this severity is enabled or disabled for this source - subtype consumed in Fusion detection. Required. - :paramtype enabled: bool - """ - super().__init__(**kwargs) - self.severity = severity - self.enabled = enabled - - -class FusionTemplateSourceSetting(_serialization.Model): - """Represents a source signal consumed in Fusion detection. - - All required parameters must be populated in order to send to Azure. - - :ivar source_name: The name of a source signal consumed in Fusion detection. Required. - :vartype source_name: str - :ivar source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The alert rule kind. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", and "Fusion". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. + :vartype query_frequency: ~datetime.timedelta + :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :vartype query_period: ~datetime.timedelta + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :ivar trigger_threshold: The threshold triggers this alert rule. + :vartype trigger_threshold: int + :ivar tactics: The tactics of the alert rule template. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule template. + :vartype techniques: list[str] + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ _validation = { - "source_name": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } _attribute_map = { - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, + "query_period": {"key": "properties.queryPeriod", "type": "duration"}, + "severity": {"key": "properties.severity", "type": "str"}, + "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "version": {"key": "properties.version", "type": "str"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - source_name: str, - source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, - **kwargs - ): + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + query: Optional[str] = None, + query_frequency: Optional[datetime.timedelta] = None, + query_period: Optional[datetime.timedelta] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, + trigger_threshold: Optional[int] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + version: Optional[str] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + **kwargs: Any + ) -> None: """ - :keyword source_name: The name of a source signal consumed in Fusion detection. Required. - :paramtype source_name: str - :keyword source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to + run. + :paramtype query_frequency: ~datetime.timedelta + :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. + :paramtype query_period: ~datetime.timedelta + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". + :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator + :keyword trigger_threshold: The threshold triggers this alert rule. + :paramtype trigger_threshold: int + :keyword tactics: The tactics of the alert rule template. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule template. + :paramtype techniques: list[str] + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ super().__init__(**kwargs) - self.source_name = source_name - self.source_sub_types = source_sub_types + self.kind: str = "Scheduled" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.severity = severity + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.tactics = tactics + self.techniques = techniques + self.version = version + self.event_grouping_settings = event_grouping_settings + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override -class FusionTemplateSourceSubType(_serialization.Model): - """Represents a source subtype under a source signal consumed in Fusion detection. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion - detection. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion - detection. Required. - :vartype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter - """ - - _validation = { - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filter": {"required": True}, - } - - _attribute_map = { - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, - } - - def __init__( - self, *, source_sub_type_name: str, severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", **kwargs - ): - """ - :keyword source_sub_type_name: The name of source subtype under a source signal consumed in - Fusion detection. Required. - :paramtype source_sub_type_name: str - :keyword severity_filter: Severity configuration available for a source subtype consumed in - fusion detection. Required. - :paramtype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter - """ - super().__init__(**kwargs) - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filter = severity_filter - - -class FusionTemplateSubTypeSeverityFilter(_serialization.Model): - """Represents severity configurations available for a source subtype consumed in Fusion detection. - - All required parameters must be populated in order to send to Azure. - - :ivar is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :vartype is_supported: bool - :ivar severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - - _validation = { - "is_supported": {"required": True}, - } - - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "severity_filters": {"key": "severityFilters", "type": "[str]"}, - } - - def __init__( - self, - *, - is_supported: bool, - severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :paramtype is_supported: bool - :keyword severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__(**kwargs) - self.is_supported = is_supported - self.severity_filters = severity_filters - - -class GeoLocation(_serialization.Model): - """The geo-location context attached to the ip entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar asn: Autonomous System Number. - :vartype asn: int - :ivar city: City name. - :vartype city: str - :ivar country_code: The country code according to ISO 3166 format. - :vartype country_code: str - :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English - Short Name. - :vartype country_name: str - :ivar latitude: The longitude of the identified location, expressed as a floating point number - with range of -180 to 180, with positive numbers representing East and negative numbers - representing West. Latitude and longitude are derived from the city or postal code. - :vartype latitude: float - :ivar longitude: The latitude of the identified location, expressed as a floating point number - with range of - 90 to 90, with positive numbers representing North and negative numbers - representing South. Latitude and longitude are derived from the city or postal code. - :vartype longitude: float - :ivar state: State name. - :vartype state: str - """ - - _validation = { - "asn": {"readonly": True}, - "city": {"readonly": True}, - "country_code": {"readonly": True}, - "country_name": {"readonly": True}, - "latitude": {"readonly": True}, - "longitude": {"readonly": True}, - "state": {"readonly": True}, - } - - _attribute_map = { - "asn": {"key": "asn", "type": "int"}, - "city": {"key": "city", "type": "str"}, - "country_code": {"key": "countryCode", "type": "str"}, - "country_name": {"key": "countryName", "type": "str"}, - "latitude": {"key": "latitude", "type": "float"}, - "longitude": {"key": "longitude", "type": "float"}, - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.asn = None - self.city = None - self.country_code = None - self.country_name = None - self.latitude = None - self.longitude = None - self.state = None - - -class GetInsightsErrorKind(_serialization.Model): - """GetInsights Query Errors. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: the query kind. Required. "Insight" - :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str - """ - - _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, - } - - def __init__( - self, - *, - kind: Union[str, "_models.GetInsightsError"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): - """ - :keyword kind: the query kind. Required. "Insight" - :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str - """ - super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message - - -class GetInsightsResultsMetadata(_serialization.Model): - """Get Insights result metadata. - - All required parameters must be populated in order to send to Azure. - - :ivar total_count: the total items found for the insights request. Required. - :vartype total_count: int - :ivar errors: information about the failed queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] - """ - - _validation = { - "total_count": {"required": True}, - } - - _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, - } - - def __init__(self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs): - """ - :keyword total_count: the total items found for the insights request. Required. - :paramtype total_count: int - :keyword errors: information about the failed queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] - """ - super().__init__(**kwargs) - self.total_count = total_count - self.errors = errors - - -class GetQueriesResponse(_serialization.Model): - """Retrieve queries for entity result operation response. - - :ivar value: The query result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ - - _attribute_map = { - "value": {"key": "value", "type": "[EntityQueryItem]"}, - } - - def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs): - """ - :keyword value: The query result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ - super().__init__(**kwargs) - self.value = value - - -class GitHubResourceInfo(_serialization.Model): - """Resources created in GitHub repository. - - :ivar app_installation_id: GitHub application installation id. - :vartype app_installation_id: str - """ - - _attribute_map = { - "app_installation_id": {"key": "appInstallationId", "type": "str"}, - } - - def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs): - """ - :keyword app_installation_id: GitHub application installation id. - :paramtype app_installation_id: str - """ - super().__init__(**kwargs) - self.app_installation_id = app_installation_id - - -class GroupingConfiguration(_serialization.Model): - """Grouping configuration property bag. - - All required parameters must be populated in order to send to Azure. - - :ivar enabled: Grouping enabled. Required. - :vartype enabled: bool - :ivar reopen_closed_incident: Re-open closed matching incidents. Required. - :vartype reopen_closed_incident: bool - :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO - 8601 duration format). Required. - :vartype lookback_duration: ~datetime.timedelta - :ivar matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). - Only entities defined in the current alert rule may be used. - :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod - is Selected). Only keys defined in the current alert rule may be used. - :vartype group_by_custom_details: list[str] - """ - - _validation = { - "enabled": {"required": True}, - "reopen_closed_incident": {"required": True}, - "lookback_duration": {"required": True}, - "matching_method": {"required": True}, - } - - _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, - "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, - "matching_method": {"key": "matchingMethod", "type": "str"}, - "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, - "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, - "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, - } - - def __init__( - self, - *, - enabled: bool, - reopen_closed_incident: bool, - lookback_duration: datetime.timedelta, - matching_method: Union[str, "_models.MatchingMethod"], - group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, - group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, - group_by_custom_details: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword enabled: Grouping enabled. Required. - :paramtype enabled: bool - :keyword reopen_closed_incident: Re-open closed matching incidents. Required. - :paramtype reopen_closed_incident: bool - :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in - ISO 8601 duration format). Required. - :paramtype lookback_duration: ~datetime.timedelta - :keyword matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :keyword group_by_entities: A list of entity types to group by (when matchingMethod is - Selected). Only entities defined in the current alert rule may be used. - :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :keyword group_by_custom_details: A list of custom details keys to group by (when - matchingMethod is Selected). Only keys defined in the current alert rule may be used. - :paramtype group_by_custom_details: list[str] - """ - super().__init__(**kwargs) - self.enabled = enabled - self.reopen_closed_incident = reopen_closed_incident - self.lookback_duration = lookback_duration - self.matching_method = matching_method - self.group_by_entities = group_by_entities - self.group_by_alert_details = group_by_alert_details - self.group_by_custom_details = group_by_custom_details - - -class HostEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a host entity. +class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes + """Represents a security alert entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -9638,227 +8345,428 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "azure_id": {"key": "properties.azureID", "type": "str"}, - "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, - "host_name": {"key": "properties.hostName", "type": "str"}, - "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, - "nt_domain": {"key": "properties.ntDomain", "type": "str"}, - "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, - "os_family": {"key": "properties.osFamily", "type": "str"}, - "os_version": {"key": "properties.osVersion", "type": "str"}, - } - - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - """ - super().__init__(**kwargs) - self.kind: str = "Host" - self.additional_data = None - self.friendly_name = None - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None - - -class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Host entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str + :ivar alert_display_name: The display name of the alert. + :vartype alert_display_name: str + :ivar alert_type: The type name of the alert. + :vartype alert_type: str + :ivar compromised_entity: Display name of the main entity being reported on. + :vartype compromised_entity: str + :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", + and "High". + :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel + :ivar confidence_reasons: The confidence reasons. + :vartype confidence_reasons: + list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] + :ivar confidence_score: The confidence score of the alert. + :vartype confidence_score: float + :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if + score calculation is pending for this alert, not applicable or final. Known values are: + "NotApplicable", "InProcess", "NotFinal", and "Final". + :vartype confidence_score_status: str or + ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus + :ivar description: Alert description. + :vartype description: str + :ivar end_time_utc: The impact end time of the alert (the time of the last event contributing + to the alert). + :vartype end_time_utc: ~datetime.datetime + :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: + "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", + "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", + "CommandAndControl", and "Impact". + :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent + :ivar provider_alert_id: The identifier of the alert inside the product which generated the + alert. + :vartype provider_alert_id: str + :ivar processing_end_time: The time the alert was made available for consumption. + :vartype processing_end_time: ~datetime.datetime + :ivar product_component_name: The name of a component inside the product which generated the + alert. + :vartype product_component_name: str + :ivar product_name: The name of the product which published this alert. + :vartype product_name: str + :ivar product_version: The version of the product generating the alert. + :vartype product_version: str + :ivar remediation_steps: Manual action items to take to remediate the alert. + :vartype remediation_steps: list[str] + :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar start_time_utc: The impact start time of the alert (the time of the first event + contributing to the alert). + :vartype start_time_utc: ~datetime.datetime + :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", + "Resolved", "Dismissed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus + :ivar system_alert_id: Holds the product identifier of the alert for the product. + :vartype system_alert_id: str + :ivar tactics: The tactics of the alert. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar time_generated: The time the alert was generated. + :vartype time_generated: ~datetime.datetime + :ivar vendor_name: The name of the vendor that raise the alert. + :vartype vendor_name: str + :ivar alert_link: The uri link of the alert. + :vartype alert_link: str + :ivar resource_identifiers: The list of resource identifiers of the alert. + :vartype resource_identifiers: list[JSON] """ _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, + "alert_display_name": {"readonly": True}, + "alert_type": {"readonly": True}, + "compromised_entity": {"readonly": True}, + "confidence_level": {"readonly": True}, + "confidence_reasons": {"readonly": True}, + "confidence_score": {"readonly": True}, + "confidence_score_status": {"readonly": True}, + "description": {"readonly": True}, + "end_time_utc": {"readonly": True}, + "intent": {"readonly": True}, + "provider_alert_id": {"readonly": True}, + "processing_end_time": {"readonly": True}, + "product_component_name": {"readonly": True}, + "product_name": {"readonly": True}, + "product_version": {"readonly": True}, + "remediation_steps": {"readonly": True}, + "start_time_utc": {"readonly": True}, + "status": {"readonly": True}, + "system_alert_id": {"readonly": True}, + "tactics": {"readonly": True}, + "time_generated": {"readonly": True}, + "vendor_name": {"readonly": True}, + "alert_link": {"readonly": True}, + "resource_identifiers": {"readonly": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "azure_id": {"key": "azureID", "type": "str"}, - "dns_domain": {"key": "dnsDomain", "type": "str"}, - "host_name": {"key": "hostName", "type": "str"}, - "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "netBiosName", "type": "str"}, - "nt_domain": {"key": "ntDomain", "type": "str"}, - "oms_agent_id": {"key": "omsAgentID", "type": "str"}, - "os_family": {"key": "osFamily", "type": "str"}, - "os_version": {"key": "osVersion", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "alert_display_name": {"key": "properties.alertDisplayName", "type": "str"}, + "alert_type": {"key": "properties.alertType", "type": "str"}, + "compromised_entity": {"key": "properties.compromisedEntity", "type": "str"}, + "confidence_level": {"key": "properties.confidenceLevel", "type": "str"}, + "confidence_reasons": { + "key": "properties.confidenceReasons", + "type": "[SecurityAlertPropertiesConfidenceReasonsItem]", + }, + "confidence_score": {"key": "properties.confidenceScore", "type": "float"}, + "confidence_score_status": {"key": "properties.confidenceScoreStatus", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "end_time_utc": {"key": "properties.endTimeUtc", "type": "iso-8601"}, + "intent": {"key": "properties.intent", "type": "str"}, + "provider_alert_id": {"key": "properties.providerAlertId", "type": "str"}, + "processing_end_time": {"key": "properties.processingEndTime", "type": "iso-8601"}, + "product_component_name": {"key": "properties.productComponentName", "type": "str"}, + "product_name": {"key": "properties.productName", "type": "str"}, + "product_version": {"key": "properties.productVersion", "type": "str"}, + "remediation_steps": {"key": "properties.remediationSteps", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, + "start_time_utc": {"key": "properties.startTimeUtc", "type": "iso-8601"}, + "status": {"key": "properties.status", "type": "str"}, + "system_alert_id": {"key": "properties.systemAlertId", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "time_generated": {"key": "properties.timeGenerated", "type": "iso-8601"}, + "vendor_name": {"key": "properties.vendorName", "type": "str"}, + "alert_link": {"key": "properties.alertLink", "type": "str"}, + "resource_identifiers": {"key": "properties.resourceIdentifiers", "type": "[object]"}, } - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): + def __init__( # pylint: disable=too-many-locals + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ super().__init__(**kwargs) - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None + self.kind: str = "SecurityAlert" + self.additional_data = None + self.friendly_name = None + self.alert_display_name = None + self.alert_type = None + self.compromised_entity = None + self.confidence_level = None + self.confidence_reasons = None + self.confidence_score = None + self.confidence_score_status = None + self.description = None + self.end_time_utc = None + self.intent = None + self.provider_alert_id = None + self.processing_end_time = None + self.product_component_name = None + self.product_name = None + self.product_version = None + self.remediation_steps = None + self.severity = severity + self.start_time_utc = None + self.status = None + self.system_alert_id = None + self.tactics = None + self.time_generated = None + self.vendor_name = None + self.alert_link = None + self.resource_identifiers = None -class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes - """Represents a Hunting bookmark entity. +class SecurityAlertProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """SecurityAlert entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. - :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar alert_display_name: The display name of the alert. + :vartype alert_display_name: str + :ivar alert_type: The type name of the alert. + :vartype alert_type: str + :ivar compromised_entity: Display name of the main entity being reported on. + :vartype compromised_entity: str + :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", + and "High". + :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel + :ivar confidence_reasons: The confidence reasons. + :vartype confidence_reasons: + list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] + :ivar confidence_score: The confidence score of the alert. + :vartype confidence_score: float + :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if + score calculation is pending for this alert, not applicable or final. Known values are: + "NotApplicable", "InProcess", "NotFinal", and "Final". + :vartype confidence_score_status: str or + ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus + :ivar description: Alert description. + :vartype description: str + :ivar end_time_utc: The impact end time of the alert (the time of the last event contributing + to the alert). + :vartype end_time_utc: ~datetime.datetime + :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: + "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", + "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", + "CommandAndControl", and "Impact". + :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent + :ivar provider_alert_id: The identifier of the alert inside the product which generated the + alert. + :vartype provider_alert_id: str + :ivar processing_end_time: The time the alert was made available for consumption. + :vartype processing_end_time: ~datetime.datetime + :ivar product_component_name: The name of a component inside the product which generated the + alert. + :vartype product_component_name: str + :ivar product_name: The name of the product which published this alert. + :vartype product_name: str + :ivar product_version: The version of the product generating the alert. + :vartype product_version: str + :ivar remediation_steps: Manual action items to take to remediate the alert. + :vartype remediation_steps: list[str] + :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar start_time_utc: The impact start time of the alert (the time of the first event + contributing to the alert). + :vartype start_time_utc: ~datetime.datetime + :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", + "Resolved", "Dismissed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus + :ivar system_alert_id: Holds the product identifier of the alert for the product. + :vartype system_alert_id: str + :ivar tactics: The tactics of the alert. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar time_generated: The time the alert was generated. + :vartype time_generated: ~datetime.datetime + :ivar vendor_name: The name of the vendor that raise the alert. + :vartype vendor_name: str + :ivar alert_link: The uri link of the alert. + :vartype alert_link: str + :ivar resource_identifiers: The list of resource identifiers of the alert. + :vartype resource_identifiers: list[JSON] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "alert_display_name": {"readonly": True}, + "alert_type": {"readonly": True}, + "compromised_entity": {"readonly": True}, + "confidence_level": {"readonly": True}, + "confidence_reasons": {"readonly": True}, + "confidence_score": {"readonly": True}, + "confidence_score_status": {"readonly": True}, + "description": {"readonly": True}, + "end_time_utc": {"readonly": True}, + "intent": {"readonly": True}, + "provider_alert_id": {"readonly": True}, + "processing_end_time": {"readonly": True}, + "product_component_name": {"readonly": True}, + "product_name": {"readonly": True}, + "product_version": {"readonly": True}, + "remediation_steps": {"readonly": True}, + "start_time_utc": {"readonly": True}, + "status": {"readonly": True}, + "system_alert_id": {"readonly": True}, + "tactics": {"readonly": True}, + "time_generated": {"readonly": True}, + "vendor_name": {"readonly": True}, + "alert_link": {"readonly": True}, + "resource_identifiers": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "alert_display_name": {"key": "alertDisplayName", "type": "str"}, + "alert_type": {"key": "alertType", "type": "str"}, + "compromised_entity": {"key": "compromisedEntity", "type": "str"}, + "confidence_level": {"key": "confidenceLevel", "type": "str"}, + "confidence_reasons": {"key": "confidenceReasons", "type": "[SecurityAlertPropertiesConfidenceReasonsItem]"}, + "confidence_score": {"key": "confidenceScore", "type": "float"}, + "confidence_score_status": {"key": "confidenceScoreStatus", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, + "intent": {"key": "intent", "type": "str"}, + "provider_alert_id": {"key": "providerAlertId", "type": "str"}, + "processing_end_time": {"key": "processingEndTime", "type": "iso-8601"}, + "product_component_name": {"key": "productComponentName", "type": "str"}, + "product_name": {"key": "productName", "type": "str"}, + "product_version": {"key": "productVersion", "type": "str"}, + "remediation_steps": {"key": "remediationSteps", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, + "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, + "status": {"key": "status", "type": "str"}, + "system_alert_id": {"key": "systemAlertId", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, + "vendor_name": {"key": "vendorName", "type": "str"}, + "alert_link": {"key": "alertLink", "type": "str"}, + "resource_identifiers": {"key": "resourceIdentifiers", "type": "[object]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: + """ + :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + super().__init__(**kwargs) + self.alert_display_name = None + self.alert_type = None + self.compromised_entity = None + self.confidence_level = None + self.confidence_reasons = None + self.confidence_score = None + self.confidence_score_status = None + self.description = None + self.end_time_utc = None + self.intent = None + self.provider_alert_id = None + self.processing_end_time = None + self.product_component_name = None + self.product_name = None + self.product_version = None + self.remediation_steps = None + self.severity = severity + self.start_time_utc = None + self.status = None + self.system_alert_id = None + self.tactics = None + self.time_generated = None + self.vendor_name = None + self.alert_link = None + self.resource_identifiers = None + + +class SecurityAlertPropertiesConfidenceReasonsItem(_serialization.Model): + """confidence reason item. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar reason: The reason's description. + :vartype reason: str + :ivar reason_type: The type (category) of the reason. + :vartype reason_type: str + """ + + _validation = { + "reason": {"readonly": True}, + "reason_type": {"readonly": True}, + } + + _attribute_map = { + "reason": {"key": "reason", "type": "str"}, + "reason_type": {"key": "reasonType", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.reason = None + self.reason_type = None + + +class SecurityGroupEntity(Entity): + """Represents a security group entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar distinguished_name: The group distinguished name. + :vartype distinguished_name: str + :ivar object_guid: A single-value attribute that is the unique identifier for the object, + assigned by active directory. + :vartype object_guid: str + :ivar sid: The SID attribute is a single-value attribute that specifies the security identifier + (SID) of the group. + :vartype sid: str """ _validation = { @@ -9869,6 +8777,9 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "kind": {"required": True}, "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, + "distinguished_name": {"readonly": True}, + "object_guid": {"readonly": True}, + "sid": {"readonly": True}, } _attribute_map = { @@ -9879,192 +8790,130 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "kind": {"key": "kind", "type": "str"}, "additional_data": {"key": "properties.additionalData", "type": "{object}"}, "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "notes": {"key": "properties.notes", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_result": {"key": "properties.queryResult", "type": "str"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, + "distinguished_name": {"key": "properties.distinguishedName", "type": "str"}, + "object_guid": {"key": "properties.objectGuid", "type": "str"}, + "sid": {"key": "properties.sid", "type": "str"}, } - def __init__( - self, - *, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - display_name: Optional[str] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): - """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. - :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.kind: str = "Bookmark" + self.kind: str = "SecurityGroup" self.additional_data = None self.friendly_name = None - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info + self.distinguished_name = None + self.object_guid = None + self.sid = None -class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Describes bookmark properties. +class SecurityGroupEntityProperties(EntityCommonProperties): + """SecurityGroup entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. Required. - :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. Required. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar distinguished_name: The group distinguished name. + :vartype distinguished_name: str + :ivar object_guid: A single-value attribute that is the unique identifier for the object, + assigned by active directory. + :vartype object_guid: str + :ivar sid: The SID attribute is a single-value attribute that specifies the security identifier + (SID) of the group. + :vartype sid: str """ _validation = { "additional_data": {"readonly": True}, "friendly_name": {"readonly": True}, - "display_name": {"required": True}, - "query": {"required": True}, + "distinguished_name": {"readonly": True}, + "object_guid": {"readonly": True}, + "sid": {"readonly": True}, } _attribute_map = { "additional_data": {"key": "additionalData", "type": "{object}"}, "friendly_name": {"key": "friendlyName", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "created_by": {"key": "createdBy", "type": "UserInfo"}, - "display_name": {"key": "displayName", "type": "str"}, - "event_time": {"key": "eventTime", "type": "iso-8601"}, - "labels": {"key": "labels", "type": "[str]"}, - "notes": {"key": "notes", "type": "str"}, - "query": {"key": "query", "type": "str"}, - "query_result": {"key": "queryResult", "type": "str"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "updated_by": {"key": "updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, + "distinguished_name": {"key": "distinguishedName", "type": "str"}, + "object_guid": {"key": "objectGuid", "type": "str"}, + "sid": {"key": "sid", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.distinguished_name = None + self.object_guid = None + self.sid = None + + +class SecurityMLAnalyticsSettingsDataSource(_serialization.Model): + """security ml analytics settings data sources. + + :ivar connector_id: The connector id that provides the following data types. + :vartype connector_id: str + :ivar data_types: The data types used by the security ml analytics settings. + :vartype data_types: list[str] + """ + + _attribute_map = { + "connector_id": {"key": "connectorId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "[str]"}, } def __init__( - self, - *, - display_name: str, - query: str, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. Required. - :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. Required. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :keyword connector_id: The connector id that provides the following data types. + :paramtype connector_id: str + :keyword data_types: The data types used by the security ml analytics settings. + :paramtype data_types: list[str] """ super().__init__(**kwargs) - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info + self.connector_id = connector_id + self.data_types = data_types -class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Incident. +class SecurityMLAnalyticsSettingsList(_serialization.Model): + """List all the SecurityMLAnalyticsSettings. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of SecurityMLAnalyticsSettings. + :vartype next_link: str + :ivar value: Array of SecurityMLAnalyticsSettings. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[SecurityMLAnalyticsSetting]"}, + } + + def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs: Any) -> None: + """ + :keyword value: Array of SecurityMLAnalyticsSettings. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class SentinelOnboardingState(ResourceWithEtag): + """Sentinel onboarding state. Variables are only populated by the server, and will be ignored when sending a request. @@ -10081,52 +8930,8 @@ class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attribute :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar title: The title of the incident. - :vartype title: str - :ivar description: The description of the incident. - :vartype description: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Describes a user that the incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels relevant to this incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :ivar first_activity_time_utc: The time of the first activity in the incident. - :vartype first_activity_time_utc: ~datetime.datetime - :ivar last_activity_time_utc: The time of the last activity in the incident. - :vartype last_activity_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the incident was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_time_utc: The time the incident was created. - :vartype created_time_utc: ~datetime.datetime - :ivar incident_number: A sequential number. - :vartype incident_number: int - :ivar additional_data: Additional data on the incident. - :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData - :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the - incident. - :vartype related_analytic_rule_ids: list[str] - :ivar incident_url: The deep-link url to the incident in Azure portal. - :vartype incident_url: str - :ivar provider_name: The name of the source provider that generated the incident. - :vartype provider_name: str - :ivar provider_incident_id: The incident ID assigned by the incident provider. - :vartype provider_incident_id: str - :ivar team_information: Describes a team for the incident. - :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :ivar customer_managed_key: Flag that indicates the status of the CMK setting. + :vartype customer_managed_key: bool """ _validation = { @@ -10134,12 +8939,6 @@ class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attribute "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "incident_number": {"readonly": True}, - "additional_data": {"readonly": True}, - "related_analytic_rule_ids": {"readonly": True}, - "incident_url": {"readonly": True}, } _attribute_map = { @@ -10148,195 +8947,29 @@ class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attribute "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "classification": {"key": "properties.classification", "type": "str"}, - "classification_reason": {"key": "properties.classificationReason", "type": "str"}, - "classification_comment": {"key": "properties.classificationComment", "type": "str"}, - "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, - "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, - "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "incident_number": {"key": "properties.incidentNumber", "type": "int"}, - "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, - "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, - "incident_url": {"key": "properties.incidentUrl", "type": "str"}, - "provider_name": {"key": "properties.providerName", "type": "str"}, - "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, - "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, + "customer_managed_key": {"key": "properties.customerManagedKey", "type": "bool"}, } - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - title: Optional[str] = None, - description: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - provider_name: Optional[str] = None, - provider_incident_id: Optional[str] = None, - team_information: Optional["_models.TeamInformation"] = None, - **kwargs - ): + def __init__( + self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword title: The title of the incident. - :paramtype title: str - :keyword description: The description of the incident. - :paramtype description: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Describes a user that the incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels relevant to this incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :keyword first_activity_time_utc: The time of the first activity in the incident. - :paramtype first_activity_time_utc: ~datetime.datetime - :keyword last_activity_time_utc: The time of the last activity in the incident. - :paramtype last_activity_time_utc: ~datetime.datetime - :keyword provider_name: The name of the source provider that generated the incident. - :paramtype provider_name: str - :keyword provider_incident_id: The incident ID assigned by the incident provider. - :paramtype provider_incident_id: str - :keyword team_information: Describes a team for the incident. - :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :keyword customer_managed_key: Flag that indicates the status of the CMK setting. + :paramtype customer_managed_key: bool """ super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels - self.first_activity_time_utc = first_activity_time_utc - self.last_activity_time_utc = last_activity_time_utc - self.last_modified_time_utc = None - self.created_time_utc = None - self.incident_number = None - self.additional_data = None - self.related_analytic_rule_ids = None - self.incident_url = None - self.provider_name = provider_name - self.provider_incident_id = provider_incident_id - self.team_information = team_information - - -class IncidentAdditionalData(_serialization.Model): - """Incident additional data property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar alerts_count: The number of alerts in the incident. - :vartype alerts_count: int - :ivar bookmarks_count: The number of bookmarks in the incident. - :vartype bookmarks_count: int - :ivar comments_count: The number of comments in the incident. - :vartype comments_count: int - :ivar alert_product_names: List of product names of alerts in the incident. - :vartype alert_product_names: list[str] - :ivar tactics: The tactics associated with incident. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques associated with incident's tactics. - :vartype techniques: list[str] - :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 - Defender portal. - :vartype provider_incident_url: str - """ - - _validation = { - "alerts_count": {"readonly": True}, - "bookmarks_count": {"readonly": True}, - "comments_count": {"readonly": True}, - "alert_product_names": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, - "provider_incident_url": {"readonly": True}, - } - - _attribute_map = { - "alerts_count": {"key": "alertsCount", "type": "int"}, - "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, - "comments_count": {"key": "commentsCount", "type": "int"}, - "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.alerts_count = None - self.bookmarks_count = None - self.comments_count = None - self.alert_product_names = None - self.tactics = None - self.techniques = None - self.provider_incident_url = None - - -class IncidentAlertList(_serialization.Model): - """List of incident alerts. - - All required parameters must be populated in order to send to Azure. - - :ivar value: Array of incident alerts. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] - """ - - _validation = { - "value": {"required": True}, - } - - _attribute_map = { - "value": {"key": "value", "type": "[SecurityAlert]"}, - } - - def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs): - """ - :keyword value: Array of incident alerts. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] - """ - super().__init__(**kwargs) - self.value = value + self.customer_managed_key = customer_managed_key -class IncidentBookmarkList(_serialization.Model): - """List of incident bookmarks. +class SentinelOnboardingStatesList(_serialization.Model): + """List of the Sentinel onboarding states. All required parameters must be populated in order to send to Azure. - :ivar value: Array of incident bookmarks. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :ivar value: Array of Sentinel onboarding states. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] """ _validation = { @@ -10344,23 +8977,25 @@ class IncidentBookmarkList(_serialization.Model): } _attribute_map = { - "value": {"key": "value", "type": "[HuntingBookmark]"}, + "value": {"key": "value", "type": "[SentinelOnboardingState]"}, } - def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs): + def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs: Any) -> None: """ - :keyword value: Array of incident bookmarks. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :keyword value: Array of Sentinel onboarding states. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] """ super().__init__(**kwargs) self.value = value -class IncidentComment(ResourceWithEtag): - """Represents an incident comment. +class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a submission mail entity. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -10372,16 +9007,38 @@ class IncidentComment(ResourceWithEtag): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar message: The comment message. - :vartype message: str - :ivar created_time_utc: The time the comment was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The time the comment was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar author: Describes the client that created the comment. - :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_id: The network message id of email to which submission belongs. + :vartype network_message_id: str + :ivar submission_id: The submission id. + :vartype submission_id: str + :ivar submitter: The submitter. + :vartype submitter: str + :ivar submission_date: The submission date. + :vartype submission_date: ~datetime.datetime + :ivar timestamp: The Time stamp when the message is received (Mail). + :vartype timestamp: ~datetime.datetime + :ivar recipient: The recipient of the mail. + :vartype recipient: str + :ivar sender: The sender of the mail. + :vartype sender: str + :ivar sender_ip: The sender's IP. + :vartype sender_ip: str + :ivar subject: The subject of submission mail. + :vartype subject: str + :ivar report_type: The submission type for the given instance. This maps to Junk, Phish, + Malware or NotJunk. + :vartype report_type: str """ _validation = { @@ -10389,9 +9046,19 @@ class IncidentComment(ResourceWithEtag): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "author": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_id": {"readonly": True}, + "submission_id": {"readonly": True}, + "submitter": {"readonly": True}, + "submission_date": {"readonly": True}, + "timestamp": {"readonly": True}, + "recipient": {"readonly": True}, + "sender": {"readonly": True}, + "sender_ip": {"readonly": True}, + "subject": {"readonly": True}, + "report_type": {"readonly": True}, } _attribute_map = { @@ -10399,424 +9066,457 @@ class IncidentComment(ResourceWithEtag): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "message": {"key": "properties.message", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "author": {"key": "properties.author", "type": "ClientInfo"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "submission_id": {"key": "properties.submissionId", "type": "str"}, + "submitter": {"key": "properties.submitter", "type": "str"}, + "submission_date": {"key": "properties.submissionDate", "type": "iso-8601"}, + "timestamp": {"key": "properties.timestamp", "type": "iso-8601"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "sender": {"key": "properties.sender", "type": "str"}, + "sender_ip": {"key": "properties.senderIp", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "report_type": {"key": "properties.reportType", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword message: The comment message. - :paramtype message: str - """ - super().__init__(etag=etag, **kwargs) - self.message = message - self.created_time_utc = None - self.last_modified_time_utc = None - self.author = None + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "SubmissionMail" + self.additional_data = None + self.friendly_name = None + self.network_message_id = None + self.submission_id = None + self.submitter = None + self.submission_date = None + self.timestamp = None + self.recipient = None + self.sender = None + self.sender_ip = None + self.subject = None + self.report_type = None -class IncidentCommentList(_serialization.Model): - """IncidentCommentList. +class SubmissionMailEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Submission mail entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] - :ivar next_link: - :vartype next_link: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_id: The network message id of email to which submission belongs. + :vartype network_message_id: str + :ivar submission_id: The submission id. + :vartype submission_id: str + :ivar submitter: The submitter. + :vartype submitter: str + :ivar submission_date: The submission date. + :vartype submission_date: ~datetime.datetime + :ivar timestamp: The Time stamp when the message is received (Mail). + :vartype timestamp: ~datetime.datetime + :ivar recipient: The recipient of the mail. + :vartype recipient: str + :ivar sender: The sender of the mail. + :vartype sender: str + :ivar sender_ip: The sender's IP. + :vartype sender_ip: str + :ivar subject: The subject of submission mail. + :vartype subject: str + :ivar report_type: The submission type for the given instance. This maps to Junk, Phish, + Malware or NotJunk. + :vartype report_type: str """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_id": {"readonly": True}, + "submission_id": {"readonly": True}, + "submitter": {"readonly": True}, + "submission_date": {"readonly": True}, + "timestamp": {"readonly": True}, + "recipient": {"readonly": True}, + "sender": {"readonly": True}, + "sender_ip": {"readonly": True}, + "subject": {"readonly": True}, + "report_type": {"readonly": True}, } _attribute_map = { - "value": {"key": "value", "type": "[IncidentComment]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "submission_id": {"key": "submissionId", "type": "str"}, + "submitter": {"key": "submitter", "type": "str"}, + "submission_date": {"key": "submissionDate", "type": "iso-8601"}, + "timestamp": {"key": "timestamp", "type": "iso-8601"}, + "recipient": {"key": "recipient", "type": "str"}, + "sender": {"key": "sender", "type": "str"}, + "sender_ip": {"key": "senderIp", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "report_type": {"key": "reportType", "type": "str"}, } - def __init__(self, *, value: List["_models.IncidentComment"], **kwargs): - """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.value = value - self.next_link = None - + self.network_message_id = None + self.submission_id = None + self.submitter = None + self.submission_date = None + self.timestamp = None + self.recipient = None + self.sender = None + self.sender_ip = None + self.subject = None + self.report_type = None -class IncidentConfiguration(_serialization.Model): - """Incident Configuration property bag. - All required parameters must be populated in order to send to Azure. +class SystemData(_serialization.Model): + """Metadata pertaining to creation and last modification of the resource. - :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. - :vartype create_incident: bool - :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are - grouped into incidents. - :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :ivar created_by: The identity that created the resource. + :vartype created_by: str + :ivar created_by_type: The type of identity that created the resource. Known values are: + "User", "Application", "ManagedIdentity", and "Key". + :vartype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :ivar created_at: The timestamp of resource creation (UTC). + :vartype created_at: ~datetime.datetime + :ivar last_modified_by: The identity that last modified the resource. + :vartype last_modified_by: str + :ivar last_modified_by_type: The type of identity that last modified the resource. Known values + are: "User", "Application", "ManagedIdentity", and "Key". + :vartype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :ivar last_modified_at: The timestamp of resource last modification (UTC). + :vartype last_modified_at: ~datetime.datetime """ - _validation = { - "create_incident": {"required": True}, - } - _attribute_map = { - "create_incident": {"key": "createIncident", "type": "bool"}, - "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, + "created_by": {"key": "createdBy", "type": "str"}, + "created_by_type": {"key": "createdByType", "type": "str"}, + "created_at": {"key": "createdAt", "type": "iso-8601"}, + "last_modified_by": {"key": "lastModifiedBy", "type": "str"}, + "last_modified_by_type": {"key": "lastModifiedByType", "type": "str"}, + "last_modified_at": {"key": "lastModifiedAt", "type": "iso-8601"}, } def __init__( self, *, - create_incident: bool, - grouping_configuration: Optional["_models.GroupingConfiguration"] = None, - **kwargs - ): + created_by: Optional[str] = None, + created_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, + created_at: Optional[datetime.datetime] = None, + last_modified_by: Optional[str] = None, + last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, + last_modified_at: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword create_incident: Create incidents from alerts triggered by this analytics rule. - Required. - :paramtype create_incident: bool - :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, - are grouped into incidents. - :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :keyword created_by: The identity that created the resource. + :paramtype created_by: str + :keyword created_by_type: The type of identity that created the resource. Known values are: + "User", "Application", "ManagedIdentity", and "Key". + :paramtype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :keyword created_at: The timestamp of resource creation (UTC). + :paramtype created_at: ~datetime.datetime + :keyword last_modified_by: The identity that last modified the resource. + :paramtype last_modified_by: str + :keyword last_modified_by_type: The type of identity that last modified the resource. Known + values are: "User", "Application", "ManagedIdentity", and "Key". + :paramtype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :keyword last_modified_at: The timestamp of resource last modification (UTC). + :paramtype last_modified_at: ~datetime.datetime """ super().__init__(**kwargs) - self.create_incident = create_incident - self.grouping_configuration = grouping_configuration + self.created_by = created_by + self.created_by_type = created_by_type + self.created_at = created_at + self.last_modified_by = last_modified_by + self.last_modified_by_type = last_modified_by_type + self.last_modified_at = last_modified_at -class IncidentEntitiesResponse(_serialization.Model): - """The incident related entities response. +class ThreatIntelligence(_serialization.Model): + """ThreatIntelligence property bag. - :ivar entities: Array of the incident related entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar meta_data: The metadata from the incident related entities results. - :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str """ + _validation = { + "confidence": {"readonly": True}, + "provider_name": {"readonly": True}, + "report_link": {"readonly": True}, + "threat_description": {"readonly": True}, + "threat_name": {"readonly": True}, + "threat_type": {"readonly": True}, + } + _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, + "confidence": {"key": "confidence", "type": "float"}, + "provider_name": {"key": "providerName", "type": "str"}, + "report_link": {"key": "reportLink", "type": "str"}, + "threat_description": {"key": "threatDescription", "type": "str"}, + "threat_name": {"key": "threatName", "type": "str"}, + "threat_type": {"key": "threatType", "type": "str"}, } - def __init__( - self, - *, - entities: Optional[List["_models.Entity"]] = None, - meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, - **kwargs - ): - """ - :keyword entities: Array of the incident related entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword meta_data: The metadata from the incident related entities results. - :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.entities = entities - self.meta_data = meta_data - + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None -class IncidentEntitiesResultsMetadata(_serialization.Model): - """Information of a specific aggregation in the incident related entities result. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceAppendTags(_serialization.Model): + """Array of tags to be appended to the threat intelligence indicator. - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :vartype count: int + :ivar threat_intelligence_tags: List of tags to be appended. + :vartype threat_intelligence_tags: list[str] """ - _validation = { - "entity_kind": {"required": True}, - "count": {"required": True}, - } - _attribute_map = { - "entity_kind": {"key": "entityKind", "type": "str"}, - "count": {"key": "count", "type": "int"}, + "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, } - def __init__(self, *, entity_kind: Union[str, "_models.EntityKind"], count: int, **kwargs): + def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs: Any) -> None: """ - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :keyword count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :paramtype count: int + :keyword threat_intelligence_tags: List of tags to be appended. + :paramtype threat_intelligence_tags: list[str] """ super().__init__(**kwargs) - self.entity_kind = entity_kind - self.count = count + self.threat_intelligence_tags = threat_intelligence_tags -class IncidentInfo(_serialization.Model): - """Describes related incident information for the bookmark. +class ThreatIntelligenceExternalReference(_serialization.Model): + """Describes external reference. - :ivar incident_id: Incident Id. - :vartype incident_id: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar title: The title of the incident. - :vartype title: str - :ivar relation_name: Relation Name. - :vartype relation_name: str + :ivar description: External reference description. + :vartype description: str + :ivar external_id: External reference ID. + :vartype external_id: str + :ivar source_name: External reference source name. + :vartype source_name: str + :ivar url: External reference URL. + :vartype url: str + :ivar hashes: External reference hashes. + :vartype hashes: dict[str, str] """ _attribute_map = { - "incident_id": {"key": "incidentId", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "title": {"key": "title", "type": "str"}, - "relation_name": {"key": "relationName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "external_id": {"key": "externalId", "type": "str"}, + "source_name": {"key": "sourceName", "type": "str"}, + "url": {"key": "url", "type": "str"}, + "hashes": {"key": "hashes", "type": "{str}"}, } def __init__( self, *, - incident_id: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - title: Optional[str] = None, - relation_name: Optional[str] = None, - **kwargs - ): + description: Optional[str] = None, + external_id: Optional[str] = None, + source_name: Optional[str] = None, + url: Optional[str] = None, + hashes: Optional[Dict[str, str]] = None, + **kwargs: Any + ) -> None: """ - :keyword incident_id: Incident Id. - :paramtype incident_id: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword title: The title of the incident. - :paramtype title: str - :keyword relation_name: Relation Name. - :paramtype relation_name: str + :keyword description: External reference description. + :paramtype description: str + :keyword external_id: External reference ID. + :paramtype external_id: str + :keyword source_name: External reference source name. + :paramtype source_name: str + :keyword url: External reference URL. + :paramtype url: str + :keyword hashes: External reference hashes. + :paramtype hashes: dict[str, str] """ super().__init__(**kwargs) - self.incident_id = incident_id - self.severity = severity - self.title = title - self.relation_name = relation_name - - -class IncidentLabel(_serialization.Model): - """Represents an incident label. + self.description = description + self.external_id = external_id + self.source_name = source_name + self.url = url + self.hashes = hashes - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceFilteringCriteria(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Filtering criteria for querying threat intelligence indicators. - :ivar label_name: The name of the label. Required. - :vartype label_name: str - :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". - :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType + :ivar page_size: Page size. + :vartype page_size: int + :ivar min_confidence: Minimum confidence. + :vartype min_confidence: int + :ivar max_confidence: Maximum confidence. + :vartype max_confidence: int + :ivar min_valid_until: Start time for ValidUntil filter. + :vartype min_valid_until: str + :ivar max_valid_until: End time for ValidUntil filter. + :vartype max_valid_until: str + :ivar include_disabled: Parameter to include/exclude disabled indicators. + :vartype include_disabled: bool + :ivar sort_by: Columns to sort by and sorting order. + :vartype sort_by: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteria] + :ivar sources: Sources of threat intelligence indicators. + :vartype sources: list[str] + :ivar pattern_types: Pattern types. + :vartype pattern_types: list[str] + :ivar threat_types: Threat types of threat intelligence indicators. + :vartype threat_types: list[str] + :ivar ids: Ids of threat intelligence indicators. + :vartype ids: list[str] + :ivar keywords: Keywords for searching threat intelligence indicators. + :vartype keywords: list[str] + :ivar skip_token: Skip token. + :vartype skip_token: str """ - _validation = { - "label_name": {"required": True}, - "label_type": {"readonly": True}, - } - _attribute_map = { - "label_name": {"key": "labelName", "type": "str"}, - "label_type": {"key": "labelType", "type": "str"}, + "page_size": {"key": "pageSize", "type": "int"}, + "min_confidence": {"key": "minConfidence", "type": "int"}, + "max_confidence": {"key": "maxConfidence", "type": "int"}, + "min_valid_until": {"key": "minValidUntil", "type": "str"}, + "max_valid_until": {"key": "maxValidUntil", "type": "str"}, + "include_disabled": {"key": "includeDisabled", "type": "bool"}, + "sort_by": {"key": "sortBy", "type": "[ThreatIntelligenceSortingCriteria]"}, + "sources": {"key": "sources", "type": "[str]"}, + "pattern_types": {"key": "patternTypes", "type": "[str]"}, + "threat_types": {"key": "threatTypes", "type": "[str]"}, + "ids": {"key": "ids", "type": "[str]"}, + "keywords": {"key": "keywords", "type": "[str]"}, + "skip_token": {"key": "skipToken", "type": "str"}, } - def __init__(self, *, label_name: str, **kwargs): + def __init__( + self, + *, + page_size: Optional[int] = None, + min_confidence: Optional[int] = None, + max_confidence: Optional[int] = None, + min_valid_until: Optional[str] = None, + max_valid_until: Optional[str] = None, + include_disabled: Optional[bool] = None, + sort_by: Optional[List["_models.ThreatIntelligenceSortingCriteria"]] = None, + sources: Optional[List[str]] = None, + pattern_types: Optional[List[str]] = None, + threat_types: Optional[List[str]] = None, + ids: Optional[List[str]] = None, + keywords: Optional[List[str]] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword label_name: The name of the label. Required. - :paramtype label_name: str + :keyword page_size: Page size. + :paramtype page_size: int + :keyword min_confidence: Minimum confidence. + :paramtype min_confidence: int + :keyword max_confidence: Maximum confidence. + :paramtype max_confidence: int + :keyword min_valid_until: Start time for ValidUntil filter. + :paramtype min_valid_until: str + :keyword max_valid_until: End time for ValidUntil filter. + :paramtype max_valid_until: str + :keyword include_disabled: Parameter to include/exclude disabled indicators. + :paramtype include_disabled: bool + :keyword sort_by: Columns to sort by and sorting order. + :paramtype sort_by: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteria] + :keyword sources: Sources of threat intelligence indicators. + :paramtype sources: list[str] + :keyword pattern_types: Pattern types. + :paramtype pattern_types: list[str] + :keyword threat_types: Threat types of threat intelligence indicators. + :paramtype threat_types: list[str] + :keyword ids: Ids of threat intelligence indicators. + :paramtype ids: list[str] + :keyword keywords: Keywords for searching threat intelligence indicators. + :paramtype keywords: list[str] + :keyword skip_token: Skip token. + :paramtype skip_token: str """ super().__init__(**kwargs) - self.label_name = label_name - self.label_type = None - - -class IncidentList(_serialization.Model): - """List all the incidents. + self.page_size = page_size + self.min_confidence = min_confidence + self.max_confidence = max_confidence + self.min_valid_until = min_valid_until + self.max_valid_until = max_valid_until + self.include_disabled = include_disabled + self.sort_by = sort_by + self.sources = sources + self.pattern_types = pattern_types + self.threat_types = threat_types + self.ids = ids + self.keywords = keywords + self.skip_token = skip_token - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceGranularMarkingModel(_serialization.Model): + """Describes threat granular marking model entity. - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Incident] - :ivar next_link: URL to fetch the next set of incidents. - :vartype next_link: str + :ivar language: Language granular marking model. + :vartype language: str + :ivar marking_ref: marking reference granular marking model. + :vartype marking_ref: int + :ivar selectors: granular marking model selectors. + :vartype selectors: list[str] """ - _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, - } - _attribute_map = { - "value": {"key": "value", "type": "[Incident]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "language": {"key": "language", "type": "str"}, + "marking_ref": {"key": "markingRef", "type": "int"}, + "selectors": {"key": "selectors", "type": "[str]"}, } - def __init__(self, *, value: List["_models.Incident"], **kwargs): + def __init__( + self, + *, + language: Optional[str] = None, + marking_ref: Optional[int] = None, + selectors: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + :keyword language: Language granular marking model. + :paramtype language: str + :keyword marking_ref: marking reference granular marking model. + :paramtype marking_ref: int + :keyword selectors: granular marking model selectors. + :paramtype selectors: list[str] """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.language = language + self.marking_ref = marking_ref + self.selectors = selectors -class IncidentOwnerInfo(_serialization.Model): - """Information on the user an incident is assigned to. +class ThreatIntelligenceInformation(ResourceWithEtag): + """Threat intelligence information object. - :ivar email: The email of the user the incident is assigned to. - :vartype email: str - :ivar assigned_to: The name of the user the incident is assigned to. - :vartype assigned_to: str - :ivar object_id: The object id of the user the incident is assigned to. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the user the incident is assigned to. - :vartype user_principal_name: str - :ivar owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType - """ - - _attribute_map = { - "email": {"key": "email", "type": "str"}, - "assigned_to": {"key": "assignedTo", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, - "user_principal_name": {"key": "userPrincipalName", "type": "str"}, - "owner_type": {"key": "ownerType", "type": "str"}, - } - - def __init__( - self, - *, - email: Optional[str] = None, - assigned_to: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - owner_type: Optional[Union[str, "_models.OwnerType"]] = None, - **kwargs - ): - """ - :keyword email: The email of the user the incident is assigned to. - :paramtype email: str - :keyword assigned_to: The name of the user the incident is assigned to. - :paramtype assigned_to: str - :keyword object_id: The object id of the user the incident is assigned to. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the user the incident is assigned to. - :paramtype user_principal_name: str - :keyword owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType - """ - super().__init__(**kwargs) - self.email = email - self.assigned_to = assigned_to - self.object_id = object_id - self.user_principal_name = user_principal_name - self.owner_type = owner_type - - -class IncidentPropertiesAction(_serialization.Model): - """IncidentPropertiesAction. - - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Information on the user an incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels to add to the incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - """ - - _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "status": {"key": "status", "type": "str"}, - "classification": {"key": "classification", "type": "str"}, - "classification_reason": {"key": "classificationReason", "type": "str"}, - "classification_comment": {"key": "classificationComment", "type": "str"}, - "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "labels", "type": "[IncidentLabel]"}, - } - - def __init__( - self, - *, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - **kwargs - ): - """ - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Information on the user an incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels to add to the incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - """ - super().__init__(**kwargs) - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels - - -class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """IncidentTask. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ThreatIntelligenceIndicatorModel Variables are only populated by the server, and will be ignored when sending a request. @@ -10835,20 +9535,8 @@ class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attri :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar title: The title of the task. Required. - :vartype title: str - :ivar description: The description of the task. - :vartype description: str - :ivar status: Required. Known values are: "New" and "Completed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :ivar created_time_utc: The time the task was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the task was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_by: Information on the client (user or application) that made some action. - :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :ivar last_modified_by: Information on the client (user or application) that made some action. - :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar kind: The kind of the entity. Required. "indicator" + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind """ _validation = { @@ -10856,10 +9544,7 @@ class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attri "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "title": {"required": True}, - "status": {"required": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { @@ -10868,11084 +9553,370 @@ class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attri "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, - "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - title: str, - status: Union[str, "_models.IncidentTaskStatus"], - etag: Optional[str] = None, - description: Optional[str] = None, - created_by: Optional["_models.ClientInfo"] = None, - last_modified_by: Optional["_models.ClientInfo"] = None, - **kwargs - ): + _subtype_map = {"kind": {"indicator": "ThreatIntelligenceIndicatorModel"}} + + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword title: The title of the task. Required. - :paramtype title: str - :keyword description: The description of the task. - :paramtype description: str - :keyword status: Required. Known values are: "New" and "Completed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :keyword created_by: Information on the client (user or application) that made some action. - :paramtype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :keyword last_modified_by: Information on the client (user or application) that made some - action. - :paramtype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo """ super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.status = status - self.created_time_utc = None - self.last_modified_time_utc = None - self.created_by = created_by - self.last_modified_by = last_modified_by - - -class IncidentTaskList(_serialization.Model): - """IncidentTaskList. - - :ivar value: - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :ivar next_link: - :vartype next_link: str - """ - - _attribute_map = { - "value": {"key": "value", "type": "[IncidentTask]"}, - "next_link": {"key": "nextLink", "type": "str"}, - } - - def __init__( - self, *, value: Optional[List["_models.IncidentTask"]] = None, next_link: Optional[str] = None, **kwargs - ): - """ - :keyword value: - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :keyword next_link: - :paramtype next_link: str - """ - super().__init__(**kwargs) - self.value = value - self.next_link = next_link + self.kind: Optional[str] = None -class InsightQueryItem(EntityQueryItem): - """Represents Insight Query. +class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): # pylint: disable=too-many-instance-attributes + """Threat intelligence indicator entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Query Template ARM ID. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of the resource. :vartype name: str - :ivar type: ARM Type. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar properties: Properties bag for InsightQueryItem. - :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the entity. Required. "indicator" + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar threat_intelligence_tags: List of tags. + :vartype threat_intelligence_tags: list[str] + :ivar last_updated_time_utc: Last updated time in UTC. + :vartype last_updated_time_utc: str + :ivar source: Source of a threat intelligence entity. + :vartype source: str + :ivar display_name: Display name of a threat intelligence entity. + :vartype display_name: str + :ivar description: Description of a threat intelligence entity. + :vartype description: str + :ivar indicator_types: Indicator types of threat intelligence entities. + :vartype indicator_types: list[str] + :ivar pattern: Pattern of a threat intelligence entity. + :vartype pattern: str + :ivar pattern_type: Pattern type of a threat intelligence entity. + :vartype pattern_type: str + :ivar pattern_version: Pattern version of a threat intelligence entity. + :vartype pattern_version: str + :ivar kill_chain_phases: Kill chain phases. + :vartype kill_chain_phases: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] + :ivar parsed_pattern: Parsed patterns. + :vartype parsed_pattern: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] + :ivar external_id: External ID of threat intelligence entity. + :vartype external_id: str + :ivar created_by_ref: Created by reference of threat intelligence entity. + :vartype created_by_ref: str + :ivar defanged: Is threat intelligence entity defanged. + :vartype defanged: bool + :ivar external_last_updated_time_utc: External last updated time in UTC. + :vartype external_last_updated_time_utc: str + :ivar external_references: External References. + :vartype external_references: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] + :ivar granular_markings: Granular Markings. + :vartype granular_markings: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] + :ivar labels: Labels of threat intelligence entity. + :vartype labels: list[str] + :ivar revoked: Is threat intelligence entity revoked. + :vartype revoked: bool + :ivar confidence: Confidence of threat intelligence entity. + :vartype confidence: int + :ivar object_marking_refs: Threat intelligence entity object marking references. + :vartype object_marking_refs: list[str] + :ivar language: Language of threat intelligence entity. + :vartype language: str + :ivar threat_types: Threat types. + :vartype threat_types: list[str] + :ivar valid_from: Valid from. + :vartype valid_from: str + :ivar valid_until: Valid until. + :vartype valid_until: str + :ivar created: Created by. + :vartype created: str + :ivar modified: Modified by. + :vartype modified: str + :ivar extensions: Extensions map. + :vartype extensions: dict[str, any] """ _validation = { "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - type: Optional[str] = None, - properties: Optional["_models.InsightQueryItemProperties"] = None, - **kwargs - ): - """ - :keyword name: Query Template ARM Name. - :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str - :keyword properties: Properties bag for InsightQueryItem. - :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties - """ - super().__init__(name=name, type=type, **kwargs) - self.kind: str = "Insight" - self.properties = properties - - -class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes - """Represents Insight Query. - - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - :ivar display_name: The insight display name. - :vartype display_name: str - :ivar description: The insight description. - :vartype description: str - :ivar base_query: The base query of the insight. - :vartype base_query: str - :ivar table_query: The insight table query. - :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :ivar chart_query: The insight chart query. - :vartype chart_query: JSON - :ivar additional_query: The activity query definitions. - :vartype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :ivar default_time_range: The insight chart query. - :vartype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :ivar reference_time_range: The insight chart query. - :vartype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, - "display_name": {"key": "displayName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "base_query": {"key": "baseQuery", "type": "str"}, - "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, - "chart_query": {"key": "chartQuery", "type": "object"}, - "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, - "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, - "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "threat_intelligence_tags": {"key": "properties.threatIntelligenceTags", "type": "[str]"}, + "last_updated_time_utc": {"key": "properties.lastUpdatedTimeUtc", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "indicator_types": {"key": "properties.indicatorTypes", "type": "[str]"}, + "pattern": {"key": "properties.pattern", "type": "str"}, + "pattern_type": {"key": "properties.patternType", "type": "str"}, + "pattern_version": {"key": "properties.patternVersion", "type": "str"}, + "kill_chain_phases": {"key": "properties.killChainPhases", "type": "[ThreatIntelligenceKillChainPhase]"}, + "parsed_pattern": {"key": "properties.parsedPattern", "type": "[ThreatIntelligenceParsedPattern]"}, + "external_id": {"key": "properties.externalId", "type": "str"}, + "created_by_ref": {"key": "properties.createdByRef", "type": "str"}, + "defanged": {"key": "properties.defanged", "type": "bool"}, + "external_last_updated_time_utc": {"key": "properties.externalLastUpdatedTimeUtc", "type": "str"}, + "external_references": { + "key": "properties.externalReferences", + "type": "[ThreatIntelligenceExternalReference]", + }, + "granular_markings": {"key": "properties.granularMarkings", "type": "[ThreatIntelligenceGranularMarkingModel]"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "revoked": {"key": "properties.revoked", "type": "bool"}, + "confidence": {"key": "properties.confidence", "type": "int"}, + "object_marking_refs": {"key": "properties.objectMarkingRefs", "type": "[str]"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_types": {"key": "properties.threatTypes", "type": "[str]"}, + "valid_from": {"key": "properties.validFrom", "type": "str"}, + "valid_until": {"key": "properties.validUntil", "type": "str"}, + "created": {"key": "properties.created", "type": "str"}, + "modified": {"key": "properties.modified", "type": "str"}, + "extensions": {"key": "properties.extensions", "type": "{object}"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, + etag: Optional[str] = None, + threat_intelligence_tags: Optional[List[str]] = None, + last_updated_time_utc: Optional[str] = None, + source: Optional[str] = None, display_name: Optional[str] = None, description: Optional[str] = None, - base_query: Optional[str] = None, - table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, - chart_query: Optional[JSON] = None, - additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, - default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, - reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, - **kwargs - ): + indicator_types: Optional[List[str]] = None, + pattern: Optional[str] = None, + pattern_type: Optional[str] = None, + pattern_version: Optional[str] = None, + kill_chain_phases: Optional[List["_models.ThreatIntelligenceKillChainPhase"]] = None, + parsed_pattern: Optional[List["_models.ThreatIntelligenceParsedPattern"]] = None, + external_id: Optional[str] = None, + created_by_ref: Optional[str] = None, + defanged: Optional[bool] = None, + external_last_updated_time_utc: Optional[str] = None, + external_references: Optional[List["_models.ThreatIntelligenceExternalReference"]] = None, + granular_markings: Optional[List["_models.ThreatIntelligenceGranularMarkingModel"]] = None, + labels: Optional[List[str]] = None, + revoked: Optional[bool] = None, + confidence: Optional[int] = None, + object_marking_refs: Optional[List[str]] = None, + language: Optional[str] = None, + threat_types: Optional[List[str]] = None, + valid_from: Optional[str] = None, + valid_until: Optional[str] = None, + created: Optional[str] = None, + modified: Optional[str] = None, + extensions: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - :keyword display_name: The insight display name. + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword threat_intelligence_tags: List of tags. + :paramtype threat_intelligence_tags: list[str] + :keyword last_updated_time_utc: Last updated time in UTC. + :paramtype last_updated_time_utc: str + :keyword source: Source of a threat intelligence entity. + :paramtype source: str + :keyword display_name: Display name of a threat intelligence entity. :paramtype display_name: str - :keyword description: The insight description. + :keyword description: Description of a threat intelligence entity. :paramtype description: str - :keyword base_query: The base query of the insight. - :paramtype base_query: str - :keyword table_query: The insight table query. - :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :keyword chart_query: The insight chart query. - :paramtype chart_query: JSON - :keyword additional_query: The activity query definitions. - :paramtype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :keyword default_time_range: The insight chart query. - :paramtype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :keyword reference_time_range: The insight chart query. - :paramtype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + :keyword indicator_types: Indicator types of threat intelligence entities. + :paramtype indicator_types: list[str] + :keyword pattern: Pattern of a threat intelligence entity. + :paramtype pattern: str + :keyword pattern_type: Pattern type of a threat intelligence entity. + :paramtype pattern_type: str + :keyword pattern_version: Pattern version of a threat intelligence entity. + :paramtype pattern_version: str + :keyword kill_chain_phases: Kill chain phases. + :paramtype kill_chain_phases: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] + :keyword parsed_pattern: Parsed patterns. + :paramtype parsed_pattern: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] + :keyword external_id: External ID of threat intelligence entity. + :paramtype external_id: str + :keyword created_by_ref: Created by reference of threat intelligence entity. + :paramtype created_by_ref: str + :keyword defanged: Is threat intelligence entity defanged. + :paramtype defanged: bool + :keyword external_last_updated_time_utc: External last updated time in UTC. + :paramtype external_last_updated_time_utc: str + :keyword external_references: External References. + :paramtype external_references: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] + :keyword granular_markings: Granular Markings. + :paramtype granular_markings: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] + :keyword labels: Labels of threat intelligence entity. + :paramtype labels: list[str] + :keyword revoked: Is threat intelligence entity revoked. + :paramtype revoked: bool + :keyword confidence: Confidence of threat intelligence entity. + :paramtype confidence: int + :keyword object_marking_refs: Threat intelligence entity object marking references. + :paramtype object_marking_refs: list[str] + :keyword language: Language of threat intelligence entity. + :paramtype language: str + :keyword threat_types: Threat types. + :paramtype threat_types: list[str] + :keyword valid_from: Valid from. + :paramtype valid_from: str + :keyword valid_until: Valid until. + :paramtype valid_until: str + :keyword created: Created by. + :paramtype created: str + :keyword modified: Modified by. + :paramtype modified: str + :keyword extensions: Extensions map. + :paramtype extensions: dict[str, any] """ - super().__init__( - data_types=data_types, - input_entity_type=input_entity_type, - required_input_fields_sets=required_input_fields_sets, - entities_filter=entities_filter, - **kwargs - ) + super().__init__(etag=etag, **kwargs) + self.kind: str = "indicator" + self.additional_data = None + self.friendly_name = None + self.threat_intelligence_tags = threat_intelligence_tags + self.last_updated_time_utc = last_updated_time_utc + self.source = source self.display_name = display_name self.description = description - self.base_query = base_query - self.table_query = table_query - self.chart_query = chart_query - self.additional_query = additional_query - self.default_time_range = default_time_range - self.reference_time_range = reference_time_range + self.indicator_types = indicator_types + self.pattern = pattern + self.pattern_type = pattern_type + self.pattern_version = pattern_version + self.kill_chain_phases = kill_chain_phases + self.parsed_pattern = parsed_pattern + self.external_id = external_id + self.created_by_ref = created_by_ref + self.defanged = defanged + self.external_last_updated_time_utc = external_last_updated_time_utc + self.external_references = external_references + self.granular_markings = granular_markings + self.labels = labels + self.revoked = revoked + self.confidence = confidence + self.object_marking_refs = object_marking_refs + self.language = language + self.threat_types = threat_types + self.valid_from = valid_from + self.valid_until = valid_until + self.created = created + self.modified = modified + self.extensions = extensions -class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): - """The activity query definitions. +class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Describes threat intelligence entity properties. - :ivar query: The insight query. - :vartype query: str - :ivar text: The insight text. - :vartype text: str + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar threat_intelligence_tags: List of tags. + :vartype threat_intelligence_tags: list[str] + :ivar last_updated_time_utc: Last updated time in UTC. + :vartype last_updated_time_utc: str + :ivar source: Source of a threat intelligence entity. + :vartype source: str + :ivar display_name: Display name of a threat intelligence entity. + :vartype display_name: str + :ivar description: Description of a threat intelligence entity. + :vartype description: str + :ivar indicator_types: Indicator types of threat intelligence entities. + :vartype indicator_types: list[str] + :ivar pattern: Pattern of a threat intelligence entity. + :vartype pattern: str + :ivar pattern_type: Pattern type of a threat intelligence entity. + :vartype pattern_type: str + :ivar pattern_version: Pattern version of a threat intelligence entity. + :vartype pattern_version: str + :ivar kill_chain_phases: Kill chain phases. + :vartype kill_chain_phases: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] + :ivar parsed_pattern: Parsed patterns. + :vartype parsed_pattern: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] + :ivar external_id: External ID of threat intelligence entity. + :vartype external_id: str + :ivar created_by_ref: Created by reference of threat intelligence entity. + :vartype created_by_ref: str + :ivar defanged: Is threat intelligence entity defanged. + :vartype defanged: bool + :ivar external_last_updated_time_utc: External last updated time in UTC. + :vartype external_last_updated_time_utc: str + :ivar external_references: External References. + :vartype external_references: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] + :ivar granular_markings: Granular Markings. + :vartype granular_markings: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] + :ivar labels: Labels of threat intelligence entity. + :vartype labels: list[str] + :ivar revoked: Is threat intelligence entity revoked. + :vartype revoked: bool + :ivar confidence: Confidence of threat intelligence entity. + :vartype confidence: int + :ivar object_marking_refs: Threat intelligence entity object marking references. + :vartype object_marking_refs: list[str] + :ivar language: Language of threat intelligence entity. + :vartype language: str + :ivar threat_types: Threat types. + :vartype threat_types: list[str] + :ivar valid_from: Valid from. + :vartype valid_from: str + :ivar valid_until: Valid until. + :vartype valid_until: str + :ivar created: Created by. + :vartype created: str + :ivar modified: Modified by. + :vartype modified: str + :ivar extensions: Extensions map. + :vartype extensions: dict[str, any] """ - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "text": {"key": "text", "type": "str"}, - } - - def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs): - """ - :keyword query: The insight query. - :paramtype query: str - :keyword text: The insight text. - :paramtype text: str - """ - super().__init__(**kwargs) - self.query = query - self.text = text - - -class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): - """The insight chart query. - - :ivar before_range: The padding for the start time of the query. - :vartype before_range: str - :ivar after_range: The padding for the end time of the query. - :vartype after_range: str - """ - - _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, - "after_range": {"key": "afterRange", "type": "str"}, - } - - def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs): - """ - :keyword before_range: The padding for the start time of the query. - :paramtype before_range: str - :keyword after_range: The padding for the end time of the query. - :paramtype after_range: str - """ - super().__init__(**kwargs) - self.before_range = before_range - self.after_range = after_range - - -class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): - """The insight chart query. - - :ivar before_range: Additional query time for looking back. - :vartype before_range: str - """ - - _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, - } - - def __init__(self, *, before_range: Optional[str] = None, **kwargs): - """ - :keyword before_range: Additional query time for looking back. - :paramtype before_range: str - """ - super().__init__(**kwargs) - self.before_range = before_range - - -class InsightQueryItemPropertiesTableQuery(_serialization.Model): - """The insight table query. - - :ivar columns_definitions: List of insight column definitions. - :vartype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :ivar queries_definitions: List of insight queries definitions. - :vartype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] - """ - - _attribute_map = { - "columns_definitions": { - "key": "columnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", - }, - "queries_definitions": { - "key": "queriesDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", - }, - } - - def __init__( - self, - *, - columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] - ] = None, - queries_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] - ] = None, - **kwargs - ): - """ - :keyword columns_definitions: List of insight column definitions. - :paramtype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :keyword queries_definitions: List of insight queries definitions. - :paramtype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] - """ - super().__init__(**kwargs) - self.columns_definitions = columns_definitions - self.queries_definitions = queries_definitions - - -class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. - - :ivar header: Insight column header. - :vartype header: str - :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :ivar support_deep_link: Is query supports deep-link. - :vartype support_deep_link: bool - """ - - _attribute_map = { - "header": {"key": "header", "type": "str"}, - "output_type": {"key": "outputType", "type": "str"}, - "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, - } - - def __init__( - self, - *, - header: Optional[str] = None, - output_type: Optional[Union[str, "_models.OutputType"]] = None, - support_deep_link: Optional[bool] = None, - **kwargs - ): - """ - :keyword header: Insight column header. - :paramtype header: str - :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :keyword support_deep_link: Is query supports deep-link. - :paramtype support_deep_link: bool - """ - super().__init__(**kwargs) - self.header = header - self.output_type = output_type - self.support_deep_link = support_deep_link - - -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. - - :ivar filter: Insight column header. - :vartype filter: str - :ivar summarize: Insight column header. - :vartype summarize: str - :ivar project: Insight column header. - :vartype project: str - :ivar link_columns_definitions: Insight column header. - :vartype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] - """ - - _attribute_map = { - "filter": {"key": "filter", "type": "str"}, - "summarize": {"key": "summarize", "type": "str"}, - "project": {"key": "project", "type": "str"}, - "link_columns_definitions": { - "key": "linkColumnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", - }, - } - - def __init__( - self, - *, - filter: Optional[str] = None, # pylint: disable=redefined-builtin - summarize: Optional[str] = None, - project: Optional[str] = None, - link_columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] - ] = None, - **kwargs - ): - """ - :keyword filter: Insight column header. - :paramtype filter: str - :keyword summarize: Insight column header. - :paramtype summarize: str - :keyword project: Insight column header. - :paramtype project: str - :keyword link_columns_definitions: Insight column header. - :paramtype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] - """ - super().__init__(**kwargs) - self.filter = filter - self.summarize = summarize - self.project = project - self.link_columns_definitions = link_columns_definitions - - -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. - - :ivar projected_name: Insight Link Definition Projected Name. - :vartype projected_name: str - :ivar query: Insight Link Definition Query. - :vartype query: str - """ - - _attribute_map = { - "projected_name": {"key": "projectedName", "type": "str"}, - "query": {"key": "Query", "type": "str"}, - } - - def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs): - """ - :keyword projected_name: Insight Link Definition Projected Name. - :paramtype projected_name: str - :keyword query: Insight Link Definition Query. - :paramtype query: str - """ - super().__init__(**kwargs) - self.projected_name = projected_name - self.query = query - - -class InsightsTableResult(_serialization.Model): - """Query results for table insights query. - - :ivar columns: Columns Metadata of the table. - :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :ivar rows: Rows data of the table. - :vartype rows: list[list[str]] - """ - - _attribute_map = { - "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, - "rows": {"key": "rows", "type": "[[str]]"}, - } - - def __init__( - self, - *, - columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, - rows: Optional[List[List[str]]] = None, - **kwargs - ): - """ - :keyword columns: Columns Metadata of the table. - :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :keyword rows: Rows data of the table. - :paramtype rows: list[list[str]] - """ - super().__init__(**kwargs) - self.columns = columns - self.rows = rows - - -class InsightsTableResultColumnsItem(_serialization.Model): - """InsightsTableResultColumnsItem. - - :ivar type: the type of the colum. - :vartype type: str - :ivar name: the name of the colum. - :vartype name: str - """ - - _attribute_map = { - "type": {"key": "type", "type": "str"}, - "name": {"key": "name", "type": "str"}, - } - - def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs): - """ - :keyword type: the type of the colum. - :paramtype type: str - :keyword name: the name of the colum. - :paramtype name: str - """ - super().__init__(**kwargs) - self.type = type - self.name = name - - -class Instructions(_serialization.Model): - """Instructions section of a recommendation. - - All required parameters must be populated in order to send to Azure. - - :ivar actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :vartype actions_to_be_performed: str - :ivar recommendation_importance: Explains why the recommendation is important. Required. - :vartype recommendation_importance: str - :ivar how_to_perform_action_details: How should the user complete the recommendation. - :vartype how_to_perform_action_details: str - """ - - _validation = { - "actions_to_be_performed": {"required": True}, - "recommendation_importance": {"required": True}, - } - - _attribute_map = { - "actions_to_be_performed": {"key": "actionsToBePerformed", "type": "str"}, - "recommendation_importance": {"key": "recommendationImportance", "type": "str"}, - "how_to_perform_action_details": {"key": "howToPerformActionDetails", "type": "str"}, - } - - def __init__( - self, - *, - actions_to_be_performed: str, - recommendation_importance: str, - how_to_perform_action_details: Optional[str] = None, - **kwargs - ): - """ - :keyword actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :paramtype actions_to_be_performed: str - :keyword recommendation_importance: Explains why the recommendation is important. Required. - :paramtype recommendation_importance: str - :keyword how_to_perform_action_details: How should the user complete the recommendation. - :paramtype how_to_perform_action_details: str - """ - super().__init__(**kwargs) - self.actions_to_be_performed = actions_to_be_performed - self.recommendation_importance = recommendation_importance - self.how_to_perform_action_details = how_to_perform_action_details - - -class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): - """InstructionStepsInstructionsItem. - - All required parameters must be populated in order to send to Azure. - - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - - _validation = { - "type": {"required": True}, - } - - _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, - "type": {"key": "type", "type": "str"}, - } - - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): - """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - super().__init__(parameters=parameters, type=type, **kwargs) - - -class IoTCheckRequirements(DataConnectorsCheckRequirements): - """Represents IoT requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, - } - - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): - """ - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(**kwargs) - self.kind: str = "IOT" - self.subscription_id = subscription_id - - -class IoTDataConnector(DataConnector): - """Represents IoT data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "IOT" - self.data_types = data_types - self.subscription_id = subscription_id - - -class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): - """IoT data connector properties. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "subscriptionId", "type": "str"}, - } - - def __init__( - self, - *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(data_types=data_types, **kwargs) - self.subscription_id = subscription_id - - -class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents an IoT device entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "device_id": {"key": "properties.deviceId", "type": "str"}, - "device_name": {"key": "properties.deviceName", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "properties.deviceType", "type": "str"}, - "vendor": {"key": "properties.vendor", "type": "str"}, - "edge_id": {"key": "properties.edgeId", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "model": {"key": "properties.model", "type": "str"}, - "serial_number": {"key": "properties.serialNumber", "type": "str"}, - "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, - "operating_system": {"key": "properties.operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "properties.protocols", "type": "[str]"}, - "owners": {"key": "properties.owners", "type": "[str]"}, - "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, - "site": {"key": "properties.site", "type": "str"}, - "zone": {"key": "properties.zone", "type": "str"}, - "sensor": {"key": "properties.sensor", "type": "str"}, - "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, - "importance": {"key": "properties.importance", "type": "str"}, - "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, - "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, - "is_programming": {"key": "properties.isProgramming", "type": "bool"}, - "is_scanner": {"key": "properties.isScanner", "type": "bool"}, - } - - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): - """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - """ - super().__init__(**kwargs) - self.kind: str = "IoTDevice" - self.additional_data = None - self.friendly_name = None - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None - - -class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """IoTDevice entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "device_id": {"key": "deviceId", "type": "str"}, - "device_name": {"key": "deviceName", "type": "str"}, - "source": {"key": "source", "type": "str"}, - "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "deviceType", "type": "str"}, - "vendor": {"key": "vendor", "type": "str"}, - "edge_id": {"key": "edgeId", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "model": {"key": "model", "type": "str"}, - "serial_number": {"key": "serialNumber", "type": "str"}, - "firmware_version": {"key": "firmwareVersion", "type": "str"}, - "operating_system": {"key": "operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "protocols", "type": "[str]"}, - "owners": {"key": "owners", "type": "[str]"}, - "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, - "site": {"key": "site", "type": "str"}, - "zone": {"key": "zone", "type": "str"}, - "sensor": {"key": "sensor", "type": "str"}, - "device_sub_type": {"key": "deviceSubType", "type": "str"}, - "importance": {"key": "importance", "type": "str"}, - "purdue_layer": {"key": "purdueLayer", "type": "str"}, - "is_authorized": {"key": "isAuthorized", "type": "bool"}, - "is_programming": {"key": "isProgramming", "type": "bool"}, - "is_scanner": {"key": "isScanner", "type": "bool"}, - } - - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): - """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - """ - super().__init__(**kwargs) - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None - - -class IpEntity(Entity): - """Represents an ip entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "address": {"key": "properties.address", "type": "str"}, - "location": {"key": "properties.location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Ip" - self.additional_data = None - self.friendly_name = None - self.address = None - self.location = None - self.threat_intelligence = None - - -class IpEntityProperties(EntityCommonProperties): - """Ip entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "address": {"key": "address", "type": "str"}, - "location": {"key": "location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.address = None - self.location = None - self.threat_intelligence = None - - -class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mailbox entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "upn": {"key": "properties.upn", "type": "str"}, - "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Mailbox" - self.additional_data = None - self.friendly_name = None - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None - - -class MailboxEntityProperties(EntityCommonProperties): - """Mailbox entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "upn": {"key": "upn", "type": "str"}, - "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None - - -class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail cluster entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, - "mail_count": {"key": "properties.mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, - "source": {"key": "properties.source", "type": "str"}, - "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "MailCluster" - self.additional_data = None - self.friendly_name = None - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None - - -class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail cluster entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, - "threats": {"key": "threats", "type": "[str]"}, - "query": {"key": "query", "type": "str"}, - "query_time": {"key": "queryTime", "type": "iso-8601"}, - "mail_count": {"key": "mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, - "source": {"key": "source", "type": "str"}, - "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "clusterGroup", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None - - -class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail message entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "recipient": {"key": "properties.recipient", "type": "str"}, - "urls": {"key": "properties.urls", "type": "[str]"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "p1_sender": {"key": "properties.p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "properties.senderIP", "type": "str"}, - "p2_sender": {"key": "properties.p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, - "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, - "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, - "subject": {"key": "properties.subject", "type": "str"}, - "language": {"key": "properties.language", "type": "str"}, - "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, - "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, - "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): - """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - super().__init__(**kwargs) - self.kind: str = "MailMessage" - self.additional_data = None - self.friendly_name = None - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location - - -class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail message entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "recipient": {"key": "recipient", "type": "str"}, - "urls": {"key": "urls", "type": "[str]"}, - "threats": {"key": "threats", "type": "[str]"}, - "p1_sender": {"key": "p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "senderIP", "type": "str"}, - "p2_sender": {"key": "p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, - "receive_date": {"key": "receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "networkMessageId", "type": "str"}, - "internet_message_id": {"key": "internetMessageId", "type": "str"}, - "subject": {"key": "subject", "type": "str"}, - "language": {"key": "language", "type": "str"}, - "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "antispamDirection", "type": "str"}, - "delivery_action": {"key": "deliveryAction", "type": "str"}, - "delivery_location": {"key": "deliveryLocation", "type": "str"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): - """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - super().__init__(**kwargs) - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location - - -class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a malware entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "category": {"key": "properties.category", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "properties.malwareName", "type": "str"}, - "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Malware" - self.additional_data = None - self.friendly_name = None - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - - -class MalwareEntityProperties(EntityCommonProperties): - """Malware entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "category": {"key": "category", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "malwareName", "type": "str"}, - "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - - -class ManualTriggerRequestBody(_serialization.Model): - """ManualTriggerRequestBody. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: - :vartype tenant_id: str - :ivar logic_apps_resource_id: Required. - :vartype logic_apps_resource_id: str - """ - - _validation = { - "logic_apps_resource_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, - } - - def __init__(self, *, logic_apps_resource_id: str, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: - :paramtype tenant_id: str - :keyword logic_apps_resource_id: Required. - :paramtype logic_apps_resource_id: str - """ - super().__init__(**kwargs) - self.tenant_id = tenant_id - self.logic_apps_resource_id = logic_apps_resource_id - - -class MCASCheckRequirements(DataConnectorsCheckRequirements): - """Represents MCAS (Microsoft Cloud App Security) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - - -class MCASCheckRequirementsProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MCASDataConnector(DataConnector): - """Represents MCAS (Microsoft Cloud App Security) data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - self.data_types = data_types - - -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): - """The available data types for MCAS (Microsoft Cloud App Security) data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar alerts: Alerts data type connection. Required. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :ivar discovery_logs: Discovery log data type connection. - :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - """ - - _validation = { - "alerts": {"required": True}, - } - - _attribute_map = { - "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, - "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, - } - - def __init__( - self, - *, - alerts: "_models.DataConnectorDataTypeCommon", - discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, - **kwargs - ): - """ - :keyword alerts: Alerts data type connection. Required. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :keyword discovery_logs: Discovery log data type connection. - :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - """ - super().__init__(alerts=alerts, **kwargs) - self.discovery_logs = discovery_logs - - -class MCASDataConnectorProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class MDATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - - -class MDATPCheckRequirementsProperties(DataConnectorTenantId): - """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MDATPDataConnector(DataConnector): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - self.data_types = data_types - - -class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - - -class MetadataAuthor(_serialization.Model): - """Publisher or creator of the content item. - - :ivar name: Name of the author. Company or person. - :vartype name: str - :ivar email: Email of author contact. - :vartype email: str - :ivar link: Link for author/vendor page. - :vartype link: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, - } - - def __init__( - self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs - ): - """ - :keyword name: Name of the author. Company or person. - :paramtype name: str - :keyword email: Email of author contact. - :paramtype email: str - :keyword link: Link for author/vendor page. - :paramtype link: str - """ - super().__init__(**kwargs) - self.name = name - self.email = email - self.link = link - - -class MetadataCategories(_serialization.Model): - """ies for the solution content item. - - :ivar domains: domain for the solution content item. - :vartype domains: list[str] - :ivar verticals: Industry verticals for the solution content item. - :vartype verticals: list[str] - """ - - _attribute_map = { - "domains": {"key": "domains", "type": "[str]"}, - "verticals": {"key": "verticals", "type": "[str]"}, - } - - def __init__(self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs): - """ - :keyword domains: domain for the solution content item. - :paramtype domains: list[str] - :keyword verticals: Industry verticals for the solution content item. - :paramtype verticals: list[str] - """ - super().__init__(**kwargs) - self.domains = domains - self.verticals = verticals - - -class MetadataDependencies(_serialization.Model): - """Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. - - :ivar content_id: Id of the content item we depend on. - :vartype content_id: str - :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :vartype version: str - :ivar name: Name of the content item. - :vartype name: str - :ivar operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator - :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] - """ - - _attribute_map = { - "content_id": {"key": "contentId", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "operator": {"key": "operator", "type": "str"}, - "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, - } - - def __init__( - self, - *, - content_id: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - version: Optional[str] = None, - name: Optional[str] = None, - operator: Optional[Union[str, "_models.Operator"]] = None, - criteria: Optional[List["_models.MetadataDependencies"]] = None, - **kwargs - ): - """ - :keyword content_id: Id of the content item we depend on. - :paramtype content_id: str - :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :paramtype version: str - :keyword name: Name of the content item. - :paramtype name: str - :keyword operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator - :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] - """ - super().__init__(**kwargs) - self.content_id = content_id - self.kind = kind - self.version = version - self.name = name - self.operator = operator - self.criteria = criteria - - -class MetadataList(_serialization.Model): - """List of all the metadata. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar value: Array of metadata. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] - :ivar next_link: URL to fetch the next page of metadata. - :vartype next_link: str - """ - - _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, - } - - _attribute_map = { - "value": {"key": "value", "type": "[MetadataModel]"}, - "next_link": {"key": "nextLink", "type": "str"}, - } - - def __init__(self, *, value: List["_models.MetadataModel"], **kwargs): - """ - :keyword value: Array of metadata. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] - """ - super().__init__(**kwargs) - self.value = value - self.next_link = None - - -class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata resource definition. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] - """ - super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark - - -class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata patch request body. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] - """ - super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark - - -class MetadataSource(_serialization.Model): - """The original source of the content item, where it comes from. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. - :vartype name: str - :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. - :vartype source_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "source_id": {"key": "sourceId", "type": "str"}, - } - - def __init__( - self, - *, - kind: Union[str, "_models.SourceKind"], - name: Optional[str] = None, - source_id: Optional[str] = None, - **kwargs - ): - """ - :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :keyword name: Name of the content source. The repo name, solution name, LA workspace name - etc. - :paramtype name: str - :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. - :paramtype source_id: str - """ - super().__init__(**kwargs) - self.kind = kind - self.name = name - self.source_id = source_id - - -class MetadataSupport(_serialization.Model): - """Support information for the content item. - - All required parameters must be populated in order to send to Azure. - - :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :ivar name: Name of the support contact. Company or person. - :vartype name: str - :ivar email: Email of support contact. - :vartype email: str - :ivar link: Link for support help, like to support page to open a ticket etc. - :vartype link: str - """ - - _validation = { - "tier": {"required": True}, - } - - _attribute_map = { - "tier": {"key": "tier", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, - } - - def __init__( - self, - *, - tier: Union[str, "_models.SupportTier"], - name: Optional[str] = None, - email: Optional[str] = None, - link: Optional[str] = None, - **kwargs - ): - """ - :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :keyword name: Name of the support contact. Company or person. - :paramtype name: str - :keyword email: Email of support contact. - :paramtype email: str - :keyword link: Link for support help, like to support page to open a ticket etc. - :paramtype link: str - """ - super().__init__(**kwargs) - self.tier = tier - self.name = name - self.email = email - self.link = link - - -class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - - -class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): - """MicrosoftSecurityIncidentCreation rule common property bag. - - All required parameters must be populated in order to send to Azure. - - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - - _validation = { - "product_filter": {"required": True}, - } - - _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, - } - - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__(**kwargs) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - - -class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): - """MicrosoftSecurityIncidentCreation rule property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. Required. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - """ - - _validation = { - "product_filter": {"required": True}, - "display_name": {"required": True}, - "enabled": {"required": True}, - "last_modified_utc": {"readonly": True}, - } - - _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, - "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, - } - - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_name: str, - enabled: bool, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - **kwargs - ): - """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. Required. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. - :paramtype enabled: bool - """ - super().__init__( - display_names_filter=display_names_filter, - display_names_exclude_filter=display_names_exclude_filter, - product_filter=product_filter, - severities_filter=severities_filter, - **kwargs - ) - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - - -class MicrosoftSecurityIncidentCreationAlertRuleTemplate( - AlertRuleTemplate -): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule template. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, - } - - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__(**kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - - -class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( - AlertRuleTemplatePropertiesBase -): # pylint: disable=too-many-instance-attributes - """MicrosoftSecurityIncidentCreation rule template properties. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, - } - - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - **kwargs - ) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - - -class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None - - -class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule template. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "severity": {"key": "properties.severity", "type": "str"}, - } - - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__(**kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.severity = severity - - -class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): - """MLBehaviorAnalytics alert rule template properties. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: - "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - "severity": {"required": True}, - } - - _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "severity": {"key": "severity", "type": "str"}, - } - - def __init__( - self, - *, - severity: Union[str, "_models.AlertSeverity"], - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Required. Known values - are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - **kwargs - ) - self.severity = severity - - -class MSTICheckRequirements(DataConnectorsCheckRequirements): - """Represents Microsoft Threat Intelligence requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatIntelligence" - self.tenant_id = tenant_id - - -class MSTICheckRequirementsProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MSTIDataConnector(DataConnector): - """Represents Microsoft Threat Intelligence data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatIntelligence" - self.tenant_id = tenant_id - self.data_types = data_types - - -class MSTIDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Intelligence Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data - connector. Required. - :vartype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :vartype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - """ - - _validation = { - "bing_safety_phishing_url": {"required": True}, - "microsoft_emerging_threat_feed": {"required": True}, - } - - _attribute_map = { - "bing_safety_phishing_url": { - "key": "bingSafetyPhishingURL", - "type": "MSTIDataConnectorDataTypesBingSafetyPhishingURL", - }, - "microsoft_emerging_threat_feed": { - "key": "microsoftEmergingThreatFeed", - "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - }, - } - - def __init__( - self, - *, - bing_safety_phishing_url: "_models.MSTIDataConnectorDataTypesBingSafetyPhishingURL", - microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - **kwargs - ): - """ - :keyword bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data - connector. Required. - :paramtype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :paramtype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - """ - super().__init__(**kwargs) - self.bing_safety_phishing_url = bing_safety_phishing_url - self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed - - -class MSTIDataConnectorDataTypesBingSafetyPhishingURL(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str - """ - - _validation = { - "state": {"required": True}, - "lookback_period": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str - """ - super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period - - -class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str - """ - - _validation = { - "state": {"required": True}, - "lookback_period": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str - """ - super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period - - -class MSTIDataConnectorProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class MtpCheckRequirements(DataConnectorsCheckRequirements): - """Represents MTP (Microsoft Threat Protection) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatProtection" - self.tenant_id = tenant_id - - -class MTPCheckRequirementsProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MTPDataConnector(DataConnector): - """Represents MTP (Microsoft Threat Protection) data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatProtection" - self.tenant_id = tenant_id - self.data_types = data_types - - -class MTPDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Protection Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar incidents: Data type for Microsoft Threat Protection Platforms data connector. Required. - :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents - """ - - _validation = { - "incidents": {"required": True}, - } - - _attribute_map = { - "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, - } - - def __init__(self, *, incidents: "_models.MTPDataConnectorDataTypesIncidents", **kwargs): - """ - :keyword incidents: Data type for Microsoft Threat Protection Platforms data connector. - Required. - :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents - """ - super().__init__(**kwargs) - self.incidents = incidents - - -class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Protection Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class MTPDataConnectorProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.MTPDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class NicEntity(Entity): - """Represents an network interface entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "vlans": {"key": "properties.vlans", "type": "[str]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Nic" - self.additional_data = None - self.friendly_name = None - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None - - -class NicEntityProperties(EntityCommonProperties): - """Nic entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "vlans": {"key": "vlans", "type": "[str]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None - - -class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :vartype template_version: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or - disabled. - :vartype suppression_enabled: bool - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar incident_configuration: The settings of the incidents that created from alerts triggered - by this analytics rule. - :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "template_version": {"key": "properties.templateVersion", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, - "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, - "severity": {"key": "properties.severity", "type": "str"}, - "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - template_version: Optional[str] = None, - description: Optional[str] = None, - query: Optional[str] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - suppression_duration: Optional[datetime.timedelta] = None, - suppression_enabled: Optional[bool] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - incident_configuration: Optional["_models.IncidentConfiguration"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :paramtype template_version: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled - or disabled. - :paramtype suppression_enabled: bool - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword incident_configuration: The settings of the incidents that created from alerts - triggered by this analytics rule. - :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "NRT" - self.alert_rule_template_name = alert_rule_template_name - self.template_version = template_version - self.description = description - self.query = query - self.tactics = tactics - self.techniques = techniques - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.suppression_duration = suppression_duration - self.suppression_enabled = suppression_enabled - self.severity = severity - self.incident_configuration = incident_configuration - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - - -class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule template. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - } - - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - super().__init__(**kwargs) - self.kind: str = "NRT" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - - -class QueryBasedAlertRuleTemplateProperties(_serialization.Model): - """Query based alert rule template base property bag. - - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - } - - def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): - """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - super().__init__(**kwargs) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - - -class NrtAlertRuleTemplateProperties( - AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties -): # pylint: disable=too-many-instance-attributes - """NRT alert rule template properties. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - """ - - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - } - - def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - query=query, - severity=severity, - version=version, - custom_details=custom_details, - entity_mappings=entity_mappings, - alert_details_override=alert_details_override, - event_grouping_settings=event_grouping_settings, - sentinel_entities_mappings=sentinel_entities_mappings, - **kwargs - ) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - - -class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): - """Represents Office365 Project requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "Office365Project" - self.tenant_id = tenant_id - - -class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): - """Office365 Project requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class Office365ProjectConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft Project data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs - """ - - _validation = { - "logs": {"required": True}, - } - - _attribute_map = { - "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, - } - - def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs): - """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs - """ - super().__init__(**kwargs) - self.logs = logs - - -class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class Office365ProjectDataConnector(DataConnector): - """Represents Office Microsoft Project data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365Project" - self.tenant_id = tenant_id - self.data_types = data_types - - -class Office365ProjectDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft Project data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficeATP" - self.tenant_id = tenant_id - - -class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): - """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class OfficeATPDataConnector(DataConnector): - """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeATP" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - - -class OfficeConsent(Resource): - """Consent for Office365 tenant that already made. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar tenant_id: The tenantId of the Office365 with the consent. - :vartype tenant_id: str - :ivar consent_id: Help to easily cascade among the data layers. - :vartype consent_id: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "consent_id": {"key": "properties.consentId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenantId of the Office365 with the consent. - :paramtype tenant_id: str - :keyword consent_id: Help to easily cascade among the data layers. - :paramtype consent_id: str - """ - super().__init__(**kwargs) - self.tenant_id = tenant_id - self.consent_id = consent_id - - -class OfficeConsentList(_serialization.Model): - """List of all the office365 consents. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of office consents. - :vartype next_link: str - :ivar value: Array of the consents. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[OfficeConsent]"}, - } - - def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs): - """ - :keyword value: Array of the consents. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class OfficeDataConnector(DataConnector): - """Represents office data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficeDataConnectorDataTypes(_serialization.Model): - """The available data types for office data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar exchange: Exchange data type connection. Required. - :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :ivar share_point: SharePoint data type connection. Required. - :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :ivar teams: Teams data type connection. Required. - :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams - """ - - _validation = { - "exchange": {"required": True}, - "share_point": {"required": True}, - "teams": {"required": True}, - } - - _attribute_map = { - "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, - "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, - "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, - } - - def __init__( - self, - *, - exchange: "_models.OfficeDataConnectorDataTypesExchange", - share_point: "_models.OfficeDataConnectorDataTypesSharePoint", - teams: "_models.OfficeDataConnectorDataTypesTeams", - **kwargs - ): - """ - :keyword exchange: Exchange data type connection. Required. - :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :keyword share_point: SharePoint data type connection. Required. - :paramtype share_point: - ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :keyword teams: Teams data type connection. Required. - :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams - """ - super().__init__(**kwargs) - self.exchange = exchange - self.share_point = share_point - self.teams = teams - - -class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): - """Exchange data type connection. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): - """SharePoint data type connection. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): - """Teams data type connection. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class OfficeDataConnectorProperties(DataConnectorTenantId): - """Office data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficeIRM" - self.tenant_id = tenant_id - - -class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): - """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class OfficeIRMDataConnector(DataConnector): - """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeIRM" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeIRM (Microsoft Insider Risk Management) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - - -class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): - """Represents Office PowerBI requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id - - -class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): - """Office PowerBI requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class OfficePowerBIConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft PowerBI data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs - """ - - _validation = { - "logs": {"required": True}, - } - - _attribute_map = { - "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, - } - - def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs): - """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs - """ - super().__init__(**kwargs) - self.logs = logs - - -class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - - -class OfficePowerBIDataConnector(DataConnector): - """Represents Office Microsoft PowerBI data connector. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft PowerBI data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class Operation(_serialization.Model): - """Operation provided by provider. - - :ivar display: Properties of the operation. - :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :ivar name: Name of the operation. - :vartype name: str - :ivar origin: The origin of the operation. - :vartype origin: str - :ivar is_data_action: Indicates whether the operation is a data action. - :vartype is_data_action: bool - """ - - _attribute_map = { - "display": {"key": "display", "type": "OperationDisplay"}, - "name": {"key": "name", "type": "str"}, - "origin": {"key": "origin", "type": "str"}, - "is_data_action": {"key": "isDataAction", "type": "bool"}, - } - - def __init__( - self, - *, - display: Optional["_models.OperationDisplay"] = None, - name: Optional[str] = None, - origin: Optional[str] = None, - is_data_action: Optional[bool] = None, - **kwargs - ): - """ - :keyword display: Properties of the operation. - :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :keyword name: Name of the operation. - :paramtype name: str - :keyword origin: The origin of the operation. - :paramtype origin: str - :keyword is_data_action: Indicates whether the operation is a data action. - :paramtype is_data_action: bool - """ - super().__init__(**kwargs) - self.display = display - self.name = name - self.origin = origin - self.is_data_action = is_data_action - - -class OperationDisplay(_serialization.Model): - """Properties of the operation. - - :ivar description: Description of the operation. - :vartype description: str - :ivar operation: Operation name. - :vartype operation: str - :ivar provider: Provider name. - :vartype provider: str - :ivar resource: Resource name. - :vartype resource: str - """ - - _attribute_map = { - "description": {"key": "description", "type": "str"}, - "operation": {"key": "operation", "type": "str"}, - "provider": {"key": "provider", "type": "str"}, - "resource": {"key": "resource", "type": "str"}, - } - - def __init__( - self, - *, - description: Optional[str] = None, - operation: Optional[str] = None, - provider: Optional[str] = None, - resource: Optional[str] = None, - **kwargs - ): - """ - :keyword description: Description of the operation. - :paramtype description: str - :keyword operation: Operation name. - :paramtype operation: str - :keyword provider: Provider name. - :paramtype provider: str - :keyword resource: Resource name. - :paramtype resource: str - """ - super().__init__(**kwargs) - self.description = description - self.operation = operation - self.provider = provider - self.resource = resource - - -class OperationsList(_serialization.Model): - """Lists the operations available in the SecurityInsights RP. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of operations. - :vartype next_link: str - :ivar value: Array of operations. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Operation] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Operation]"}, - } - - def __init__(self, *, value: List["_models.Operation"], **kwargs): - """ - :keyword value: Array of operations. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class Permissions(_serialization.Model): - """Permissions required for the connector. - - :ivar resource_provider: Resource provider permissions required for the connector. - :vartype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :ivar customs: Customs permissions required for the connector. - :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] - """ - - _attribute_map = { - "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, - "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, - } - - def __init__( - self, - *, - resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, - customs: Optional[List["_models.PermissionsCustomsItem"]] = None, - **kwargs - ): - """ - :keyword resource_provider: Resource provider permissions required for the connector. - :paramtype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :keyword customs: Customs permissions required for the connector. - :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] - """ - super().__init__(**kwargs) - self.resource_provider = resource_provider - self.customs = customs - - -class PermissionsCustomsItem(Customs): - """PermissionsCustomsItem. - - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str - """ - super().__init__(name=name, description=description, **kwargs) - - -class ResourceProvider(_serialization.Model): - """Resource provider permissions required for the connector. - - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - - _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, - } - - def __init__( - self, - *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): - """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - super().__init__(**kwargs) - self.provider = provider - self.permissions_display_text = permissions_display_text - self.provider_display_name = provider_display_name - self.scope = scope - self.required_permissions = required_permissions - - -class PermissionsResourceProviderItem(ResourceProvider): - """PermissionsResourceProviderItem. - - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - - _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, - } - - def __init__( - self, - *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): - """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - super().__init__( - provider=provider, - permissions_display_text=permissions_display_text, - provider_display_name=provider_display_name, - scope=scope, - required_permissions=required_permissions, - **kwargs - ) - - -class PlaybookActionProperties(_serialization.Model): - """PlaybookActionProperties. - - :ivar logic_app_resource_id: The resource id of the playbook resource. - :vartype logic_app_resource_id: str - :ivar tenant_id: The tenant id of the playbook resource. - :vartype tenant_id: str - """ - - _attribute_map = { - "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, logic_app_resource_id: Optional[str] = None, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword logic_app_resource_id: The resource id of the playbook resource. - :paramtype logic_app_resource_id: str - :keyword tenant_id: The tenant id of the playbook resource. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.logic_app_resource_id = logic_app_resource_id - self.tenant_id = tenant_id - - -class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a process entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, - "command_line": {"key": "properties.commandLine", "type": "str"}, - "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "properties.elevationToken", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, - "process_id": {"key": "properties.processId", "type": "str"}, - } - - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): - """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - """ - super().__init__(**kwargs) - self.kind: str = "Process" - self.additional_data = None - self.friendly_name = None - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None - - -class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Process entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "account_entity_id": {"key": "accountEntityId", "type": "str"}, - "command_line": {"key": "commandLine", "type": "str"}, - "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "elevationToken", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, - "process_id": {"key": "processId", "type": "str"}, - } - - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): - """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - """ - super().__init__(**kwargs) - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None - - -class PropertyArrayChangedConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that evaluates an array property's value change. - - All required parameters must be populated in order to send to Azure. - - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType - :ivar condition_properties: - :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition - """ - - _validation = { - "condition_type": {"required": True}, - } - - _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - "condition_properties": { - "key": "conditionProperties", - "type": "AutomationRulePropertyArrayChangedValuesCondition", - }, - } - - def __init__( - self, - *, - condition_properties: Optional["_models.AutomationRulePropertyArrayChangedValuesCondition"] = None, - **kwargs - ): - """ - :keyword condition_properties: - :paramtype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition - """ - super().__init__(**kwargs) - self.condition_type: str = "PropertyArrayChanged" - self.condition_properties = condition_properties - - -class PropertyArrayConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that evaluates an array property's value. - - All required parameters must be populated in order to send to Azure. - - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType - :ivar condition_properties: - :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayValuesCondition - """ - - _validation = { - "condition_type": {"required": True}, - } - - _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyArrayValuesCondition"}, - } - - def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, **kwargs - ): - """ - :keyword condition_properties: - :paramtype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayValuesCondition - """ - super().__init__(**kwargs) - self.condition_type: str = "PropertyArray" - self.condition_properties = condition_properties - - -class PropertyChangedConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that evaluates a property's value change. - - All required parameters must be populated in order to send to Azure. - - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType - :ivar condition_properties: - :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition - """ - - _validation = { - "condition_type": {"required": True}, - } - - _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesChangedCondition"}, - } - - def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, **kwargs - ): - """ - :keyword condition_properties: - :paramtype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition - """ - super().__init__(**kwargs) - self.condition_type: str = "PropertyChanged" - self.condition_properties = condition_properties - - -class PropertyConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that evaluates a property's value. - - All required parameters must be populated in order to send to Azure. - - :ivar condition_type: Required. Known values are: "Property", "PropertyArray", - "PropertyChanged", "PropertyArrayChanged", and "Boolean". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType - :ivar condition_properties: - :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition - """ - - _validation = { - "condition_type": {"required": True}, - } - - _attribute_map = { - "condition_type": {"key": "conditionType", "type": "str"}, - "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesCondition"}, - } - - def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs - ): - """ - :keyword condition_properties: - :paramtype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition - """ - super().__init__(**kwargs) - self.condition_type: str = "Property" - self.condition_properties = condition_properties - - -class Recommendation(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Recommendation object. - - All required parameters must be populated in order to send to Azure. - - :ivar id: id of recommendation. Required. - :vartype id: str - :ivar instructions: Instructions of the recommendation. Required. - :vartype instructions: ~azure.mgmt.securityinsight.models.Instructions - :ivar content: Content of the recommendation. - :vartype content: ~azure.mgmt.securityinsight.models.Content - :ivar resource_id: Id of the resource this recommendation refers to. - :vartype resource_id: str - :ivar additional_properties: Collection of additional properties for the recommendation. - :vartype additional_properties: dict[str, str] - :ivar title: Title of the recommendation. Required. - :vartype title: str - :ivar description: Description of the recommendation. Required. - :vartype description: str - :ivar recommendation_type_title: Title of the recommendation type. Required. - :vartype recommendation_type_title: str - :ivar recommendation_type_id: Id of the recommendation type. Required. - :vartype recommendation_type_id: str - :ivar category: Category of the recommendation. Required. Known values are: "Onboarding", - "NewFeature", "SocEfficiency", "CostOptimization", and "Demo". - :vartype category: str or ~azure.mgmt.securityinsight.models.Category - :ivar context: Context of the recommendation. Required. Known values are: "Analytics", - "Incidents", "Overview", and "None". - :vartype context: str or ~azure.mgmt.securityinsight.models.Context - :ivar workspace_id: Id of the workspace this recommendation refers to. Required. - :vartype workspace_id: str - :ivar actions: List of actions to take for this recommendation. Required. - :vartype actions: list[~azure.mgmt.securityinsight.models.RecommendedAction] - :ivar state: State of the recommendation. Required. Known values are: "Active", "Disabled", - "CompletedByUser", "CompletedByAction", and "Hidden". - :vartype state: str or ~azure.mgmt.securityinsight.models.State - :ivar priority: Priority of the recommendation. Required. Known values are: "Low", "Medium", - and "High". - :vartype priority: str or ~azure.mgmt.securityinsight.models.Priority - :ivar last_evaluated_time_utc: The time stamp (UTC) when the recommendation was last evaluated. - Required. - :vartype last_evaluated_time_utc: ~datetime.datetime - :ivar hide_until_time_utc: The time stamp (UTC) when the recommendation should be displayed - again. - :vartype hide_until_time_utc: ~datetime.datetime - :ivar display_until_time_utc: The timestamp (UTC) after which the recommendation should not be - displayed anymore. - :vartype display_until_time_utc: ~datetime.datetime - :ivar visible: Value indicating if the recommendation should be displayed or not. - :vartype visible: bool - """ - - _validation = { - "id": {"required": True}, - "instructions": {"required": True}, - "title": {"required": True}, - "description": {"required": True}, - "recommendation_type_title": {"required": True}, - "recommendation_type_id": {"required": True}, - "category": {"required": True}, - "context": {"required": True}, - "workspace_id": {"required": True}, - "actions": {"required": True}, - "state": {"required": True}, - "priority": {"required": True}, - "last_evaluated_time_utc": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "instructions": {"key": "instructions", "type": "Instructions"}, - "content": {"key": "content", "type": "Content"}, - "resource_id": {"key": "resourceId", "type": "str"}, - "additional_properties": {"key": "additionalProperties", "type": "{str}"}, - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "recommendation_type_title": {"key": "recommendationTypeTitle", "type": "str"}, - "recommendation_type_id": {"key": "recommendationTypeId", "type": "str"}, - "category": {"key": "category", "type": "str"}, - "context": {"key": "context", "type": "str"}, - "workspace_id": {"key": "workspaceId", "type": "str"}, - "actions": {"key": "actions", "type": "[RecommendedAction]"}, - "state": {"key": "state", "type": "str"}, - "priority": {"key": "priority", "type": "str"}, - "last_evaluated_time_utc": {"key": "lastEvaluatedTimeUtc", "type": "iso-8601"}, - "hide_until_time_utc": {"key": "hideUntilTimeUtc", "type": "iso-8601"}, - "display_until_time_utc": {"key": "displayUntilTimeUtc", "type": "iso-8601"}, - "visible": {"key": "visible", "type": "bool"}, - } - - def __init__( - self, - *, - id: str, # pylint: disable=redefined-builtin - instructions: "_models.Instructions", - title: str, - description: str, - recommendation_type_title: str, - recommendation_type_id: str, - category: Union[str, "_models.Category"], - context: Union[str, "_models.Context"], - workspace_id: str, - actions: List["_models.RecommendedAction"], - state: Union[str, "_models.State"], - priority: Union[str, "_models.Priority"], - last_evaluated_time_utc: datetime.datetime, - content: Optional["_models.Content"] = None, - resource_id: Optional[str] = None, - additional_properties: Optional[Dict[str, str]] = None, - hide_until_time_utc: Optional[datetime.datetime] = None, - display_until_time_utc: Optional[datetime.datetime] = None, - visible: Optional[bool] = None, - **kwargs - ): - """ - :keyword id: id of recommendation. Required. - :paramtype id: str - :keyword instructions: Instructions of the recommendation. Required. - :paramtype instructions: ~azure.mgmt.securityinsight.models.Instructions - :keyword content: Content of the recommendation. - :paramtype content: ~azure.mgmt.securityinsight.models.Content - :keyword resource_id: Id of the resource this recommendation refers to. - :paramtype resource_id: str - :keyword additional_properties: Collection of additional properties for the recommendation. - :paramtype additional_properties: dict[str, str] - :keyword title: Title of the recommendation. Required. - :paramtype title: str - :keyword description: Description of the recommendation. Required. - :paramtype description: str - :keyword recommendation_type_title: Title of the recommendation type. Required. - :paramtype recommendation_type_title: str - :keyword recommendation_type_id: Id of the recommendation type. Required. - :paramtype recommendation_type_id: str - :keyword category: Category of the recommendation. Required. Known values are: "Onboarding", - "NewFeature", "SocEfficiency", "CostOptimization", and "Demo". - :paramtype category: str or ~azure.mgmt.securityinsight.models.Category - :keyword context: Context of the recommendation. Required. Known values are: "Analytics", - "Incidents", "Overview", and "None". - :paramtype context: str or ~azure.mgmt.securityinsight.models.Context - :keyword workspace_id: Id of the workspace this recommendation refers to. Required. - :paramtype workspace_id: str - :keyword actions: List of actions to take for this recommendation. Required. - :paramtype actions: list[~azure.mgmt.securityinsight.models.RecommendedAction] - :keyword state: State of the recommendation. Required. Known values are: "Active", "Disabled", - "CompletedByUser", "CompletedByAction", and "Hidden". - :paramtype state: str or ~azure.mgmt.securityinsight.models.State - :keyword priority: Priority of the recommendation. Required. Known values are: "Low", "Medium", - and "High". - :paramtype priority: str or ~azure.mgmt.securityinsight.models.Priority - :keyword last_evaluated_time_utc: The time stamp (UTC) when the recommendation was last - evaluated. Required. - :paramtype last_evaluated_time_utc: ~datetime.datetime - :keyword hide_until_time_utc: The time stamp (UTC) when the recommendation should be displayed - again. - :paramtype hide_until_time_utc: ~datetime.datetime - :keyword display_until_time_utc: The timestamp (UTC) after which the recommendation should not - be displayed anymore. - :paramtype display_until_time_utc: ~datetime.datetime - :keyword visible: Value indicating if the recommendation should be displayed or not. - :paramtype visible: bool - """ - super().__init__(**kwargs) - self.id = id - self.instructions = instructions - self.content = content - self.resource_id = resource_id - self.additional_properties = additional_properties - self.title = title - self.description = description - self.recommendation_type_title = recommendation_type_title - self.recommendation_type_id = recommendation_type_id - self.category = category - self.context = context - self.workspace_id = workspace_id - self.actions = actions - self.state = state - self.priority = priority - self.last_evaluated_time_utc = last_evaluated_time_utc - self.hide_until_time_utc = hide_until_time_utc - self.display_until_time_utc = display_until_time_utc - self.visible = visible - - -class RecommendationList(_serialization.Model): - """A list of recommendations. - - :ivar value: An list of recommendations. - :vartype value: list[~azure.mgmt.securityinsight.models.Recommendation] - """ - - _attribute_map = { - "value": {"key": "value", "type": "[Recommendation]"}, - } - - def __init__(self, *, value: Optional[List["_models.Recommendation"]] = None, **kwargs): - """ - :keyword value: An list of recommendations. - :paramtype value: list[~azure.mgmt.securityinsight.models.Recommendation] - """ - super().__init__(**kwargs) - self.value = value - - -class RecommendationPatch(_serialization.Model): - """Recommendation Fields to update. - - :ivar state: State of the recommendation. Known values are: "Active", "Disabled", - "CompletedByUser", "CompletedByAction", and "Hidden". - :vartype state: str or ~azure.mgmt.securityinsight.models.State - :ivar hide_until_time_utc: The time stamp (UTC) when the recommendation should be displayed - again. - :vartype hide_until_time_utc: ~datetime.datetime - """ - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - "hide_until_time_utc": {"key": "hideUntilTimeUtc", "type": "iso-8601"}, - } - - def __init__( - self, - *, - state: Optional[Union[str, "_models.State"]] = None, - hide_until_time_utc: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword state: State of the recommendation. Known values are: "Active", "Disabled", - "CompletedByUser", "CompletedByAction", and "Hidden". - :paramtype state: str or ~azure.mgmt.securityinsight.models.State - :keyword hide_until_time_utc: The time stamp (UTC) when the recommendation should be displayed - again. - :paramtype hide_until_time_utc: ~datetime.datetime - """ - super().__init__(**kwargs) - self.state = state - self.hide_until_time_utc = hide_until_time_utc - - -class RecommendedAction(_serialization.Model): - """What actions should be taken to complete the recommendation. - - All required parameters must be populated in order to send to Azure. - - :ivar link_text: Text of the link to complete the action. Required. - :vartype link_text: str - :ivar link_url: The Link to complete the action. Required. - :vartype link_url: str - :ivar state: The state of the action. Known values are: "Low", "Medium", and "High". - :vartype state: str or ~azure.mgmt.securityinsight.models.Priority - """ - - _validation = { - "link_text": {"required": True}, - "link_url": {"required": True}, - } - - _attribute_map = { - "link_text": {"key": "linkText", "type": "str"}, - "link_url": {"key": "linkUrl", "type": "str"}, - "state": {"key": "state", "type": "str"}, - } - - def __init__( - self, *, link_text: str, link_url: str, state: Optional[Union[str, "_models.Priority"]] = None, **kwargs - ): - """ - :keyword link_text: Text of the link to complete the action. Required. - :paramtype link_text: str - :keyword link_url: The Link to complete the action. Required. - :paramtype link_url: str - :keyword state: The state of the action. Known values are: "Low", "Medium", and "High". - :paramtype state: str or ~azure.mgmt.securityinsight.models.Priority - """ - super().__init__(**kwargs) - self.link_text = link_text - self.link_url = link_url - self.state = state - - -class RegistryKeyEntity(Entity): - """Represents a registry key entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", - "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and - "HKEY_CURRENT_USER". - :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive - :ivar key: The registry key path. - :vartype key: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "hive": {"readonly": True}, - "key": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "hive": {"key": "properties.hive", "type": "str"}, - "key": {"key": "properties.key", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "RegistryKey" - self.additional_data = None - self.friendly_name = None - self.hive = None - self.key = None - - -class RegistryKeyEntityProperties(EntityCommonProperties): - """RegistryKey entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", - "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and - "HKEY_CURRENT_USER". - :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive - :ivar key: The registry key path. - :vartype key: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "hive": {"readonly": True}, - "key": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "hive": {"key": "hive", "type": "str"}, - "key": {"key": "key", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.hive = None - self.key = None - - -class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a registry value entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar key_entity_id: The registry key entity id. - :vartype key_entity_id: str - :ivar value_data: String formatted representation of the value data. - :vartype value_data: str - :ivar value_name: The registry value name. - :vartype value_name: str - :ivar value_type: Specifies the data types to use when storing values in the registry, or - identifies the data type of a value in the registry. Known values are: "None", "Unknown", - "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". - :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "key_entity_id": {"readonly": True}, - "value_data": {"readonly": True}, - "value_name": {"readonly": True}, - "value_type": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "key_entity_id": {"key": "properties.keyEntityId", "type": "str"}, - "value_data": {"key": "properties.valueData", "type": "str"}, - "value_name": {"key": "properties.valueName", "type": "str"}, - "value_type": {"key": "properties.valueType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "RegistryValue" - self.additional_data = None - self.friendly_name = None - self.key_entity_id = None - self.value_data = None - self.value_name = None - self.value_type = None - - -class RegistryValueEntityProperties(EntityCommonProperties): - """RegistryValue entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar key_entity_id: The registry key entity id. - :vartype key_entity_id: str - :ivar value_data: String formatted representation of the value data. - :vartype value_data: str - :ivar value_name: The registry value name. - :vartype value_name: str - :ivar value_type: Specifies the data types to use when storing values in the registry, or - identifies the data type of a value in the registry. Known values are: "None", "Unknown", - "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". - :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "key_entity_id": {"readonly": True}, - "value_data": {"readonly": True}, - "value_name": {"readonly": True}, - "value_type": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "key_entity_id": {"key": "keyEntityId", "type": "str"}, - "value_data": {"key": "valueData", "type": "str"}, - "value_name": {"key": "valueName", "type": "str"}, - "value_type": {"key": "valueType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.key_entity_id = None - self.value_data = None - self.value_name = None - self.value_type = None - - -class Relation(ResourceWithEtag): - """Represents a relation between two resources. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar related_resource_id: The resource ID of the related resource. - :vartype related_resource_id: str - :ivar related_resource_name: The name of the related resource. - :vartype related_resource_name: str - :ivar related_resource_type: The resource type of the related resource. - :vartype related_resource_type: str - :ivar related_resource_kind: The resource kind of the related resource. - :vartype related_resource_kind: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "related_resource_name": {"readonly": True}, - "related_resource_type": {"readonly": True}, - "related_resource_kind": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "related_resource_id": {"key": "properties.relatedResourceId", "type": "str"}, - "related_resource_name": {"key": "properties.relatedResourceName", "type": "str"}, - "related_resource_type": {"key": "properties.relatedResourceType", "type": "str"}, - "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, - } - - def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword related_resource_id: The resource ID of the related resource. - :paramtype related_resource_id: str - """ - super().__init__(etag=etag, **kwargs) - self.related_resource_id = related_resource_id - self.related_resource_name = None - self.related_resource_type = None - self.related_resource_kind = None - - -class RelationList(_serialization.Model): - """List of relations. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of relations. - :vartype next_link: str - :ivar value: Array of relations. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Relation] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Relation]"}, - } - - def __init__(self, *, value: List["_models.Relation"], **kwargs): - """ - :keyword value: Array of relations. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class Repo(_serialization.Model): - """Represents a repository. - - :ivar url: The url to access the repository. - :vartype url: str - :ivar full_name: The name of the repository. - :vartype full_name: str - :ivar branches: Array of branches. - :vartype branches: list[str] - """ - - _attribute_map = { - "url": {"key": "url", "type": "str"}, - "full_name": {"key": "fullName", "type": "str"}, - "branches": {"key": "branches", "type": "[str]"}, - } - - def __init__( - self, - *, - url: Optional[str] = None, - full_name: Optional[str] = None, - branches: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword url: The url to access the repository. - :paramtype url: str - :keyword full_name: The name of the repository. - :paramtype full_name: str - :keyword branches: Array of branches. - :paramtype branches: list[str] - """ - super().__init__(**kwargs) - self.url = url - self.full_name = full_name - self.branches = branches - - -class RepoList(_serialization.Model): - """List all the source controls. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of repositories. - :vartype next_link: str - :ivar value: Array of repositories. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Repo] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Repo]"}, - } - - def __init__(self, *, value: List["_models.Repo"], **kwargs): - """ - :keyword value: Array of repositories. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Repo] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class Repository(_serialization.Model): - """metadata of a repository. - - :ivar url: Url of repository. - :vartype url: str - :ivar branch: Branch name of repository. - :vartype branch: str - :ivar display_url: Display url of repository. - :vartype display_url: str - :ivar deployment_logs_url: Url to access repository action logs. - :vartype deployment_logs_url: str - :ivar path_mapping: Dictionary of source control content type and path mapping. - :vartype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] - """ - - _attribute_map = { - "url": {"key": "url", "type": "str"}, - "branch": {"key": "branch", "type": "str"}, - "display_url": {"key": "displayUrl", "type": "str"}, - "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - "path_mapping": {"key": "pathMapping", "type": "[ContentPathMap]"}, - } - - def __init__( - self, - *, - url: Optional[str] = None, - branch: Optional[str] = None, - display_url: Optional[str] = None, - deployment_logs_url: Optional[str] = None, - path_mapping: Optional[List["_models.ContentPathMap"]] = None, - **kwargs - ): - """ - :keyword url: Url of repository. - :paramtype url: str - :keyword branch: Branch name of repository. - :paramtype branch: str - :keyword display_url: Display url of repository. - :paramtype display_url: str - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - :keyword path_mapping: Dictionary of source control content type and path mapping. - :paramtype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] - """ - super().__init__(**kwargs) - self.url = url - self.branch = branch - self.display_url = display_url - self.deployment_logs_url = deployment_logs_url - self.path_mapping = path_mapping - - -class RepositoryResourceInfo(_serialization.Model): - """Resources created in user's repository for the source-control. - - :ivar webhook: The webhook object created for the source-control. - :vartype webhook: ~azure.mgmt.securityinsight.models.Webhook - :ivar git_hub_resource_info: Resources created in GitHub for this source-control. - :vartype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo - :ivar azure_dev_ops_resource_info: Resources created in Azure DevOps for this source-control. - :vartype azure_dev_ops_resource_info: - ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo - """ - - _attribute_map = { - "webhook": {"key": "webhook", "type": "Webhook"}, - "git_hub_resource_info": {"key": "gitHubResourceInfo", "type": "GitHubResourceInfo"}, - "azure_dev_ops_resource_info": {"key": "azureDevOpsResourceInfo", "type": "AzureDevOpsResourceInfo"}, - } - - def __init__( - self, - *, - webhook: Optional["_models.Webhook"] = None, - git_hub_resource_info: Optional["_models.GitHubResourceInfo"] = None, - azure_dev_ops_resource_info: Optional["_models.AzureDevOpsResourceInfo"] = None, - **kwargs - ): - """ - :keyword webhook: The webhook object created for the source-control. - :paramtype webhook: ~azure.mgmt.securityinsight.models.Webhook - :keyword git_hub_resource_info: Resources created in GitHub for this source-control. - :paramtype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo - :keyword azure_dev_ops_resource_info: Resources created in Azure DevOps for this - source-control. - :paramtype azure_dev_ops_resource_info: - ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo - """ - super().__init__(**kwargs) - self.webhook = webhook - self.git_hub_resource_info = git_hub_resource_info - self.azure_dev_ops_resource_info = azure_dev_ops_resource_info - - -class RequiredPermissions(_serialization.Model): - """Required permissions for the connector. - - :ivar action: action permission. - :vartype action: bool - :ivar write: write permission. - :vartype write: bool - :ivar read: read permission. - :vartype read: bool - :ivar delete: delete permission. - :vartype delete: bool - """ - - _attribute_map = { - "action": {"key": "action", "type": "bool"}, - "write": {"key": "write", "type": "bool"}, - "read": {"key": "read", "type": "bool"}, - "delete": {"key": "delete", "type": "bool"}, - } - - def __init__( - self, - *, - action: Optional[bool] = None, - write: Optional[bool] = None, - read: Optional[bool] = None, - delete: Optional[bool] = None, - **kwargs - ): - """ - :keyword action: action permission. - :paramtype action: bool - :keyword write: write permission. - :paramtype write: bool - :keyword read: read permission. - :paramtype read: bool - :keyword delete: delete permission. - :paramtype delete: bool - """ - super().__init__(**kwargs) - self.action = action - self.write = write - self.read = read - self.delete = delete - - -class ScheduledAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents scheduled alert rule. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. - :vartype query_frequency: ~datetime.timedelta - :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :vartype query_period: ~datetime.timedelta - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :ivar trigger_threshold: The threshold triggers this alert rule. - :vartype trigger_threshold: int - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :vartype template_version: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or - disabled. - :vartype suppression_enabled: bool - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar incident_configuration: The settings of the incidents that created from alerts triggered - by this analytics rule. - :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, - "query_period": {"key": "properties.queryPeriod", "type": "duration"}, - "severity": {"key": "properties.severity", "type": "str"}, - "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, - "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "template_version": {"key": "properties.templateVersion", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, - "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - query: Optional[str] = None, - query_frequency: Optional[datetime.timedelta] = None, - query_period: Optional[datetime.timedelta] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, - trigger_threshold: Optional[int] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - alert_rule_template_name: Optional[str] = None, - template_version: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - suppression_duration: Optional[datetime.timedelta] = None, - suppression_enabled: Optional[bool] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to - run. - :paramtype query_frequency: ~datetime.timedelta - :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :paramtype query_period: ~datetime.timedelta - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :keyword trigger_threshold: The threshold triggers this alert rule. - :paramtype trigger_threshold: int - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :paramtype template_version: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled - or disabled. - :paramtype suppression_enabled: bool - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword incident_configuration: The settings of the incidents that created from alerts - triggered by this analytics rule. - :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Scheduled" - self.query = query - self.query_frequency = query_frequency - self.query_period = query_period - self.severity = severity - self.trigger_operator = trigger_operator - self.trigger_threshold = trigger_threshold - self.event_grouping_settings = event_grouping_settings - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.sentinel_entities_mappings = sentinel_entities_mappings - self.alert_rule_template_name = alert_rule_template_name - self.template_version = template_version - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.suppression_duration = suppression_duration - self.suppression_enabled = suppression_enabled - self.tactics = tactics - self.techniques = techniques - self.incident_configuration = incident_configuration - - -class ScheduledAlertRuleCommonProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Scheduled alert rule template property bag. - - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. - :vartype query_frequency: ~datetime.timedelta - :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :vartype query_period: ~datetime.timedelta - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :ivar trigger_threshold: The threshold triggers this alert rule. - :vartype trigger_threshold: int - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "query_frequency": {"key": "queryFrequency", "type": "duration"}, - "query_period": {"key": "queryPeriod", "type": "duration"}, - "severity": {"key": "severity", "type": "str"}, - "trigger_operator": {"key": "triggerOperator", "type": "str"}, - "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - } - - def __init__( - self, - *, - query: Optional[str] = None, - query_frequency: Optional[datetime.timedelta] = None, - query_period: Optional[datetime.timedelta] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, - trigger_threshold: Optional[int] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): - """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to - run. - :paramtype query_frequency: ~datetime.timedelta - :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :paramtype query_period: ~datetime.timedelta - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :keyword trigger_threshold: The threshold triggers this alert rule. - :paramtype trigger_threshold: int - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - super().__init__(**kwargs) - self.query = query - self.query_frequency = query_frequency - self.query_period = query_period - self.severity = severity - self.trigger_operator = trigger_operator - self.trigger_threshold = trigger_threshold - self.event_grouping_settings = event_grouping_settings - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.sentinel_entities_mappings = sentinel_entities_mappings - - -class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): # pylint: disable=too-many-instance-attributes - """Scheduled alert rule base property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. - :vartype query_frequency: ~datetime.timedelta - :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :vartype query_period: ~datetime.timedelta - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :ivar trigger_threshold: The threshold triggers this alert rule. - :vartype trigger_threshold: int - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :vartype template_version: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. Required. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. Required. - :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or - disabled. Required. - :vartype suppression_enabled: bool - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar incident_configuration: The settings of the incidents that created from alerts triggered - by this analytics rule. - :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - """ - - _validation = { - "display_name": {"required": True}, - "enabled": {"required": True}, - "last_modified_utc": {"readonly": True}, - "suppression_duration": {"required": True}, - "suppression_enabled": {"required": True}, - } - - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "query_frequency": {"key": "queryFrequency", "type": "duration"}, - "query_period": {"key": "queryPeriod", "type": "duration"}, - "severity": {"key": "severity", "type": "str"}, - "trigger_operator": {"key": "triggerOperator", "type": "str"}, - "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, - "template_version": {"key": "templateVersion", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, - "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, - "suppression_duration": {"key": "suppressionDuration", "type": "duration"}, - "suppression_enabled": {"key": "suppressionEnabled", "type": "bool"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "incident_configuration": {"key": "incidentConfiguration", "type": "IncidentConfiguration"}, - } - - def __init__( - self, - *, - display_name: str, - enabled: bool, - suppression_duration: datetime.timedelta, - suppression_enabled: bool, - query: Optional[str] = None, - query_frequency: Optional[datetime.timedelta] = None, - query_period: Optional[datetime.timedelta] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, - trigger_threshold: Optional[int] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - alert_rule_template_name: Optional[str] = None, - template_version: Optional[str] = None, - description: Optional[str] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): - """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to - run. - :paramtype query_frequency: ~datetime.timedelta - :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :paramtype query_period: ~datetime.timedelta - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :keyword trigger_threshold: The threshold triggers this alert rule. - :paramtype trigger_threshold: int - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :paramtype template_version: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. Required. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. - :paramtype enabled: bool - :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. Required. - :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled - or disabled. Required. - :paramtype suppression_enabled: bool - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword incident_configuration: The settings of the incidents that created from alerts - triggered by this analytics rule. - :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - """ - super().__init__( - query=query, - query_frequency=query_frequency, - query_period=query_period, - severity=severity, - trigger_operator=trigger_operator, - trigger_threshold=trigger_threshold, - event_grouping_settings=event_grouping_settings, - custom_details=custom_details, - entity_mappings=entity_mappings, - alert_details_override=alert_details_override, - sentinel_entities_mappings=sentinel_entities_mappings, - **kwargs - ) - self.alert_rule_template_name = alert_rule_template_name - self.template_version = template_version - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.suppression_duration = suppression_duration - self.suppression_enabled = suppression_enabled - self.tactics = tactics - self.techniques = techniques - self.incident_configuration = incident_configuration - - -class ScheduledAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents scheduled alert rule template. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to run. - :vartype query_frequency: ~datetime.timedelta - :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :vartype query_period: ~datetime.timedelta - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :ivar trigger_threshold: The threshold triggers this alert rule. - :vartype trigger_threshold: int - :ivar tactics: The tactics of the alert rule template. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "created_date_utc": {"readonly": True}, - "last_updated_date_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, - "query_period": {"key": "properties.queryPeriod", "type": "duration"}, - "severity": {"key": "properties.severity", "type": "str"}, - "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, - "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "version": {"key": "properties.version", "type": "str"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - query: Optional[str] = None, - query_frequency: Optional[datetime.timedelta] = None, - query_period: Optional[datetime.timedelta] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, - trigger_threshold: Optional[int] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - version: Optional[str] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword query_frequency: The frequency (in ISO 8601 duration format) for this alert rule to - run. - :paramtype query_frequency: ~datetime.timedelta - :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. - :paramtype query_period: ~datetime.timedelta - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". - :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator - :keyword trigger_threshold: The threshold triggers this alert rule. - :paramtype trigger_threshold: int - :keyword tactics: The tactics of the alert rule template. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - """ - super().__init__(**kwargs) - self.kind: str = "Scheduled" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.query = query - self.query_frequency = query_frequency - self.query_period = query_period - self.severity = severity - self.trigger_operator = trigger_operator - self.trigger_threshold = trigger_threshold - self.tactics = tactics - self.techniques = techniques - self.version = version - self.event_grouping_settings = event_grouping_settings - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.sentinel_entities_mappings = sentinel_entities_mappings - - -class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes - """Represents a security alert entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar alert_display_name: The display name of the alert. - :vartype alert_display_name: str - :ivar alert_type: The type name of the alert. - :vartype alert_type: str - :ivar compromised_entity: Display name of the main entity being reported on. - :vartype compromised_entity: str - :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", - and "High". - :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel - :ivar confidence_reasons: The confidence reasons. - :vartype confidence_reasons: - list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] - :ivar confidence_score: The confidence score of the alert. - :vartype confidence_score: float - :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if - score calculation is pending for this alert, not applicable or final. Known values are: - "NotApplicable", "InProcess", "NotFinal", and "Final". - :vartype confidence_score_status: str or - ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus - :ivar description: Alert description. - :vartype description: str - :ivar end_time_utc: The impact end time of the alert (the time of the last event contributing - to the alert). - :vartype end_time_utc: ~datetime.datetime - :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: - "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", - "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", - "CommandAndControl", and "Impact". - :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent - :ivar provider_alert_id: The identifier of the alert inside the product which generated the - alert. - :vartype provider_alert_id: str - :ivar processing_end_time: The time the alert was made available for consumption. - :vartype processing_end_time: ~datetime.datetime - :ivar product_component_name: The name of a component inside the product which generated the - alert. - :vartype product_component_name: str - :ivar product_name: The name of the product which published this alert. - :vartype product_name: str - :ivar product_version: The version of the product generating the alert. - :vartype product_version: str - :ivar remediation_steps: Manual action items to take to remediate the alert. - :vartype remediation_steps: list[str] - :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar start_time_utc: The impact start time of the alert (the time of the first event - contributing to the alert). - :vartype start_time_utc: ~datetime.datetime - :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", - "Resolved", "Dismissed", and "InProgress". - :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus - :ivar system_alert_id: Holds the product identifier of the alert for the product. - :vartype system_alert_id: str - :ivar tactics: The tactics of the alert. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar time_generated: The time the alert was generated. - :vartype time_generated: ~datetime.datetime - :ivar vendor_name: The name of the vendor that raise the alert. - :vartype vendor_name: str - :ivar alert_link: The uri link of the alert. - :vartype alert_link: str - :ivar resource_identifiers: The list of resource identifiers of the alert. - :vartype resource_identifiers: list[JSON] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "alert_display_name": {"readonly": True}, - "alert_type": {"readonly": True}, - "compromised_entity": {"readonly": True}, - "confidence_level": {"readonly": True}, - "confidence_reasons": {"readonly": True}, - "confidence_score": {"readonly": True}, - "confidence_score_status": {"readonly": True}, - "description": {"readonly": True}, - "end_time_utc": {"readonly": True}, - "intent": {"readonly": True}, - "provider_alert_id": {"readonly": True}, - "processing_end_time": {"readonly": True}, - "product_component_name": {"readonly": True}, - "product_name": {"readonly": True}, - "product_version": {"readonly": True}, - "remediation_steps": {"readonly": True}, - "start_time_utc": {"readonly": True}, - "status": {"readonly": True}, - "system_alert_id": {"readonly": True}, - "tactics": {"readonly": True}, - "time_generated": {"readonly": True}, - "vendor_name": {"readonly": True}, - "alert_link": {"readonly": True}, - "resource_identifiers": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "alert_display_name": {"key": "properties.alertDisplayName", "type": "str"}, - "alert_type": {"key": "properties.alertType", "type": "str"}, - "compromised_entity": {"key": "properties.compromisedEntity", "type": "str"}, - "confidence_level": {"key": "properties.confidenceLevel", "type": "str"}, - "confidence_reasons": { - "key": "properties.confidenceReasons", - "type": "[SecurityAlertPropertiesConfidenceReasonsItem]", - }, - "confidence_score": {"key": "properties.confidenceScore", "type": "float"}, - "confidence_score_status": {"key": "properties.confidenceScoreStatus", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "end_time_utc": {"key": "properties.endTimeUtc", "type": "iso-8601"}, - "intent": {"key": "properties.intent", "type": "str"}, - "provider_alert_id": {"key": "properties.providerAlertId", "type": "str"}, - "processing_end_time": {"key": "properties.processingEndTime", "type": "iso-8601"}, - "product_component_name": {"key": "properties.productComponentName", "type": "str"}, - "product_name": {"key": "properties.productName", "type": "str"}, - "product_version": {"key": "properties.productVersion", "type": "str"}, - "remediation_steps": {"key": "properties.remediationSteps", "type": "[str]"}, - "severity": {"key": "properties.severity", "type": "str"}, - "start_time_utc": {"key": "properties.startTimeUtc", "type": "iso-8601"}, - "status": {"key": "properties.status", "type": "str"}, - "system_alert_id": {"key": "properties.systemAlertId", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "time_generated": {"key": "properties.timeGenerated", "type": "iso-8601"}, - "vendor_name": {"key": "properties.vendorName", "type": "str"}, - "alert_link": {"key": "properties.alertLink", "type": "str"}, - "resource_identifiers": {"key": "properties.resourceIdentifiers", "type": "[object]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): - """ - :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__(**kwargs) - self.kind: str = "SecurityAlert" - self.additional_data = None - self.friendly_name = None - self.alert_display_name = None - self.alert_type = None - self.compromised_entity = None - self.confidence_level = None - self.confidence_reasons = None - self.confidence_score = None - self.confidence_score_status = None - self.description = None - self.end_time_utc = None - self.intent = None - self.provider_alert_id = None - self.processing_end_time = None - self.product_component_name = None - self.product_name = None - self.product_version = None - self.remediation_steps = None - self.severity = severity - self.start_time_utc = None - self.status = None - self.system_alert_id = None - self.tactics = None - self.time_generated = None - self.vendor_name = None - self.alert_link = None - self.resource_identifiers = None - - -class SecurityAlertProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """SecurityAlert entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar alert_display_name: The display name of the alert. - :vartype alert_display_name: str - :ivar alert_type: The type name of the alert. - :vartype alert_type: str - :ivar compromised_entity: Display name of the main entity being reported on. - :vartype compromised_entity: str - :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", - and "High". - :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel - :ivar confidence_reasons: The confidence reasons. - :vartype confidence_reasons: - list[~azure.mgmt.securityinsight.models.SecurityAlertPropertiesConfidenceReasonsItem] - :ivar confidence_score: The confidence score of the alert. - :vartype confidence_score: float - :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if - score calculation is pending for this alert, not applicable or final. Known values are: - "NotApplicable", "InProcess", "NotFinal", and "Final". - :vartype confidence_score_status: str or - ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus - :ivar description: Alert description. - :vartype description: str - :ivar end_time_utc: The impact end time of the alert (the time of the last event contributing - to the alert). - :vartype end_time_utc: ~datetime.datetime - :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: - "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", - "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", - "CommandAndControl", and "Impact". - :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent - :ivar provider_alert_id: The identifier of the alert inside the product which generated the - alert. - :vartype provider_alert_id: str - :ivar processing_end_time: The time the alert was made available for consumption. - :vartype processing_end_time: ~datetime.datetime - :ivar product_component_name: The name of a component inside the product which generated the - alert. - :vartype product_component_name: str - :ivar product_name: The name of the product which published this alert. - :vartype product_name: str - :ivar product_version: The version of the product generating the alert. - :vartype product_version: str - :ivar remediation_steps: Manual action items to take to remediate the alert. - :vartype remediation_steps: list[str] - :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar start_time_utc: The impact start time of the alert (the time of the first event - contributing to the alert). - :vartype start_time_utc: ~datetime.datetime - :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", - "Resolved", "Dismissed", and "InProgress". - :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus - :ivar system_alert_id: Holds the product identifier of the alert for the product. - :vartype system_alert_id: str - :ivar tactics: The tactics of the alert. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar time_generated: The time the alert was generated. - :vartype time_generated: ~datetime.datetime - :ivar vendor_name: The name of the vendor that raise the alert. - :vartype vendor_name: str - :ivar alert_link: The uri link of the alert. - :vartype alert_link: str - :ivar resource_identifiers: The list of resource identifiers of the alert. - :vartype resource_identifiers: list[JSON] - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "alert_display_name": {"readonly": True}, - "alert_type": {"readonly": True}, - "compromised_entity": {"readonly": True}, - "confidence_level": {"readonly": True}, - "confidence_reasons": {"readonly": True}, - "confidence_score": {"readonly": True}, - "confidence_score_status": {"readonly": True}, - "description": {"readonly": True}, - "end_time_utc": {"readonly": True}, - "intent": {"readonly": True}, - "provider_alert_id": {"readonly": True}, - "processing_end_time": {"readonly": True}, - "product_component_name": {"readonly": True}, - "product_name": {"readonly": True}, - "product_version": {"readonly": True}, - "remediation_steps": {"readonly": True}, - "start_time_utc": {"readonly": True}, - "status": {"readonly": True}, - "system_alert_id": {"readonly": True}, - "tactics": {"readonly": True}, - "time_generated": {"readonly": True}, - "vendor_name": {"readonly": True}, - "alert_link": {"readonly": True}, - "resource_identifiers": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "alert_display_name": {"key": "alertDisplayName", "type": "str"}, - "alert_type": {"key": "alertType", "type": "str"}, - "compromised_entity": {"key": "compromisedEntity", "type": "str"}, - "confidence_level": {"key": "confidenceLevel", "type": "str"}, - "confidence_reasons": {"key": "confidenceReasons", "type": "[SecurityAlertPropertiesConfidenceReasonsItem]"}, - "confidence_score": {"key": "confidenceScore", "type": "float"}, - "confidence_score_status": {"key": "confidenceScoreStatus", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, - "intent": {"key": "intent", "type": "str"}, - "provider_alert_id": {"key": "providerAlertId", "type": "str"}, - "processing_end_time": {"key": "processingEndTime", "type": "iso-8601"}, - "product_component_name": {"key": "productComponentName", "type": "str"}, - "product_name": {"key": "productName", "type": "str"}, - "product_version": {"key": "productVersion", "type": "str"}, - "remediation_steps": {"key": "remediationSteps", "type": "[str]"}, - "severity": {"key": "severity", "type": "str"}, - "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, - "status": {"key": "status", "type": "str"}, - "system_alert_id": {"key": "systemAlertId", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, - "vendor_name": {"key": "vendorName", "type": "str"}, - "alert_link": {"key": "alertLink", "type": "str"}, - "resource_identifiers": {"key": "resourceIdentifiers", "type": "[object]"}, - } - - def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): - """ - :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__(**kwargs) - self.alert_display_name = None - self.alert_type = None - self.compromised_entity = None - self.confidence_level = None - self.confidence_reasons = None - self.confidence_score = None - self.confidence_score_status = None - self.description = None - self.end_time_utc = None - self.intent = None - self.provider_alert_id = None - self.processing_end_time = None - self.product_component_name = None - self.product_name = None - self.product_version = None - self.remediation_steps = None - self.severity = severity - self.start_time_utc = None - self.status = None - self.system_alert_id = None - self.tactics = None - self.time_generated = None - self.vendor_name = None - self.alert_link = None - self.resource_identifiers = None - - -class SecurityAlertPropertiesConfidenceReasonsItem(_serialization.Model): - """confidence reason item. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar reason: The reason's description. - :vartype reason: str - :ivar reason_type: The type (category) of the reason. - :vartype reason_type: str - """ - - _validation = { - "reason": {"readonly": True}, - "reason_type": {"readonly": True}, - } - - _attribute_map = { - "reason": {"key": "reason", "type": "str"}, - "reason_type": {"key": "reasonType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.reason = None - self.reason_type = None - - -class SecurityAlertTimelineItem(EntityTimelineItem): # pylint: disable=too-many-instance-attributes - """Represents security alert timeline item. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar azure_resource_id: The alert azure resource id. Required. - :vartype azure_resource_id: str - :ivar product_name: The alert product name. - :vartype product_name: str - :ivar description: The alert description. - :vartype description: str - :ivar display_name: The alert name. Required. - :vartype display_name: str - :ivar severity: The alert severity. Required. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar end_time_utc: The alert end time. Required. - :vartype end_time_utc: ~datetime.datetime - :ivar start_time_utc: The alert start time. Required. - :vartype start_time_utc: ~datetime.datetime - :ivar time_generated: The alert generated time. Required. - :vartype time_generated: ~datetime.datetime - :ivar alert_type: The name of the alert type. Required. - :vartype alert_type: str - :ivar intent: The intent of the alert. Known values are: "Unknown", "Probing", "Exploitation", - "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", - "LateralMovement", "Execution", "Collection", "Exfiltration", "CommandAndControl", and - "Impact". - :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent - :ivar techniques: The techniques of the alert. - :vartype techniques: list[str] - """ - - _validation = { - "kind": {"required": True}, - "azure_resource_id": {"required": True}, - "display_name": {"required": True}, - "severity": {"required": True}, - "end_time_utc": {"required": True}, - "start_time_utc": {"required": True}, - "time_generated": {"required": True}, - "alert_type": {"required": True}, - "intent": {"readonly": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "azure_resource_id": {"key": "azureResourceId", "type": "str"}, - "product_name": {"key": "productName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, - "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, - "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, - "alert_type": {"key": "alertType", "type": "str"}, - "intent": {"key": "intent", "type": "str"}, - "techniques": {"key": "techniques", "type": "[str]"}, - } - - def __init__( - self, - *, - azure_resource_id: str, - display_name: str, - severity: Union[str, "_models.AlertSeverity"], - end_time_utc: datetime.datetime, - start_time_utc: datetime.datetime, - time_generated: datetime.datetime, - alert_type: str, - product_name: Optional[str] = None, - description: Optional[str] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword azure_resource_id: The alert azure resource id. Required. - :paramtype azure_resource_id: str - :keyword product_name: The alert product name. - :paramtype product_name: str - :keyword description: The alert description. - :paramtype description: str - :keyword display_name: The alert name. Required. - :paramtype display_name: str - :keyword severity: The alert severity. Required. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword end_time_utc: The alert end time. Required. - :paramtype end_time_utc: ~datetime.datetime - :keyword start_time_utc: The alert start time. Required. - :paramtype start_time_utc: ~datetime.datetime - :keyword time_generated: The alert generated time. Required. - :paramtype time_generated: ~datetime.datetime - :keyword alert_type: The name of the alert type. Required. - :paramtype alert_type: str - :keyword techniques: The techniques of the alert. - :paramtype techniques: list[str] - """ - super().__init__(**kwargs) - self.kind: str = "SecurityAlert" - self.azure_resource_id = azure_resource_id - self.product_name = product_name - self.description = description - self.display_name = display_name - self.severity = severity - self.end_time_utc = end_time_utc - self.start_time_utc = start_time_utc - self.time_generated = time_generated - self.alert_type = alert_type - self.intent = None - self.techniques = techniques - - -class SecurityGroupEntity(Entity): - """Represents a security group entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar distinguished_name: The group distinguished name. - :vartype distinguished_name: str - :ivar object_guid: A single-value attribute that is the unique identifier for the object, - assigned by active directory. - :vartype object_guid: str - :ivar sid: The SID attribute is a single-value attribute that specifies the security identifier - (SID) of the group. - :vartype sid: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "distinguished_name": {"readonly": True}, - "object_guid": {"readonly": True}, - "sid": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "distinguished_name": {"key": "properties.distinguishedName", "type": "str"}, - "object_guid": {"key": "properties.objectGuid", "type": "str"}, - "sid": {"key": "properties.sid", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "SecurityGroup" - self.additional_data = None - self.friendly_name = None - self.distinguished_name = None - self.object_guid = None - self.sid = None - - -class SecurityGroupEntityProperties(EntityCommonProperties): - """SecurityGroup entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar distinguished_name: The group distinguished name. - :vartype distinguished_name: str - :ivar object_guid: A single-value attribute that is the unique identifier for the object, - assigned by active directory. - :vartype object_guid: str - :ivar sid: The SID attribute is a single-value attribute that specifies the security identifier - (SID) of the group. - :vartype sid: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "distinguished_name": {"readonly": True}, - "object_guid": {"readonly": True}, - "sid": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "distinguished_name": {"key": "distinguishedName", "type": "str"}, - "object_guid": {"key": "objectGuid", "type": "str"}, - "sid": {"key": "sid", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.distinguished_name = None - self.object_guid = None - self.sid = None - - -class SecurityMLAnalyticsSettingsDataSource(_serialization.Model): - """security ml analytics settings data sources. - - :ivar connector_id: The connector id that provides the following data types. - :vartype connector_id: str - :ivar data_types: The data types used by the security ml analytics settings. - :vartype data_types: list[str] - """ - - _attribute_map = { - "connector_id": {"key": "connectorId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "[str]"}, - } - - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): - """ - :keyword connector_id: The connector id that provides the following data types. - :paramtype connector_id: str - :keyword data_types: The data types used by the security ml analytics settings. - :paramtype data_types: list[str] - """ - super().__init__(**kwargs) - self.connector_id = connector_id - self.data_types = data_types - - -class SecurityMLAnalyticsSettingsList(_serialization.Model): - """List all the SecurityMLAnalyticsSettings. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of SecurityMLAnalyticsSettings. - :vartype next_link: str - :ivar value: Array of SecurityMLAnalyticsSettings. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[SecurityMLAnalyticsSetting]"}, - } - - def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs): - """ - :keyword value: Array of SecurityMLAnalyticsSettings. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class SentinelEntityMapping(_serialization.Model): - """A single sentinel entity mapping. - - :ivar column_name: the column name to be mapped to the SentinelEntities. - :vartype column_name: str - """ - - _attribute_map = { - "column_name": {"key": "columnName", "type": "str"}, - } - - def __init__(self, *, column_name: Optional[str] = None, **kwargs): - """ - :keyword column_name: the column name to be mapped to the SentinelEntities. - :paramtype column_name: str - """ - super().__init__(**kwargs) - self.column_name = column_name - - -class SentinelOnboardingState(ResourceWithEtag): - """Sentinel onboarding state. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar customer_managed_key: Flag that indicates the status of the CMK setting. - :vartype customer_managed_key: bool - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "customer_managed_key": {"key": "properties.customerManagedKey", "type": "bool"}, - } - - def __init__(self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword customer_managed_key: Flag that indicates the status of the CMK setting. - :paramtype customer_managed_key: bool - """ - super().__init__(etag=etag, **kwargs) - self.customer_managed_key = customer_managed_key - - -class SentinelOnboardingStatesList(_serialization.Model): - """List of the Sentinel onboarding states. - - All required parameters must be populated in order to send to Azure. - - :ivar value: Array of Sentinel onboarding states. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] - """ - - _validation = { - "value": {"required": True}, - } - - _attribute_map = { - "value": {"key": "value", "type": "[SentinelOnboardingState]"}, - } - - def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): - """ - :keyword value: Array of Sentinel onboarding states. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] - """ - super().__init__(**kwargs) - self.value = value - - -class SettingList(_serialization.Model): - """List of all the settings. - - All required parameters must be populated in order to send to Azure. - - :ivar value: Array of settings. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Settings] - """ - - _validation = { - "value": {"required": True}, - } - - _attribute_map = { - "value": {"key": "value", "type": "[Settings]"}, - } - - def __init__(self, *, value: List["_models.Settings"], **kwargs): - """ - :keyword value: Array of settings. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Settings] - """ - super().__init__(**kwargs) - self.value = value - - -class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a SourceControl in Azure Security Insights. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar id_properties_id: The id (a Guid) of the source control. - :vartype id_properties_id: str - :ivar version: The version number associated with the source control. Known values are: "V1" - and "V2". - :vartype version: str or ~azure.mgmt.securityinsight.models.Version - :ivar display_name: The display name of the source control. - :vartype display_name: str - :ivar description: A description of the source control. - :vartype description: str - :ivar repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". - :vartype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :ivar content_types: Array of source control content types. - :vartype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] - :ivar repository: Repository metadata. - :vartype repository: ~azure.mgmt.securityinsight.models.Repository - :ivar repository_resource_info: Information regarding the resources created in user's - repository. - :vartype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo - :ivar last_deployment_info: Information regarding the latest deployment for the source control. - :vartype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "id_properties_id": {"key": "properties.id", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "repo_type": {"key": "properties.repoType", "type": "str"}, - "content_types": {"key": "properties.contentTypes", "type": "[str]"}, - "repository": {"key": "properties.repository", "type": "Repository"}, - "repository_resource_info": {"key": "properties.repositoryResourceInfo", "type": "RepositoryResourceInfo"}, - "last_deployment_info": {"key": "properties.lastDeploymentInfo", "type": "DeploymentInfo"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - id_properties_id: Optional[str] = None, - version: Optional[Union[str, "_models.Version"]] = None, - display_name: Optional[str] = None, - description: Optional[str] = None, - repo_type: Optional[Union[str, "_models.RepoType"]] = None, - content_types: Optional[List[Union[str, "_models.ContentType"]]] = None, - repository: Optional["_models.Repository"] = None, - repository_resource_info: Optional["_models.RepositoryResourceInfo"] = None, - last_deployment_info: Optional["_models.DeploymentInfo"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword id_properties_id: The id (a Guid) of the source control. - :paramtype id_properties_id: str - :keyword version: The version number associated with the source control. Known values are: "V1" - and "V2". - :paramtype version: str or ~azure.mgmt.securityinsight.models.Version - :keyword display_name: The display name of the source control. - :paramtype display_name: str - :keyword description: A description of the source control. - :paramtype description: str - :keyword repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". - :paramtype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :keyword content_types: Array of source control content types. - :paramtype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] - :keyword repository: Repository metadata. - :paramtype repository: ~azure.mgmt.securityinsight.models.Repository - :keyword repository_resource_info: Information regarding the resources created in user's - repository. - :paramtype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo - :keyword last_deployment_info: Information regarding the latest deployment for the source - control. - :paramtype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo - """ - super().__init__(etag=etag, **kwargs) - self.id_properties_id = id_properties_id - self.version = version - self.display_name = display_name - self.description = description - self.repo_type = repo_type - self.content_types = content_types - self.repository = repository - self.repository_resource_info = repository_resource_info - self.last_deployment_info = last_deployment_info - - -class SourceControlList(_serialization.Model): - """List all the source controls. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of source controls. - :vartype next_link: str - :ivar value: Array of source controls. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SourceControl] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[SourceControl]"}, - } - - def __init__(self, *, value: List["_models.SourceControl"], **kwargs): - """ - :keyword value: Array of source controls. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SourceControl] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a submission mail entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_id: The network message id of email to which submission belongs. - :vartype network_message_id: str - :ivar submission_id: The submission id. - :vartype submission_id: str - :ivar submitter: The submitter. - :vartype submitter: str - :ivar submission_date: The submission date. - :vartype submission_date: ~datetime.datetime - :ivar timestamp: The Time stamp when the message is received (Mail). - :vartype timestamp: ~datetime.datetime - :ivar recipient: The recipient of the mail. - :vartype recipient: str - :ivar sender: The sender of the mail. - :vartype sender: str - :ivar sender_ip: The sender's IP. - :vartype sender_ip: str - :ivar subject: The subject of submission mail. - :vartype subject: str - :ivar report_type: The submission type for the given instance. This maps to Junk, Phish, - Malware or NotJunk. - :vartype report_type: str - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_id": {"readonly": True}, - "submission_id": {"readonly": True}, - "submitter": {"readonly": True}, - "submission_date": {"readonly": True}, - "timestamp": {"readonly": True}, - "recipient": {"readonly": True}, - "sender": {"readonly": True}, - "sender_ip": {"readonly": True}, - "subject": {"readonly": True}, - "report_type": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, - "submission_id": {"key": "properties.submissionId", "type": "str"}, - "submitter": {"key": "properties.submitter", "type": "str"}, - "submission_date": {"key": "properties.submissionDate", "type": "iso-8601"}, - "timestamp": {"key": "properties.timestamp", "type": "iso-8601"}, - "recipient": {"key": "properties.recipient", "type": "str"}, - "sender": {"key": "properties.sender", "type": "str"}, - "sender_ip": {"key": "properties.senderIp", "type": "str"}, - "subject": {"key": "properties.subject", "type": "str"}, - "report_type": {"key": "properties.reportType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "SubmissionMail" - self.additional_data = None - self.friendly_name = None - self.network_message_id = None - self.submission_id = None - self.submitter = None - self.submission_date = None - self.timestamp = None - self.recipient = None - self.sender = None - self.sender_ip = None - self.subject = None - self.report_type = None - - -class SubmissionMailEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Submission mail entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_id: The network message id of email to which submission belongs. - :vartype network_message_id: str - :ivar submission_id: The submission id. - :vartype submission_id: str - :ivar submitter: The submitter. - :vartype submitter: str - :ivar submission_date: The submission date. - :vartype submission_date: ~datetime.datetime - :ivar timestamp: The Time stamp when the message is received (Mail). - :vartype timestamp: ~datetime.datetime - :ivar recipient: The recipient of the mail. - :vartype recipient: str - :ivar sender: The sender of the mail. - :vartype sender: str - :ivar sender_ip: The sender's IP. - :vartype sender_ip: str - :ivar subject: The subject of submission mail. - :vartype subject: str - :ivar report_type: The submission type for the given instance. This maps to Junk, Phish, - Malware or NotJunk. - :vartype report_type: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_id": {"readonly": True}, - "submission_id": {"readonly": True}, - "submitter": {"readonly": True}, - "submission_date": {"readonly": True}, - "timestamp": {"readonly": True}, - "recipient": {"readonly": True}, - "sender": {"readonly": True}, - "sender_ip": {"readonly": True}, - "subject": {"readonly": True}, - "report_type": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "network_message_id": {"key": "networkMessageId", "type": "str"}, - "submission_id": {"key": "submissionId", "type": "str"}, - "submitter": {"key": "submitter", "type": "str"}, - "submission_date": {"key": "submissionDate", "type": "iso-8601"}, - "timestamp": {"key": "timestamp", "type": "iso-8601"}, - "recipient": {"key": "recipient", "type": "str"}, - "sender": {"key": "sender", "type": "str"}, - "sender_ip": {"key": "senderIp", "type": "str"}, - "subject": {"key": "subject", "type": "str"}, - "report_type": {"key": "reportType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.network_message_id = None - self.submission_id = None - self.submitter = None - self.submission_date = None - self.timestamp = None - self.recipient = None - self.sender = None - self.sender_ip = None - self.subject = None - self.report_type = None - - -class SystemData(_serialization.Model): - """Metadata pertaining to creation and last modification of the resource. - - :ivar created_by: The identity that created the resource. - :vartype created_by: str - :ivar created_by_type: The type of identity that created the resource. Known values are: - "User", "Application", "ManagedIdentity", and "Key". - :vartype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :ivar created_at: The timestamp of resource creation (UTC). - :vartype created_at: ~datetime.datetime - :ivar last_modified_by: The identity that last modified the resource. - :vartype last_modified_by: str - :ivar last_modified_by_type: The type of identity that last modified the resource. Known values - are: "User", "Application", "ManagedIdentity", and "Key". - :vartype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :ivar last_modified_at: The timestamp of resource last modification (UTC). - :vartype last_modified_at: ~datetime.datetime - """ - - _attribute_map = { - "created_by": {"key": "createdBy", "type": "str"}, - "created_by_type": {"key": "createdByType", "type": "str"}, - "created_at": {"key": "createdAt", "type": "iso-8601"}, - "last_modified_by": {"key": "lastModifiedBy", "type": "str"}, - "last_modified_by_type": {"key": "lastModifiedByType", "type": "str"}, - "last_modified_at": {"key": "lastModifiedAt", "type": "iso-8601"}, - } - - def __init__( - self, - *, - created_by: Optional[str] = None, - created_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, - created_at: Optional[datetime.datetime] = None, - last_modified_by: Optional[str] = None, - last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, - last_modified_at: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword created_by: The identity that created the resource. - :paramtype created_by: str - :keyword created_by_type: The type of identity that created the resource. Known values are: - "User", "Application", "ManagedIdentity", and "Key". - :paramtype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :keyword created_at: The timestamp of resource creation (UTC). - :paramtype created_at: ~datetime.datetime - :keyword last_modified_by: The identity that last modified the resource. - :paramtype last_modified_by: str - :keyword last_modified_by_type: The type of identity that last modified the resource. Known - values are: "User", "Application", "ManagedIdentity", and "Key". - :paramtype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :keyword last_modified_at: The timestamp of resource last modification (UTC). - :paramtype last_modified_at: ~datetime.datetime - """ - super().__init__(**kwargs) - self.created_by = created_by - self.created_by_type = created_by_type - self.created_at = created_at - self.last_modified_by = last_modified_by - self.last_modified_by_type = last_modified_by_type - self.last_modified_at = last_modified_at - - -class TeamInformation(_serialization.Model): - """Describes team information. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar team_id: Team ID. - :vartype team_id: str - :ivar primary_channel_url: The primary channel URL of the team. - :vartype primary_channel_url: str - :ivar team_creation_time_utc: The time the team was created. - :vartype team_creation_time_utc: ~datetime.datetime - :ivar name: The name of the team. - :vartype name: str - :ivar description: The description of the team. - :vartype description: str - """ - - _validation = { - "team_id": {"readonly": True}, - "primary_channel_url": {"readonly": True}, - "team_creation_time_utc": {"readonly": True}, - "name": {"readonly": True}, - "description": {"readonly": True}, - } - - _attribute_map = { - "team_id": {"key": "teamId", "type": "str"}, - "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, - "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.team_id = None - self.primary_channel_url = None - self.team_creation_time_utc = None - self.name = None - self.description = None - - -class TeamProperties(_serialization.Model): - """Describes team properties. - - All required parameters must be populated in order to send to Azure. - - :ivar team_name: The name of the team. Required. - :vartype team_name: str - :ivar team_description: The description of the team. - :vartype team_description: str - :ivar group_ids: List of group IDs to add their members to the team. - :vartype group_ids: list[str] - :ivar member_ids: List of member IDs to add to the team. - :vartype member_ids: list[str] - """ - - _validation = { - "team_name": {"required": True}, - } - - _attribute_map = { - "team_name": {"key": "teamName", "type": "str"}, - "team_description": {"key": "teamDescription", "type": "str"}, - "group_ids": {"key": "groupIds", "type": "[str]"}, - "member_ids": {"key": "memberIds", "type": "[str]"}, - } - - def __init__( - self, - *, - team_name: str, - team_description: Optional[str] = None, - group_ids: Optional[List[str]] = None, - member_ids: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword team_name: The name of the team. Required. - :paramtype team_name: str - :keyword team_description: The description of the team. - :paramtype team_description: str - :keyword group_ids: List of group IDs to add their members to the team. - :paramtype group_ids: list[str] - :keyword member_ids: List of member IDs to add to the team. - :paramtype member_ids: list[str] - """ - super().__init__(**kwargs) - self.team_name = team_name - self.team_description = team_description - self.group_ids = group_ids - self.member_ids = member_ids - - -class ThreatIntelligence(_serialization.Model): - """ThreatIntelligence property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar confidence: Confidence (must be between 0 and 1). - :vartype confidence: float - :ivar provider_name: Name of the provider from whom this Threat Intelligence information was - received. - :vartype provider_name: str - :ivar report_link: Report link. - :vartype report_link: str - :ivar threat_description: Threat description (free text). - :vartype threat_description: str - :ivar threat_name: Threat name (e.g. "Jedobot malware"). - :vartype threat_name: str - :ivar threat_type: Threat type (e.g. "Botnet"). - :vartype threat_type: str - """ - - _validation = { - "confidence": {"readonly": True}, - "provider_name": {"readonly": True}, - "report_link": {"readonly": True}, - "threat_description": {"readonly": True}, - "threat_name": {"readonly": True}, - "threat_type": {"readonly": True}, - } - - _attribute_map = { - "confidence": {"key": "confidence", "type": "float"}, - "provider_name": {"key": "providerName", "type": "str"}, - "report_link": {"key": "reportLink", "type": "str"}, - "threat_description": {"key": "threatDescription", "type": "str"}, - "threat_name": {"key": "threatName", "type": "str"}, - "threat_type": {"key": "threatType", "type": "str"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.confidence = None - self.provider_name = None - self.report_link = None - self.threat_description = None - self.threat_name = None - self.threat_type = None - - -class ThreatIntelligenceAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents Threat Intelligence alert rule. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligence" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None - - -class ThreatIntelligenceAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents Threat Intelligence alert rule template. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "severity": {"key": "properties.severity", "type": "str"}, - } - - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__(**kwargs) - self.kind: str = "ThreatIntelligence" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.severity = severity - - -class ThreatIntelligenceAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): - """Threat Intelligence alert rule template properties. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: - "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - "severity": {"required": True}, - } - - _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "severity": {"key": "severity", "type": "str"}, - } - - def __init__( - self, - *, - severity: Union[str, "_models.AlertSeverity"], - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Required. Known values - are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - **kwargs - ) - self.severity = severity - - -class ThreatIntelligenceAppendTags(_serialization.Model): - """Array of tags to be appended to the threat intelligence indicator. - - :ivar threat_intelligence_tags: List of tags to be appended. - :vartype threat_intelligence_tags: list[str] - """ - - _attribute_map = { - "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, - } - - def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs): - """ - :keyword threat_intelligence_tags: List of tags to be appended. - :paramtype threat_intelligence_tags: list[str] - """ - super().__init__(**kwargs) - self.threat_intelligence_tags = threat_intelligence_tags - - -class ThreatIntelligenceExternalReference(_serialization.Model): - """Describes external reference. - - :ivar description: External reference description. - :vartype description: str - :ivar external_id: External reference ID. - :vartype external_id: str - :ivar source_name: External reference source name. - :vartype source_name: str - :ivar url: External reference URL. - :vartype url: str - :ivar hashes: External reference hashes. - :vartype hashes: dict[str, str] - """ - - _attribute_map = { - "description": {"key": "description", "type": "str"}, - "external_id": {"key": "externalId", "type": "str"}, - "source_name": {"key": "sourceName", "type": "str"}, - "url": {"key": "url", "type": "str"}, - "hashes": {"key": "hashes", "type": "{str}"}, - } - - def __init__( - self, - *, - description: Optional[str] = None, - external_id: Optional[str] = None, - source_name: Optional[str] = None, - url: Optional[str] = None, - hashes: Optional[Dict[str, str]] = None, - **kwargs - ): - """ - :keyword description: External reference description. - :paramtype description: str - :keyword external_id: External reference ID. - :paramtype external_id: str - :keyword source_name: External reference source name. - :paramtype source_name: str - :keyword url: External reference URL. - :paramtype url: str - :keyword hashes: External reference hashes. - :paramtype hashes: dict[str, str] - """ - super().__init__(**kwargs) - self.description = description - self.external_id = external_id - self.source_name = source_name - self.url = url - self.hashes = hashes - - -class ThreatIntelligenceFilteringCriteria(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Filtering criteria for querying threat intelligence indicators. - - :ivar page_size: Page size. - :vartype page_size: int - :ivar min_confidence: Minimum confidence. - :vartype min_confidence: int - :ivar max_confidence: Maximum confidence. - :vartype max_confidence: int - :ivar min_valid_until: Start time for ValidUntil filter. - :vartype min_valid_until: str - :ivar max_valid_until: End time for ValidUntil filter. - :vartype max_valid_until: str - :ivar include_disabled: Parameter to include/exclude disabled indicators. - :vartype include_disabled: bool - :ivar sort_by: Columns to sort by and sorting order. - :vartype sort_by: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteria] - :ivar sources: Sources of threat intelligence indicators. - :vartype sources: list[str] - :ivar pattern_types: Pattern types. - :vartype pattern_types: list[str] - :ivar threat_types: Threat types of threat intelligence indicators. - :vartype threat_types: list[str] - :ivar ids: Ids of threat intelligence indicators. - :vartype ids: list[str] - :ivar keywords: Keywords for searching threat intelligence indicators. - :vartype keywords: list[str] - :ivar skip_token: Skip token. - :vartype skip_token: str - """ - - _attribute_map = { - "page_size": {"key": "pageSize", "type": "int"}, - "min_confidence": {"key": "minConfidence", "type": "int"}, - "max_confidence": {"key": "maxConfidence", "type": "int"}, - "min_valid_until": {"key": "minValidUntil", "type": "str"}, - "max_valid_until": {"key": "maxValidUntil", "type": "str"}, - "include_disabled": {"key": "includeDisabled", "type": "bool"}, - "sort_by": {"key": "sortBy", "type": "[ThreatIntelligenceSortingCriteria]"}, - "sources": {"key": "sources", "type": "[str]"}, - "pattern_types": {"key": "patternTypes", "type": "[str]"}, - "threat_types": {"key": "threatTypes", "type": "[str]"}, - "ids": {"key": "ids", "type": "[str]"}, - "keywords": {"key": "keywords", "type": "[str]"}, - "skip_token": {"key": "skipToken", "type": "str"}, - } - - def __init__( - self, - *, - page_size: Optional[int] = None, - min_confidence: Optional[int] = None, - max_confidence: Optional[int] = None, - min_valid_until: Optional[str] = None, - max_valid_until: Optional[str] = None, - include_disabled: Optional[bool] = None, - sort_by: Optional[List["_models.ThreatIntelligenceSortingCriteria"]] = None, - sources: Optional[List[str]] = None, - pattern_types: Optional[List[str]] = None, - threat_types: Optional[List[str]] = None, - ids: Optional[List[str]] = None, - keywords: Optional[List[str]] = None, - skip_token: Optional[str] = None, - **kwargs - ): - """ - :keyword page_size: Page size. - :paramtype page_size: int - :keyword min_confidence: Minimum confidence. - :paramtype min_confidence: int - :keyword max_confidence: Maximum confidence. - :paramtype max_confidence: int - :keyword min_valid_until: Start time for ValidUntil filter. - :paramtype min_valid_until: str - :keyword max_valid_until: End time for ValidUntil filter. - :paramtype max_valid_until: str - :keyword include_disabled: Parameter to include/exclude disabled indicators. - :paramtype include_disabled: bool - :keyword sort_by: Columns to sort by and sorting order. - :paramtype sort_by: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteria] - :keyword sources: Sources of threat intelligence indicators. - :paramtype sources: list[str] - :keyword pattern_types: Pattern types. - :paramtype pattern_types: list[str] - :keyword threat_types: Threat types of threat intelligence indicators. - :paramtype threat_types: list[str] - :keyword ids: Ids of threat intelligence indicators. - :paramtype ids: list[str] - :keyword keywords: Keywords for searching threat intelligence indicators. - :paramtype keywords: list[str] - :keyword skip_token: Skip token. - :paramtype skip_token: str - """ - super().__init__(**kwargs) - self.page_size = page_size - self.min_confidence = min_confidence - self.max_confidence = max_confidence - self.min_valid_until = min_valid_until - self.max_valid_until = max_valid_until - self.include_disabled = include_disabled - self.sort_by = sort_by - self.sources = sources - self.pattern_types = pattern_types - self.threat_types = threat_types - self.ids = ids - self.keywords = keywords - self.skip_token = skip_token - - -class ThreatIntelligenceGranularMarkingModel(_serialization.Model): - """Describes threat granular marking model entity. - - :ivar language: Language granular marking model. - :vartype language: str - :ivar marking_ref: marking reference granular marking model. - :vartype marking_ref: int - :ivar selectors: granular marking model selectors. - :vartype selectors: list[str] - """ - - _attribute_map = { - "language": {"key": "language", "type": "str"}, - "marking_ref": {"key": "markingRef", "type": "int"}, - "selectors": {"key": "selectors", "type": "[str]"}, - } - - def __init__( - self, - *, - language: Optional[str] = None, - marking_ref: Optional[int] = None, - selectors: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword language: Language granular marking model. - :paramtype language: str - :keyword marking_ref: marking reference granular marking model. - :paramtype marking_ref: int - :keyword selectors: granular marking model selectors. - :paramtype selectors: list[str] - """ - super().__init__(**kwargs) - self.language = language - self.marking_ref = marking_ref - self.selectors = selectors - - -class ThreatIntelligenceInformation(ResourceWithEtag): - """Threat intelligence information object. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - ThreatIntelligenceIndicatorModel - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - } - - _subtype_map = {"kind": {"indicator": "ThreatIntelligenceIndicatorModel"}} - - def __init__(self, *, etag: Optional[str] = None, **kwargs): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - """ - super().__init__(etag=etag, **kwargs) - self.kind: Optional[str] = None - - -class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): # pylint: disable=too-many-instance-attributes - """Threat intelligence indicator entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar threat_intelligence_tags: List of tags. - :vartype threat_intelligence_tags: list[str] - :ivar last_updated_time_utc: Last updated time in UTC. - :vartype last_updated_time_utc: str - :ivar source: Source of a threat intelligence entity. - :vartype source: str - :ivar display_name: Display name of a threat intelligence entity. - :vartype display_name: str - :ivar description: Description of a threat intelligence entity. - :vartype description: str - :ivar indicator_types: Indicator types of threat intelligence entities. - :vartype indicator_types: list[str] - :ivar pattern: Pattern of a threat intelligence entity. - :vartype pattern: str - :ivar pattern_type: Pattern type of a threat intelligence entity. - :vartype pattern_type: str - :ivar pattern_version: Pattern version of a threat intelligence entity. - :vartype pattern_version: str - :ivar kill_chain_phases: Kill chain phases. - :vartype kill_chain_phases: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] - :ivar parsed_pattern: Parsed patterns. - :vartype parsed_pattern: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] - :ivar external_id: External ID of threat intelligence entity. - :vartype external_id: str - :ivar created_by_ref: Created by reference of threat intelligence entity. - :vartype created_by_ref: str - :ivar defanged: Is threat intelligence entity defanged. - :vartype defanged: bool - :ivar external_last_updated_time_utc: External last updated time in UTC. - :vartype external_last_updated_time_utc: str - :ivar external_references: External References. - :vartype external_references: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] - :ivar granular_markings: Granular Markings. - :vartype granular_markings: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] - :ivar labels: Labels of threat intelligence entity. - :vartype labels: list[str] - :ivar revoked: Is threat intelligence entity revoked. - :vartype revoked: bool - :ivar confidence: Confidence of threat intelligence entity. - :vartype confidence: int - :ivar object_marking_refs: Threat intelligence entity object marking references. - :vartype object_marking_refs: list[str] - :ivar language: Language of threat intelligence entity. - :vartype language: str - :ivar threat_types: Threat types. - :vartype threat_types: list[str] - :ivar valid_from: Valid from. - :vartype valid_from: str - :ivar valid_until: Valid until. - :vartype valid_until: str - :ivar created: Created by. - :vartype created: str - :ivar modified: Modified by. - :vartype modified: str - :ivar extensions: Extensions map. - :vartype extensions: dict[str, any] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "threat_intelligence_tags": {"key": "properties.threatIntelligenceTags", "type": "[str]"}, - "last_updated_time_utc": {"key": "properties.lastUpdatedTimeUtc", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "indicator_types": {"key": "properties.indicatorTypes", "type": "[str]"}, - "pattern": {"key": "properties.pattern", "type": "str"}, - "pattern_type": {"key": "properties.patternType", "type": "str"}, - "pattern_version": {"key": "properties.patternVersion", "type": "str"}, - "kill_chain_phases": {"key": "properties.killChainPhases", "type": "[ThreatIntelligenceKillChainPhase]"}, - "parsed_pattern": {"key": "properties.parsedPattern", "type": "[ThreatIntelligenceParsedPattern]"}, - "external_id": {"key": "properties.externalId", "type": "str"}, - "created_by_ref": {"key": "properties.createdByRef", "type": "str"}, - "defanged": {"key": "properties.defanged", "type": "bool"}, - "external_last_updated_time_utc": {"key": "properties.externalLastUpdatedTimeUtc", "type": "str"}, - "external_references": { - "key": "properties.externalReferences", - "type": "[ThreatIntelligenceExternalReference]", - }, - "granular_markings": {"key": "properties.granularMarkings", "type": "[ThreatIntelligenceGranularMarkingModel]"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "revoked": {"key": "properties.revoked", "type": "bool"}, - "confidence": {"key": "properties.confidence", "type": "int"}, - "object_marking_refs": {"key": "properties.objectMarkingRefs", "type": "[str]"}, - "language": {"key": "properties.language", "type": "str"}, - "threat_types": {"key": "properties.threatTypes", "type": "[str]"}, - "valid_from": {"key": "properties.validFrom", "type": "str"}, - "valid_until": {"key": "properties.validUntil", "type": "str"}, - "created": {"key": "properties.created", "type": "str"}, - "modified": {"key": "properties.modified", "type": "str"}, - "extensions": {"key": "properties.extensions", "type": "{object}"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - threat_intelligence_tags: Optional[List[str]] = None, - last_updated_time_utc: Optional[str] = None, - source: Optional[str] = None, - display_name: Optional[str] = None, - description: Optional[str] = None, - indicator_types: Optional[List[str]] = None, - pattern: Optional[str] = None, - pattern_type: Optional[str] = None, - pattern_version: Optional[str] = None, - kill_chain_phases: Optional[List["_models.ThreatIntelligenceKillChainPhase"]] = None, - parsed_pattern: Optional[List["_models.ThreatIntelligenceParsedPattern"]] = None, - external_id: Optional[str] = None, - created_by_ref: Optional[str] = None, - defanged: Optional[bool] = None, - external_last_updated_time_utc: Optional[str] = None, - external_references: Optional[List["_models.ThreatIntelligenceExternalReference"]] = None, - granular_markings: Optional[List["_models.ThreatIntelligenceGranularMarkingModel"]] = None, - labels: Optional[List[str]] = None, - revoked: Optional[bool] = None, - confidence: Optional[int] = None, - object_marking_refs: Optional[List[str]] = None, - language: Optional[str] = None, - threat_types: Optional[List[str]] = None, - valid_from: Optional[str] = None, - valid_until: Optional[str] = None, - created: Optional[str] = None, - modified: Optional[str] = None, - extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword threat_intelligence_tags: List of tags. - :paramtype threat_intelligence_tags: list[str] - :keyword last_updated_time_utc: Last updated time in UTC. - :paramtype last_updated_time_utc: str - :keyword source: Source of a threat intelligence entity. - :paramtype source: str - :keyword display_name: Display name of a threat intelligence entity. - :paramtype display_name: str - :keyword description: Description of a threat intelligence entity. - :paramtype description: str - :keyword indicator_types: Indicator types of threat intelligence entities. - :paramtype indicator_types: list[str] - :keyword pattern: Pattern of a threat intelligence entity. - :paramtype pattern: str - :keyword pattern_type: Pattern type of a threat intelligence entity. - :paramtype pattern_type: str - :keyword pattern_version: Pattern version of a threat intelligence entity. - :paramtype pattern_version: str - :keyword kill_chain_phases: Kill chain phases. - :paramtype kill_chain_phases: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] - :keyword parsed_pattern: Parsed patterns. - :paramtype parsed_pattern: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] - :keyword external_id: External ID of threat intelligence entity. - :paramtype external_id: str - :keyword created_by_ref: Created by reference of threat intelligence entity. - :paramtype created_by_ref: str - :keyword defanged: Is threat intelligence entity defanged. - :paramtype defanged: bool - :keyword external_last_updated_time_utc: External last updated time in UTC. - :paramtype external_last_updated_time_utc: str - :keyword external_references: External References. - :paramtype external_references: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] - :keyword granular_markings: Granular Markings. - :paramtype granular_markings: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] - :keyword labels: Labels of threat intelligence entity. - :paramtype labels: list[str] - :keyword revoked: Is threat intelligence entity revoked. - :paramtype revoked: bool - :keyword confidence: Confidence of threat intelligence entity. - :paramtype confidence: int - :keyword object_marking_refs: Threat intelligence entity object marking references. - :paramtype object_marking_refs: list[str] - :keyword language: Language of threat intelligence entity. - :paramtype language: str - :keyword threat_types: Threat types. - :paramtype threat_types: list[str] - :keyword valid_from: Valid from. - :paramtype valid_from: str - :keyword valid_until: Valid until. - :paramtype valid_until: str - :keyword created: Created by. - :paramtype created: str - :keyword modified: Modified by. - :paramtype modified: str - :keyword extensions: Extensions map. - :paramtype extensions: dict[str, any] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "indicator" - self.additional_data = None - self.friendly_name = None - self.threat_intelligence_tags = threat_intelligence_tags - self.last_updated_time_utc = last_updated_time_utc - self.source = source - self.display_name = display_name - self.description = description - self.indicator_types = indicator_types - self.pattern = pattern - self.pattern_type = pattern_type - self.pattern_version = pattern_version - self.kill_chain_phases = kill_chain_phases - self.parsed_pattern = parsed_pattern - self.external_id = external_id - self.created_by_ref = created_by_ref - self.defanged = defanged - self.external_last_updated_time_utc = external_last_updated_time_utc - self.external_references = external_references - self.granular_markings = granular_markings - self.labels = labels - self.revoked = revoked - self.confidence = confidence - self.object_marking_refs = object_marking_refs - self.language = language - self.threat_types = threat_types - self.valid_from = valid_from - self.valid_until = valid_until - self.created = created - self.modified = modified - self.extensions = extensions - - -class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Describes threat intelligence entity properties. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar threat_intelligence_tags: List of tags. - :vartype threat_intelligence_tags: list[str] - :ivar last_updated_time_utc: Last updated time in UTC. - :vartype last_updated_time_utc: str - :ivar source: Source of a threat intelligence entity. - :vartype source: str - :ivar display_name: Display name of a threat intelligence entity. - :vartype display_name: str - :ivar description: Description of a threat intelligence entity. - :vartype description: str - :ivar indicator_types: Indicator types of threat intelligence entities. - :vartype indicator_types: list[str] - :ivar pattern: Pattern of a threat intelligence entity. - :vartype pattern: str - :ivar pattern_type: Pattern type of a threat intelligence entity. - :vartype pattern_type: str - :ivar pattern_version: Pattern version of a threat intelligence entity. - :vartype pattern_version: str - :ivar kill_chain_phases: Kill chain phases. - :vartype kill_chain_phases: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] - :ivar parsed_pattern: Parsed patterns. - :vartype parsed_pattern: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] - :ivar external_id: External ID of threat intelligence entity. - :vartype external_id: str - :ivar created_by_ref: Created by reference of threat intelligence entity. - :vartype created_by_ref: str - :ivar defanged: Is threat intelligence entity defanged. - :vartype defanged: bool - :ivar external_last_updated_time_utc: External last updated time in UTC. - :vartype external_last_updated_time_utc: str - :ivar external_references: External References. - :vartype external_references: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] - :ivar granular_markings: Granular Markings. - :vartype granular_markings: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] - :ivar labels: Labels of threat intelligence entity. - :vartype labels: list[str] - :ivar revoked: Is threat intelligence entity revoked. - :vartype revoked: bool - :ivar confidence: Confidence of threat intelligence entity. - :vartype confidence: int - :ivar object_marking_refs: Threat intelligence entity object marking references. - :vartype object_marking_refs: list[str] - :ivar language: Language of threat intelligence entity. - :vartype language: str - :ivar threat_types: Threat types. - :vartype threat_types: list[str] - :ivar valid_from: Valid from. - :vartype valid_from: str - :ivar valid_until: Valid until. - :vartype valid_until: str - :ivar created: Created by. - :vartype created: str - :ivar modified: Modified by. - :vartype modified: str - :ivar extensions: Extensions map. - :vartype extensions: dict[str, any] - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, } _attribute_map = { @@ -21981,844 +9952,413 @@ class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): # pylint: "extensions": {"key": "extensions", "type": "{object}"}, } - def __init__( # pylint: disable=too-many-locals - self, - *, - threat_intelligence_tags: Optional[List[str]] = None, - last_updated_time_utc: Optional[str] = None, - source: Optional[str] = None, - display_name: Optional[str] = None, - description: Optional[str] = None, - indicator_types: Optional[List[str]] = None, - pattern: Optional[str] = None, - pattern_type: Optional[str] = None, - pattern_version: Optional[str] = None, - kill_chain_phases: Optional[List["_models.ThreatIntelligenceKillChainPhase"]] = None, - parsed_pattern: Optional[List["_models.ThreatIntelligenceParsedPattern"]] = None, - external_id: Optional[str] = None, - created_by_ref: Optional[str] = None, - defanged: Optional[bool] = None, - external_last_updated_time_utc: Optional[str] = None, - external_references: Optional[List["_models.ThreatIntelligenceExternalReference"]] = None, - granular_markings: Optional[List["_models.ThreatIntelligenceGranularMarkingModel"]] = None, - labels: Optional[List[str]] = None, - revoked: Optional[bool] = None, - confidence: Optional[int] = None, - object_marking_refs: Optional[List[str]] = None, - language: Optional[str] = None, - threat_types: Optional[List[str]] = None, - valid_from: Optional[str] = None, - valid_until: Optional[str] = None, - created: Optional[str] = None, - modified: Optional[str] = None, - extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): - """ - :keyword threat_intelligence_tags: List of tags. - :paramtype threat_intelligence_tags: list[str] - :keyword last_updated_time_utc: Last updated time in UTC. - :paramtype last_updated_time_utc: str - :keyword source: Source of a threat intelligence entity. - :paramtype source: str - :keyword display_name: Display name of a threat intelligence entity. - :paramtype display_name: str - :keyword description: Description of a threat intelligence entity. - :paramtype description: str - :keyword indicator_types: Indicator types of threat intelligence entities. - :paramtype indicator_types: list[str] - :keyword pattern: Pattern of a threat intelligence entity. - :paramtype pattern: str - :keyword pattern_type: Pattern type of a threat intelligence entity. - :paramtype pattern_type: str - :keyword pattern_version: Pattern version of a threat intelligence entity. - :paramtype pattern_version: str - :keyword kill_chain_phases: Kill chain phases. - :paramtype kill_chain_phases: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] - :keyword parsed_pattern: Parsed patterns. - :paramtype parsed_pattern: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] - :keyword external_id: External ID of threat intelligence entity. - :paramtype external_id: str - :keyword created_by_ref: Created by reference of threat intelligence entity. - :paramtype created_by_ref: str - :keyword defanged: Is threat intelligence entity defanged. - :paramtype defanged: bool - :keyword external_last_updated_time_utc: External last updated time in UTC. - :paramtype external_last_updated_time_utc: str - :keyword external_references: External References. - :paramtype external_references: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] - :keyword granular_markings: Granular Markings. - :paramtype granular_markings: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] - :keyword labels: Labels of threat intelligence entity. - :paramtype labels: list[str] - :keyword revoked: Is threat intelligence entity revoked. - :paramtype revoked: bool - :keyword confidence: Confidence of threat intelligence entity. - :paramtype confidence: int - :keyword object_marking_refs: Threat intelligence entity object marking references. - :paramtype object_marking_refs: list[str] - :keyword language: Language of threat intelligence entity. - :paramtype language: str - :keyword threat_types: Threat types. - :paramtype threat_types: list[str] - :keyword valid_from: Valid from. - :paramtype valid_from: str - :keyword valid_until: Valid until. - :paramtype valid_until: str - :keyword created: Created by. - :paramtype created: str - :keyword modified: Modified by. - :paramtype modified: str - :keyword extensions: Extensions map. - :paramtype extensions: dict[str, any] - """ - super().__init__(**kwargs) - self.threat_intelligence_tags = threat_intelligence_tags - self.last_updated_time_utc = last_updated_time_utc - self.source = source - self.display_name = display_name - self.description = description - self.indicator_types = indicator_types - self.pattern = pattern - self.pattern_type = pattern_type - self.pattern_version = pattern_version - self.kill_chain_phases = kill_chain_phases - self.parsed_pattern = parsed_pattern - self.external_id = external_id - self.created_by_ref = created_by_ref - self.defanged = defanged - self.external_last_updated_time_utc = external_last_updated_time_utc - self.external_references = external_references - self.granular_markings = granular_markings - self.labels = labels - self.revoked = revoked - self.confidence = confidence - self.object_marking_refs = object_marking_refs - self.language = language - self.threat_types = threat_types - self.valid_from = valid_from - self.valid_until = valid_until - self.created = created - self.modified = modified - self.extensions = extensions - - -class ThreatIntelligenceInformationList(_serialization.Model): - """List of all the threat intelligence information objects. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar next_link: URL to fetch the next set of information objects. - :vartype next_link: str - :ivar value: Array of threat intelligence information objects. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] - """ - - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, - } - - def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs): - """ - :keyword value: Array of threat intelligence information objects. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class ThreatIntelligenceKillChainPhase(_serialization.Model): - """Describes threat kill chain phase entity. - - :ivar kill_chain_name: Kill chainName name. - :vartype kill_chain_name: str - :ivar phase_name: Phase name. - :vartype phase_name: str - """ - - _attribute_map = { - "kill_chain_name": {"key": "killChainName", "type": "str"}, - "phase_name": {"key": "phaseName", "type": "str"}, - } - - def __init__(self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs): - """ - :keyword kill_chain_name: Kill chainName name. - :paramtype kill_chain_name: str - :keyword phase_name: Phase name. - :paramtype phase_name: str - """ - super().__init__(**kwargs) - self.kill_chain_name = kill_chain_name - self.phase_name = phase_name - - -class ThreatIntelligenceMetric(_serialization.Model): - """Describes threat intelligence metric. - - :ivar last_updated_time_utc: Last updated indicator metric. - :vartype last_updated_time_utc: str - :ivar threat_type_metrics: Threat type metrics. - :vartype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar pattern_type_metrics: Pattern type metrics. - :vartype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar source_metrics: Source metrics. - :vartype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - """ - - _attribute_map = { - "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, - "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - } - - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, + threat_intelligence_tags: Optional[List[str]] = None, last_updated_time_utc: Optional[str] = None, - threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - **kwargs - ): + source: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + indicator_types: Optional[List[str]] = None, + pattern: Optional[str] = None, + pattern_type: Optional[str] = None, + pattern_version: Optional[str] = None, + kill_chain_phases: Optional[List["_models.ThreatIntelligenceKillChainPhase"]] = None, + parsed_pattern: Optional[List["_models.ThreatIntelligenceParsedPattern"]] = None, + external_id: Optional[str] = None, + created_by_ref: Optional[str] = None, + defanged: Optional[bool] = None, + external_last_updated_time_utc: Optional[str] = None, + external_references: Optional[List["_models.ThreatIntelligenceExternalReference"]] = None, + granular_markings: Optional[List["_models.ThreatIntelligenceGranularMarkingModel"]] = None, + labels: Optional[List[str]] = None, + revoked: Optional[bool] = None, + confidence: Optional[int] = None, + object_marking_refs: Optional[List[str]] = None, + language: Optional[str] = None, + threat_types: Optional[List[str]] = None, + valid_from: Optional[str] = None, + valid_until: Optional[str] = None, + created: Optional[str] = None, + modified: Optional[str] = None, + extensions: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: """ - :keyword last_updated_time_utc: Last updated indicator metric. + :keyword threat_intelligence_tags: List of tags. + :paramtype threat_intelligence_tags: list[str] + :keyword last_updated_time_utc: Last updated time in UTC. :paramtype last_updated_time_utc: str - :keyword threat_type_metrics: Threat type metrics. - :paramtype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword pattern_type_metrics: Pattern type metrics. - :paramtype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword source_metrics: Source metrics. - :paramtype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - """ - super().__init__(**kwargs) - self.last_updated_time_utc = last_updated_time_utc - self.threat_type_metrics = threat_type_metrics - self.pattern_type_metrics = pattern_type_metrics - self.source_metrics = source_metrics - - -class ThreatIntelligenceMetricEntity(_serialization.Model): - """Describes threat intelligence metric entity. - - :ivar metric_name: Metric name. - :vartype metric_name: str - :ivar metric_value: Metric value. - :vartype metric_value: int - """ - - _attribute_map = { - "metric_name": {"key": "metricName", "type": "str"}, - "metric_value": {"key": "metricValue", "type": "int"}, - } - - def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs): - """ - :keyword metric_name: Metric name. - :paramtype metric_name: str - :keyword metric_value: Metric value. - :paramtype metric_value: int - """ - super().__init__(**kwargs) - self.metric_name = metric_name - self.metric_value = metric_value - - -class ThreatIntelligenceMetrics(_serialization.Model): - """Threat intelligence metrics. - - :ivar properties: Threat intelligence metrics. - :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric - """ - - _attribute_map = { - "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, - } - - def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs): - """ - :keyword properties: Threat intelligence metrics. - :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric - """ - super().__init__(**kwargs) - self.properties = properties - - -class ThreatIntelligenceMetricsList(_serialization.Model): - """List of all the threat intelligence metric fields (type/threat type/source). - - All required parameters must be populated in order to send to Azure. - - :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] - """ - - _validation = { - "value": {"required": True}, - } - - _attribute_map = { - "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, - } - - def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs): - """ - :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] - """ - super().__init__(**kwargs) - self.value = value - - -class ThreatIntelligenceParsedPattern(_serialization.Model): - """Describes parsed pattern entity. - - :ivar pattern_type_key: Pattern type key. - :vartype pattern_type_key: str - :ivar pattern_type_values: Pattern type keys. - :vartype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] - """ - - _attribute_map = { - "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, - "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, - } - - def __init__( - self, - *, - pattern_type_key: Optional[str] = None, - pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, - **kwargs - ): - """ - :keyword pattern_type_key: Pattern type key. - :paramtype pattern_type_key: str - :keyword pattern_type_values: Pattern type keys. - :paramtype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] - """ - super().__init__(**kwargs) - self.pattern_type_key = pattern_type_key - self.pattern_type_values = pattern_type_values - - -class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): - """Describes threat kill chain phase entity. - - :ivar value_type: Type of the value. - :vartype value_type: str - :ivar value: Value of parsed pattern. - :vartype value: str - """ - - _attribute_map = { - "value_type": {"key": "valueType", "type": "str"}, - "value": {"key": "value", "type": "str"}, - } - - def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs): - """ - :keyword value_type: Type of the value. - :paramtype value_type: str - :keyword value: Value of parsed pattern. - :paramtype value: str - """ - super().__init__(**kwargs) - self.value_type = value_type - self.value = value - - -class ThreatIntelligenceSortingCriteria(_serialization.Model): - """List of available columns for sorting. - - :ivar item_key: Column name. - :vartype item_key: str - :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", - "ascending", and "descending". - :vartype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum - """ - - _attribute_map = { - "item_key": {"key": "itemKey", "type": "str"}, - "sort_order": {"key": "sortOrder", "type": "str"}, - } - - def __init__( - self, - *, - item_key: Optional[str] = None, - sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingCriteriaEnum"]] = None, - **kwargs - ): - """ - :keyword item_key: Column name. - :paramtype item_key: str - :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: - "unsorted", "ascending", and "descending". - :paramtype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum + :keyword source: Source of a threat intelligence entity. + :paramtype source: str + :keyword display_name: Display name of a threat intelligence entity. + :paramtype display_name: str + :keyword description: Description of a threat intelligence entity. + :paramtype description: str + :keyword indicator_types: Indicator types of threat intelligence entities. + :paramtype indicator_types: list[str] + :keyword pattern: Pattern of a threat intelligence entity. + :paramtype pattern: str + :keyword pattern_type: Pattern type of a threat intelligence entity. + :paramtype pattern_type: str + :keyword pattern_version: Pattern version of a threat intelligence entity. + :paramtype pattern_version: str + :keyword kill_chain_phases: Kill chain phases. + :paramtype kill_chain_phases: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceKillChainPhase] + :keyword parsed_pattern: Parsed patterns. + :paramtype parsed_pattern: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPattern] + :keyword external_id: External ID of threat intelligence entity. + :paramtype external_id: str + :keyword created_by_ref: Created by reference of threat intelligence entity. + :paramtype created_by_ref: str + :keyword defanged: Is threat intelligence entity defanged. + :paramtype defanged: bool + :keyword external_last_updated_time_utc: External last updated time in UTC. + :paramtype external_last_updated_time_utc: str + :keyword external_references: External References. + :paramtype external_references: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceExternalReference] + :keyword granular_markings: Granular Markings. + :paramtype granular_markings: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceGranularMarkingModel] + :keyword labels: Labels of threat intelligence entity. + :paramtype labels: list[str] + :keyword revoked: Is threat intelligence entity revoked. + :paramtype revoked: bool + :keyword confidence: Confidence of threat intelligence entity. + :paramtype confidence: int + :keyword object_marking_refs: Threat intelligence entity object marking references. + :paramtype object_marking_refs: list[str] + :keyword language: Language of threat intelligence entity. + :paramtype language: str + :keyword threat_types: Threat types. + :paramtype threat_types: list[str] + :keyword valid_from: Valid from. + :paramtype valid_from: str + :keyword valid_until: Valid until. + :paramtype valid_until: str + :keyword created: Created by. + :paramtype created: str + :keyword modified: Modified by. + :paramtype modified: str + :keyword extensions: Extensions map. + :paramtype extensions: dict[str, any] """ super().__init__(**kwargs) - self.item_key = item_key - self.sort_order = sort_order + self.threat_intelligence_tags = threat_intelligence_tags + self.last_updated_time_utc = last_updated_time_utc + self.source = source + self.display_name = display_name + self.description = description + self.indicator_types = indicator_types + self.pattern = pattern + self.pattern_type = pattern_type + self.pattern_version = pattern_version + self.kill_chain_phases = kill_chain_phases + self.parsed_pattern = parsed_pattern + self.external_id = external_id + self.created_by_ref = created_by_ref + self.defanged = defanged + self.external_last_updated_time_utc = external_last_updated_time_utc + self.external_references = external_references + self.granular_markings = granular_markings + self.labels = labels + self.revoked = revoked + self.confidence = confidence + self.object_marking_refs = object_marking_refs + self.language = language + self.threat_types = threat_types + self.valid_from = valid_from + self.valid_until = valid_until + self.created = created + self.modified = modified + self.extensions = extensions -class TICheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence Platforms data connector check requirements. +class ThreatIntelligenceInformationList(_serialization.Model): + """List of all the threat intelligence information objects. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar next_link: URL to fetch the next set of information objects. + :vartype next_link: str + :ivar value: Array of threat intelligence information objects. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] """ _validation = { - "kind": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword value: Array of threat intelligence information objects. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligence" - self.tenant_id = tenant_id - + self.next_link = None + self.value = value -class TICheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence Platforms data connector required properties. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceKillChainPhase(_serialization.Model): + """Describes threat kill chain phase entity. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar kill_chain_name: Kill chainName name. + :vartype kill_chain_name: str + :ivar phase_name: Phase name. + :vartype phase_name: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "kill_chain_name": {"key": "killChainName", "type": "str"}, + "phase_name": {"key": "phaseName", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword kill_chain_name: Kill chainName name. + :paramtype kill_chain_name: str + :keyword phase_name: Phase name. + :paramtype phase_name: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class TIDataConnector(DataConnector): - """Represents threat intelligence data connector. + super().__init__(**kwargs) + self.kill_chain_name = kill_chain_name + self.phase_name = phase_name - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceMetric(_serialization.Model): + """Describes threat intelligence metric. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar last_updated_time_utc: Last updated indicator metric. + :vartype last_updated_time_utc: str + :ivar threat_type_metrics: Threat type metrics. + :vartype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar pattern_type_metrics: Pattern type metrics. + :vartype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar source_metrics: Source metrics. + :vartype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, + "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, + "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - tip_lookback_period: Optional[datetime.datetime] = None, - data_types: Optional["_models.TIDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligence" - self.tenant_id = tenant_id - self.tip_lookback_period = tip_lookback_period - self.data_types = data_types - - -class TIDataConnectorDataTypes(_serialization.Model): - """The available data types for TI (Threat Intelligence) data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar indicators: Data type for indicators connection. Required. - :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators - """ - - _validation = { - "indicators": {"required": True}, - } - - _attribute_map = { - "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, - } - - def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs): + last_updated_time_utc: Optional[str] = None, + threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + **kwargs: Any + ) -> None: """ - :keyword indicators: Data type for indicators connection. Required. - :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + :keyword last_updated_time_utc: Last updated indicator metric. + :paramtype last_updated_time_utc: str + :keyword threat_type_metrics: Threat type metrics. + :paramtype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword pattern_type_metrics: Pattern type metrics. + :paramtype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword source_metrics: Source metrics. + :paramtype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] """ super().__init__(**kwargs) - self.indicators = indicators - - -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): - """Data type for indicators connection. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) - + self.last_updated_time_utc = last_updated_time_utc + self.threat_type_metrics = threat_type_metrics + self.pattern_type_metrics = pattern_type_metrics + self.source_metrics = source_metrics -class TIDataConnectorProperties(DataConnectorTenantId): - """TI (Threat Intelligence) data connector properties. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceMetricEntity(_serialization.Model): + """Describes threat intelligence metric entity. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar metric_name: Metric name. + :vartype metric_name: str + :ivar metric_value: Metric value. + :vartype metric_value: int """ - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, + "metric_name": {"key": "metricName", "type": "str"}, + "metric_value": {"key": "metricValue", "type": "int"}, } - def __init__( - self, - *, - tenant_id: str, - data_types: "_models.TIDataConnectorDataTypes", - tip_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): + def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :keyword metric_name: Metric name. + :paramtype metric_name: str + :keyword metric_value: Metric value. + :paramtype metric_value: int """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.tip_lookback_period = tip_lookback_period - self.data_types = data_types - + super().__init__(**kwargs) + self.metric_name = metric_name + self.metric_value = metric_value -class TimelineAggregation(_serialization.Model): - """timeline aggregation information per kind. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceMetrics(_serialization.Model): + """Threat intelligence metrics. - :ivar count: the total items found for a kind. Required. - :vartype count: int - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar properties: Threat intelligence metrics. + :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric """ - _validation = { - "count": {"required": True}, - "kind": {"required": True}, - } - _attribute_map = { - "count": {"key": "count", "type": "int"}, - "kind": {"key": "kind", "type": "str"}, + "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, } - def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs): + def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs: Any) -> None: """ - :keyword count: the total items found for a kind. Required. - :paramtype count: int - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :keyword properties: Threat intelligence metrics. + :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric """ super().__init__(**kwargs) - self.count = count - self.kind = kind + self.properties = properties -class TimelineError(_serialization.Model): - """Timeline Query Errors. +class ThreatIntelligenceMetricsList(_serialization.Model): + """List of all the threat intelligence metric fields (type/threat type/source). All required parameters must be populated in order to send to Azure. - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str + :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, + "value": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, + "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, } - def __init__( - self, - *, - kind: Union[str, "_models.EntityTimelineKind"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs: Any) -> None: """ - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str + :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message - + self.value = value -class TimelineResultsMetadata(_serialization.Model): - """Expansion result metadata. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceParsedPattern(_serialization.Model): + """Describes parsed pattern entity. - :ivar total_count: the total items found for the timeline request. Required. - :vartype total_count: int - :ivar aggregations: timeline aggregation per kind. Required. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :ivar errors: information about the failure queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :ivar pattern_type_key: Pattern type key. + :vartype pattern_type_key: str + :ivar pattern_type_values: Pattern type keys. + :vartype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] """ - _validation = { - "total_count": {"required": True}, - "aggregations": {"required": True}, - } - _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, - "errors": {"key": "errors", "type": "[TimelineError]"}, + "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, + "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, } def __init__( self, *, - total_count: int, - aggregations: List["_models.TimelineAggregation"], - errors: Optional[List["_models.TimelineError"]] = None, - **kwargs - ): + pattern_type_key: Optional[str] = None, + pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, + **kwargs: Any + ) -> None: """ - :keyword total_count: the total items found for the timeline request. Required. - :paramtype total_count: int - :keyword aggregations: timeline aggregation per kind. Required. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :keyword errors: information about the failure queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :keyword pattern_type_key: Pattern type key. + :paramtype pattern_type_key: str + :keyword pattern_type_values: Pattern type keys. + :paramtype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] """ super().__init__(**kwargs) - self.total_count = total_count - self.aggregations = aggregations - self.errors = errors - + self.pattern_type_key = pattern_type_key + self.pattern_type_values = pattern_type_values -class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence TAXII data connector check requirements. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): + """Describes threat kill chain phase entity. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar value_type: Type of the value. + :vartype value_type: str + :ivar value: Value of parsed pattern. + :vartype value: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "value_type": {"key": "valueType", "type": "str"}, + "value": {"key": "value", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword value_type: Type of the value. + :paramtype value_type: str + :keyword value: Value of parsed pattern. + :paramtype value: str """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligenceTaxii" - self.tenant_id = tenant_id - + self.value_type = value_type + self.value = value -class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector required properties. - All required parameters must be populated in order to send to Azure. +class ThreatIntelligenceSortingCriteria(_serialization.Model): + """List of available columns for sorting. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar item_key: Column name. + :vartype item_key: str + :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", + "ascending", and "descending". + :vartype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "item_key": {"key": "itemKey", "type": "str"}, + "sort_order": {"key": "sortOrder", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, + *, + item_key: Optional[str] = None, + sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingOrder"]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword item_key: Column name. + :paramtype item_key: str + :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: + "unsorted", "ascending", and "descending". + :paramtype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(**kwargs) + self.item_key = item_key + self.sort_order = sort_order -class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes - """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -22838,34 +10378,16 @@ class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance- :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", + "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", and + "MicrosoftDefenderAdvancedThreatProtection". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. - :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ _validation = { @@ -22884,15 +10406,8 @@ class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance- "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "workspace_id": {"key": "properties.workspaceId", "type": "str"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, - "collection_id": {"key": "properties.collectionId", "type": "str"}, - "user_name": {"key": "properties.userName", "type": "str"}, - "password": {"key": "properties.password", "type": "str"}, - "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, + "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, } def __init__( @@ -22900,273 +10415,70 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, - data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, - **kwargs - ): + tip_lookback_period: Optional[datetime.datetime] = None, + data_types: Optional["_models.TIDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligenceTaxii" + self.kind: str = "ThreatIntelligence" self.tenant_id = tenant_id - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency + self.tip_lookback_period = tip_lookback_period self.data_types = data_types -class TiTaxiiDataConnectorDataTypes(_serialization.Model): - """The available data types for Threat Intelligence TAXII data connector. - - All required parameters must be populated in order to send to Azure. +class TIDataConnectorDataTypes(_serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. - :ivar taxii_client: Data type for TAXII connector. Required. - :vartype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :ivar indicators: Data type for indicators connection. + :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ - _validation = { - "taxii_client": {"required": True}, - } - _attribute_map = { - "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, + "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, } - def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs): + def __init__( + self, *, indicators: Optional["_models.TIDataConnectorDataTypesIndicators"] = None, **kwargs: Any + ) -> None: """ - :keyword taxii_client: Data type for TAXII connector. Required. - :paramtype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :keyword indicators: Data type for indicators connection. + :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ super().__init__(**kwargs) - self.taxii_client = taxii_client - + self.indicators = indicators -class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): - """Data type for TAXII connector. - All required parameters must be populated in order to send to Azure. +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". + :ivar state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Optional[Union[str, "_models.DataTypeState"]] = None, **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". + :keyword state: Describe whether this data type connection is enabled or not. Known values are: + "Enabled" and "Disabled". :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ super().__init__(state=state, **kwargs) -class TiTaxiiDataConnectorProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. - :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "polling_frequency": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "workspace_id": {"key": "workspaceId", "type": "str"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "taxii_server": {"key": "taxiiServer", "type": "str"}, - "collection_id": {"key": "collectionId", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "pollingFrequency", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, - } - - def __init__( - self, - *, - tenant_id: str, - polling_frequency: Union[str, "_models.PollingFrequency"], - data_types: "_models.TiTaxiiDataConnectorDataTypes", - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency - self.data_types = data_types - - -class Ueba(Settings): - """Settings with single toggle. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar data_sources: The relevant data sources that enriched by ueba. - :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_sources: The relevant data sources that enriched by ueba. - :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Ueba" - self.data_sources = data_sources - - class UrlEntity(Entity): """Represents a url entity. @@ -23188,11 +10500,11 @@ class UrlEntity(Entity): :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + "Bookmark", "MailCluster", "MailMessage", "Mailbox", and "SubmissionMail". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -23222,7 +10534,7 @@ class UrlEntity(Entity): "url": {"key": "properties.url", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "Url" @@ -23238,7 +10550,7 @@ class UrlEntityProperties(EntityCommonProperties): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -23258,7 +10570,7 @@ class UrlEntityProperties(EntityCommonProperties): "url": {"key": "url", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.url = None @@ -23288,7 +10600,7 @@ class UserInfo(_serialization.Model): "object_id": {"key": "objectId", "type": "str"}, } - def __init__(self, *, object_id: Optional[str] = None, **kwargs): + def __init__(self, *, object_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword object_id: The object id of the user. :paramtype object_id: str @@ -23299,36 +10611,6 @@ def __init__(self, *, object_id: Optional[str] = None, **kwargs): self.object_id = object_id -class ValidationError(_serialization.Model): - """Describes an error encountered in the file during validation. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar record_index: The number of the record that has the error. - :vartype record_index: int - :ivar error_messages: A list of descriptions of the error. - :vartype error_messages: list[str] - """ - - _validation = { - "error_messages": {"readonly": True}, - } - - _attribute_map = { - "record_index": {"key": "recordIndex", "type": "int"}, - "error_messages": {"key": "errorMessages", "type": "[str]"}, - } - - def __init__(self, *, record_index: Optional[int] = None, **kwargs): - """ - :keyword record_index: The number of the record that has the error. - :paramtype record_index: int - """ - super().__init__(**kwargs) - self.record_index = record_index - self.error_messages = None - - class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """Represents a Watchlist in Azure Security Insights. @@ -23353,11 +10635,8 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut :vartype display_name: str :ivar provider: The provider of the watchlist. :vartype provider: str - :ivar source: The filename of the watchlist, called 'source'. - :vartype source: str - :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote - storage". - :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :ivar source: The source of the watchlist. Known values are: "Local file" and "Remote storage". + :vartype source: str or ~azure.mgmt.securityinsight.models.Source :ivar created: The time the watchlist was created. :vartype created: ~datetime.datetime :ivar updated: The last time the watchlist was updated. @@ -23380,21 +10659,22 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut :vartype default_duration: ~datetime.timedelta :ivar tenant_id: The tenantId where the watchlist belongs to. :vartype tenant_id: str - :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the - header. + :ivar number_of_lines_to_skip: The number of lines in a csv content to skip before the header. :vartype number_of_lines_to_skip: int - :ivar raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :ivar raw_content: The raw content that represents to watchlist items to create. Example : This + line will be skipped + header1,header2 + value1,value2. :vartype raw_content: str :ivar items_search_key: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. :vartype items_search_key: str - :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. + :ivar content_type: The content type of the raw content. For now, only text/csv is valid. :vartype content_type: str - :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note - : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. **Note** + : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted. :vartype upload_status: str """ @@ -23415,7 +10695,6 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut "display_name": {"key": "properties.displayName", "type": "str"}, "provider": {"key": "properties.provider", "type": "str"}, "source": {"key": "properties.source", "type": "str"}, - "source_type": {"key": "properties.sourceType", "type": "str"}, "created": {"key": "properties.created", "type": "iso-8601"}, "updated": {"key": "properties.updated", "type": "iso-8601"}, "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, @@ -23441,8 +10720,7 @@ def __init__( # pylint: disable=too-many-locals watchlist_id: Optional[str] = None, display_name: Optional[str] = None, provider: Optional[str] = None, - source: Optional[str] = None, - source_type: Optional[Union[str, "_models.SourceType"]] = None, + source: Optional[Union[str, "_models.Source"]] = None, created: Optional[datetime.datetime] = None, updated: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, @@ -23459,8 +10737,8 @@ def __init__( # pylint: disable=too-many-locals items_search_key: Optional[str] = None, content_type: Optional[str] = None, upload_status: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -23470,11 +10748,9 @@ def __init__( # pylint: disable=too-many-locals :paramtype display_name: str :keyword provider: The provider of the watchlist. :paramtype provider: str - :keyword source: The filename of the watchlist, called 'source'. - :paramtype source: str - :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and - "Remote storage". - :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :keyword source: The source of the watchlist. Known values are: "Local file" and "Remote + storage". + :paramtype source: str or ~azure.mgmt.securityinsight.models.Source :keyword created: The time the watchlist was created. :paramtype created: ~datetime.datetime :keyword updated: The last time the watchlist was updated. @@ -23497,21 +10773,23 @@ def __init__( # pylint: disable=too-many-locals :paramtype default_duration: ~datetime.timedelta :keyword tenant_id: The tenantId where the watchlist belongs to. :paramtype tenant_id: str - :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + :keyword number_of_lines_to_skip: The number of lines in a csv content to skip before the header. :paramtype number_of_lines_to_skip: int - :keyword raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :keyword raw_content: The raw content that represents to watchlist items to create. Example : + This line will be skipped + header1,header2 + value1,value2. :paramtype raw_content: str :keyword items_search_key: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. :paramtype items_search_key: str - :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. + :keyword content_type: The content type of the raw content. For now, only text/csv is valid. :paramtype content_type: str - :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls - note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. + **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted. :paramtype upload_status: str """ super().__init__(etag=etag, **kwargs) @@ -23519,7 +10797,6 @@ def __init__( # pylint: disable=too-many-locals self.display_name = display_name self.provider = provider self.source = source - self.source_type = source_type self.created = created self.updated = updated self.created_by = created_by @@ -23539,7 +10816,7 @@ def __init__( # pylint: disable=too-many-locals class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a Watchlist item in Azure Security Insights. + """Represents a Watchlist Item in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. @@ -23573,9 +10850,9 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar updated_by: Describes a user that updated the watchlist item. :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo :ivar items_key_value: key-value pairs for a watchlist item. - :vartype items_key_value: dict[str, any] + :vartype items_key_value: JSON :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. - :vartype entity_mapping: dict[str, any] + :vartype entity_mapping: JSON """ _validation = { @@ -23599,8 +10876,8 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr "updated": {"key": "properties.updated", "type": "iso-8601"}, "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, - "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, + "items_key_value": {"key": "properties.itemsKeyValue", "type": "object"}, + "entity_mapping": {"key": "properties.entityMapping", "type": "object"}, } def __init__( @@ -23615,10 +10892,10 @@ def __init__( updated: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, updated_by: Optional["_models.UserInfo"] = None, - items_key_value: Optional[Dict[str, Any]] = None, - entity_mapping: Optional[Dict[str, Any]] = None, - **kwargs - ): + items_key_value: Optional[JSON] = None, + entity_mapping: Optional[JSON] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -23639,9 +10916,9 @@ def __init__( :keyword updated_by: Describes a user that updated the watchlist item. :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo :keyword items_key_value: key-value pairs for a watchlist item. - :paramtype items_key_value: dict[str, any] + :paramtype items_key_value: JSON :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. - :paramtype entity_mapping: dict[str, any] + :paramtype entity_mapping: JSON """ super().__init__(etag=etag, **kwargs) self.watchlist_item_type = watchlist_item_type @@ -23663,7 +10940,7 @@ class WatchlistItemList(_serialization.Model): All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlist item. + :ivar next_link: URL to fetch the next set of watchlist items. :vartype next_link: str :ivar value: Array of watchlist items. Required. :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] @@ -23679,7 +10956,7 @@ class WatchlistItemList(_serialization.Model): "value": {"key": "value", "type": "[WatchlistItem]"}, } - def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs): + def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs: Any) -> None: """ :keyword value: Array of watchlist items. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] @@ -23712,7 +10989,7 @@ class WatchlistList(_serialization.Model): "value": {"key": "value", "type": "[Watchlist]"}, } - def __init__(self, *, value: List["_models.Watchlist"], **kwargs): + def __init__(self, *, value: List["_models.Watchlist"], **kwargs: Any) -> None: """ :keyword value: Array of watchlist. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] @@ -23720,50 +10997,3 @@ def __init__(self, *, value: List["_models.Watchlist"], **kwargs): super().__init__(**kwargs) self.next_link = None self.value = value - - -class Webhook(_serialization.Model): - """Detail about the webhook object. - - :ivar webhook_id: Unique identifier for the webhook. - :vartype webhook_id: str - :ivar webhook_url: URL that gets invoked by the webhook. - :vartype webhook_url: str - :ivar webhook_secret_update_time: Time when the webhook secret was updated. - :vartype webhook_secret_update_time: str - :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. - :vartype rotate_webhook_secret: bool - """ - - _attribute_map = { - "webhook_id": {"key": "webhookId", "type": "str"}, - "webhook_url": {"key": "webhookUrl", "type": "str"}, - "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "str"}, - "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, - } - - def __init__( - self, - *, - webhook_id: Optional[str] = None, - webhook_url: Optional[str] = None, - webhook_secret_update_time: Optional[str] = None, - rotate_webhook_secret: Optional[bool] = None, - **kwargs - ): - """ - :keyword webhook_id: Unique identifier for the webhook. - :paramtype webhook_id: str - :keyword webhook_url: URL that gets invoked by the webhook. - :paramtype webhook_url: str - :keyword webhook_secret_update_time: Time when the webhook secret was updated. - :paramtype webhook_secret_update_time: str - :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook - secret. - :paramtype rotate_webhook_secret: bool - """ - super().__init__(**kwargs) - self.webhook_id = webhook_id - self.webhook_url = webhook_url - self.webhook_secret_update_time = webhook_secret_update_time - self.rotate_webhook_secret = rotate_webhook_secret diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py index 455b7f96600f..c4ec8a8e5444 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py @@ -13,44 +13,42 @@ class ActionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the automation rule action.""" - #: Modify an object's properties MODIFY_PROPERTIES = "ModifyProperties" - #: Run a playbook on an object + """Modify an object's properties""" RUN_PLAYBOOK = "RunPlaybook" - #: Add a task to an incident object - ADD_INCIDENT_TASK = "AddIncidentTask" + """Run a playbook on an object""" class AlertDetail(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Alert detail.""" - #: Alert display name DISPLAY_NAME = "DisplayName" - #: Alert severity + """Alert display name""" SEVERITY = "Severity" + """Alert severity""" class AlertProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 alert property.""" - #: Alert's link ALERT_LINK = "AlertLink" - #: Confidence level property + """Alert's link""" CONFIDENCE_LEVEL = "ConfidenceLevel" - #: Confidence score + """Confidence level property""" CONFIDENCE_SCORE = "ConfidenceScore" - #: Extended links to the alert + """Confidence score""" EXTENDED_LINKS = "ExtendedLinks" - #: Product name alert property + """Extended links to the alert""" PRODUCT_NAME = "ProductName" - #: Provider name alert property + """Product name alert property""" PROVIDER_NAME = "ProviderName" - #: Product component name alert property + """Provider name alert property""" PRODUCT_COMPONENT_NAME = "ProductComponentName" - #: Remediation steps alert property + """Product component name alert property""" REMEDIATION_STEPS = "RemediationSteps" - #: Techniques alert property + """Remediation steps alert property""" TECHNIQUES = "Techniques" + """Techniques alert property""" class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -59,50 +57,47 @@ class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): SCHEDULED = "Scheduled" MICROSOFT_SECURITY_INCIDENT_CREATION = "MicrosoftSecurityIncidentCreation" FUSION = "Fusion" - ML_BEHAVIOR_ANALYTICS = "MLBehaviorAnalytics" - THREAT_INTELLIGENCE = "ThreatIntelligence" - NRT = "NRT" class AlertSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the alert.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class AlertStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The lifecycle status of the alert.""" - #: Unknown value UNKNOWN = "Unknown" - #: New alert + """Unknown value""" NEW = "New" - #: Alert closed after handling + """New alert""" RESOLVED = "Resolved" - #: Alert dismissed as false positive + """Alert closed after handling""" DISMISSED = "Dismissed" - #: Alert is being handled + """Alert dismissed as false positive""" IN_PROGRESS = "InProgress" + """Alert is being handled""" class AntispamMailDirection(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The directionality of this mail message.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbound + """Unknown""" INBOUND = "Inbound" - #: Outbound + """Inbound""" OUTBOUND = "Outbound" - #: Intraorg + """Outbound""" INTRAORG = "Intraorg" + """Intraorg""" class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -127,252 +122,204 @@ class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): INHIBIT_RESPONSE_FUNCTION = "InhibitResponseFunction" -class AutomationRuleBooleanConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """AutomationRuleBooleanConditionSupportedOperator.""" - - #: Evaluates as true if all the item conditions are evaluated as true - AND = "And" - #: Evaluates as true if at least one of the item conditions are evaluated as true - OR = "Or" - - class AutomationRulePropertyArrayChangedConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedArrayType.""" - #: Evaluate the condition on the alerts ALERTS = "Alerts" - #: Evaluate the condition on the labels + """Evaluate the condition on the alerts""" LABELS = "Labels" - #: Evaluate the condition on the tactics + """Evaluate the condition on the labels""" TACTICS = "Tactics" - #: Evaluate the condition on the comments + """Evaluate the condition on the tactics""" COMMENTS = "Comments" + """Evaluate the condition on the comments""" class AutomationRulePropertyArrayChangedConditionSupportedChangeType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedChangeType.""" - #: Evaluate the condition on items added to the array ADDED = "Added" - - -class AutomationRulePropertyArrayConditionSupportedArrayConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """AutomationRulePropertyArrayConditionSupportedArrayConditionType.""" - - #: Evaluate the condition as true if any item fulfills it - ANY_ITEM = "AnyItem" - - -class AutomationRulePropertyArrayConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """AutomationRulePropertyArrayConditionSupportedArrayType.""" - - #: Evaluate the condition on the custom detail keys - CUSTOM_DETAILS = "CustomDetails" - #: Evaluate the condition on a custom detail's values - CUSTOM_DETAIL_VALUES = "CustomDetailValues" + """Evaluate the condition on items added to the array""" class AutomationRulePropertyChangedConditionSupportedChangedType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedChangedType.""" - #: Evaluate the condition on the previous value of the property CHANGED_FROM = "ChangedFrom" - #: Evaluate the condition on the updated value of the property + """Evaluate the condition on the previous value of the property""" CHANGED_TO = "ChangedTo" + """Evaluate the condition on the updated value of the property""" class AutomationRulePropertyChangedConditionSupportedPropertyType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedPropertyType.""" - #: Evaluate the condition on the incident severity INCIDENT_SEVERITY = "IncidentSeverity" - #: Evaluate the condition on the incident status + """Evaluate the condition on the incident severity""" INCIDENT_STATUS = "IncidentStatus" - #: Evaluate the condition on the incident owner + """Evaluate the condition on the incident status""" INCIDENT_OWNER = "IncidentOwner" + """Evaluate the condition on the incident owner""" class AutomationRulePropertyConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyConditionSupportedOperator.""" - #: Evaluates if the property equals at least one of the condition values EQUALS = "Equals" - #: Evaluates if the property does not equal any of the condition values + """Evaluates if the property equals at least one of the condition values""" NOT_EQUALS = "NotEquals" - #: Evaluates if the property contains at least one of the condition values + """Evaluates if the property does not equal any of the condition values""" CONTAINS = "Contains" - #: Evaluates if the property does not contain any of the condition values + """Evaluates if the property contains at least one of the condition values""" NOT_CONTAINS = "NotContains" - #: Evaluates if the property starts with any of the condition values + """Evaluates if the property does not contain any of the condition values""" STARTS_WITH = "StartsWith" - #: Evaluates if the property does not start with any of the condition values + """Evaluates if the property starts with any of the condition values""" NOT_STARTS_WITH = "NotStartsWith" - #: Evaluates if the property ends with any of the condition values + """Evaluates if the property does not start with any of the condition values""" ENDS_WITH = "EndsWith" - #: Evaluates if the property does not end with any of the condition values + """Evaluates if the property ends with any of the condition values""" NOT_ENDS_WITH = "NotEndsWith" + """Evaluates if the property does not end with any of the condition values""" class AutomationRulePropertyConditionSupportedProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The property to evaluate in an automation rule property condition.""" - #: The title of the incident INCIDENT_TITLE = "IncidentTitle" - #: The description of the incident + """The title of the incident""" INCIDENT_DESCRIPTION = "IncidentDescription" - #: The severity of the incident + """The description of the incident""" INCIDENT_SEVERITY = "IncidentSeverity" - #: The status of the incident + """The severity of the incident""" INCIDENT_STATUS = "IncidentStatus" - #: The related Analytic rule ids of the incident + """The status of the incident""" INCIDENT_RELATED_ANALYTIC_RULE_IDS = "IncidentRelatedAnalyticRuleIds" - #: The tactics of the incident + """The related Analytic rule ids of the incident""" INCIDENT_TACTICS = "IncidentTactics" - #: The labels of the incident + """The tactics of the incident""" INCIDENT_LABEL = "IncidentLabel" - #: The provider name of the incident + """The labels of the incident""" INCIDENT_PROVIDER_NAME = "IncidentProviderName" - #: The update source of the incident + """The provider name of the incident""" INCIDENT_UPDATED_BY_SOURCE = "IncidentUpdatedBySource" - #: The incident custom detail key - INCIDENT_CUSTOM_DETAILS_KEY = "IncidentCustomDetailsKey" - #: The incident custom detail value - INCIDENT_CUSTOM_DETAILS_VALUE = "IncidentCustomDetailsValue" - #: The account Azure Active Directory tenant id + """The update source of the incident""" ACCOUNT_AAD_TENANT_ID = "AccountAadTenantId" - #: The account Azure Active Directory user id + """The account Azure Active Directory tenant id""" ACCOUNT_AAD_USER_ID = "AccountAadUserId" - #: The account name + """The account Azure Active Directory user id""" ACCOUNT_NAME = "AccountName" - #: The account NetBIOS domain name + """The account name""" ACCOUNT_NT_DOMAIN = "AccountNTDomain" - #: The account Azure Active Directory Passport User ID + """The account NetBIOS domain name""" ACCOUNT_PUID = "AccountPUID" - #: The account security identifier + """The account Azure Active Directory Passport User ID""" ACCOUNT_SID = "AccountSid" - #: The account unique identifier + """The account security identifier""" ACCOUNT_OBJECT_GUID = "AccountObjectGuid" - #: The account user principal name suffix + """The account unique identifier""" ACCOUNT_UPN_SUFFIX = "AccountUPNSuffix" - #: The name of the product of the alert + """The account user principal name suffix""" ALERT_PRODUCT_NAMES = "AlertProductNames" - #: The analytic rule ids of the alert + """The name of the product of the alert""" ALERT_ANALYTIC_RULE_IDS = "AlertAnalyticRuleIds" - #: The Azure resource id + """The analytic rule ids of the alert""" AZURE_RESOURCE_RESOURCE_ID = "AzureResourceResourceId" - #: The Azure resource subscription id + """The Azure resource id""" AZURE_RESOURCE_SUBSCRIPTION_ID = "AzureResourceSubscriptionId" - #: The cloud application identifier + """The Azure resource subscription id""" CLOUD_APPLICATION_APP_ID = "CloudApplicationAppId" - #: The cloud application name + """The cloud application identifier""" CLOUD_APPLICATION_APP_NAME = "CloudApplicationAppName" - #: The dns record domain name + """The cloud application name""" DNS_DOMAIN_NAME = "DNSDomainName" - #: The file directory full path + """The dns record domain name""" FILE_DIRECTORY = "FileDirectory" - #: The file name without path + """The file directory full path""" FILE_NAME = "FileName" - #: The file hash value + """The file name without path""" FILE_HASH_VALUE = "FileHashValue" - #: The host Azure resource id + """The file hash value""" HOST_AZURE_ID = "HostAzureID" - #: The host name without domain + """The host Azure resource id""" HOST_NAME = "HostName" - #: The host NetBIOS name + """The host name without domain""" HOST_NET_BIOS_NAME = "HostNetBiosName" - #: The host NT domain + """The host NetBIOS name""" HOST_NT_DOMAIN = "HostNTDomain" - #: The host operating system + """The host NT domain""" HOST_OS_VERSION = "HostOSVersion" - #: "The IoT device id + """The host operating system""" IO_T_DEVICE_ID = "IoTDeviceId" - #: The IoT device name + """"The IoT device id""" IO_T_DEVICE_NAME = "IoTDeviceName" - #: The IoT device type + """The IoT device name""" IO_T_DEVICE_TYPE = "IoTDeviceType" - #: The IoT device vendor + """The IoT device type""" IO_T_DEVICE_VENDOR = "IoTDeviceVendor" - #: The IoT device model + """The IoT device vendor""" IO_T_DEVICE_MODEL = "IoTDeviceModel" - #: The IoT device operating system + """The IoT device model""" IO_T_DEVICE_OPERATING_SYSTEM = "IoTDeviceOperatingSystem" - #: The IP address + """The IoT device operating system""" IP_ADDRESS = "IPAddress" - #: The mailbox display name + """The IP address""" MAILBOX_DISPLAY_NAME = "MailboxDisplayName" - #: The mailbox primary address + """The mailbox display name""" MAILBOX_PRIMARY_ADDRESS = "MailboxPrimaryAddress" - #: The mailbox user principal name + """The mailbox primary address""" MAILBOX_UPN = "MailboxUPN" - #: The mail message delivery action + """The mailbox user principal name""" MAIL_MESSAGE_DELIVERY_ACTION = "MailMessageDeliveryAction" - #: The mail message delivery location + """The mail message delivery action""" MAIL_MESSAGE_DELIVERY_LOCATION = "MailMessageDeliveryLocation" - #: The mail message recipient + """The mail message delivery location""" MAIL_MESSAGE_RECIPIENT = "MailMessageRecipient" - #: The mail message sender IP address + """The mail message recipient""" MAIL_MESSAGE_SENDER_IP = "MailMessageSenderIP" - #: The mail message subject + """The mail message sender IP address""" MAIL_MESSAGE_SUBJECT = "MailMessageSubject" - #: The mail message P1 sender + """The mail message subject""" MAIL_MESSAGE_P1_SENDER = "MailMessageP1Sender" - #: The mail message P2 sender + """The mail message P1 sender""" MAIL_MESSAGE_P2_SENDER = "MailMessageP2Sender" - #: The malware category + """The mail message P2 sender""" MALWARE_CATEGORY = "MalwareCategory" - #: The malware name + """The malware category""" MALWARE_NAME = "MalwareName" - #: The process execution command line + """The malware name""" PROCESS_COMMAND_LINE = "ProcessCommandLine" - #: The process id + """The process execution command line""" PROCESS_ID = "ProcessId" - #: The registry key path + """The process id""" REGISTRY_KEY = "RegistryKey" - #: The registry key value in string formatted representation + """The registry key path""" REGISTRY_VALUE_DATA = "RegistryValueData" - #: The url + """The registry key value in string formatted representation""" URL = "Url" - - -class Category(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Categories of recommendations.""" - - #: Onboarding recommendation. - ONBOARDING = "Onboarding" - #: New feature recommendation. - NEW_FEATURE = "NewFeature" - #: Soc Efficiency recommendation. - SOC_EFFICIENCY = "SocEfficiency" - #: Cost optimization recommendation. - COST_OPTIMIZATION = "CostOptimization" - #: Demo recommendation. - DEMO = "Demo" + """The url""" class ConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """ConditionType.""" - #: Evaluate an object property value PROPERTY = "Property" - #: Evaluate an object array property value - PROPERTY_ARRAY = "PropertyArray" - #: Evaluate an object property changed value + """Evaluate an object property value""" PROPERTY_CHANGED = "PropertyChanged" - #: Evaluate an object array property changed value + """Evaluate an object property changed value""" PROPERTY_ARRAY_CHANGED = "PropertyArrayChanged" - #: Apply a boolean operator (e.g AND, OR) to conditions - BOOLEAN = "Boolean" + """Evaluate an object array property changed value""" class ConfidenceLevel(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The confidence level of this alert.""" - #: Unknown confidence, the is the default value UNKNOWN = "Unknown" - #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack + """Unknown confidence, the is the default value""" LOW = "Low" - #: High confidence that the alert is true positive malicious + """Low confidence, meaning we have some doubts this is indeed malicious or part of an attack""" HIGH = "High" + """High confidence that the alert is true positive malicious""" class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -380,49 +327,15 @@ class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): this alert, not applicable or final. """ - #: Score will not be calculated for this alert as it is not supported by virtual analyst NOT_APPLICABLE = "NotApplicable" - #: No score was set yet and calculation is in progress + """Score will not be calculated for this alert as it is not supported by virtual analyst""" IN_PROCESS = "InProcess" - #: Score is calculated and shown as part of the alert, but may be updated again at a later time - #: following the processing of additional data + """No score was set yet and calculation is in progress""" NOT_FINAL = "NotFinal" - #: Final score was calculated and available + """Score is calculated and shown as part of the alert, but may be updated again at a later time + #: following the processing of additional data""" FINAL = "Final" - - -class ConnectAuthKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The authentication kind used to poll the data.""" - - BASIC = "Basic" - O_AUTH2 = "OAuth2" - API_KEY = "APIKey" - - -class ConnectivityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """type of connectivity.""" - - IS_CONNECTED_QUERY = "IsConnectedQuery" - - -class ContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The content type of a source control path.""" - - ANALYTIC_RULE = "AnalyticRule" - WORKBOOK = "Workbook" - - -class Context(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Context of recommendation.""" - - #: Analytics context. - ANALYTICS = "Analytics" - #: Incidents context. - INCIDENTS = "Incidents" - #: Overview context. - OVERVIEW = "Overview" - #: No context. - NONE = "None" + """Final score was calculated and available""" class CreatedByType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -434,19 +347,6 @@ class CreatedByType(str, Enum, metaclass=CaseInsensitiveEnumMeta): KEY = "Key" -class CustomEntityQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the entity query that supports put request.""" - - ACTIVITY = "Activity" - - -class DataConnectorAuthorizationState(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Describes the state of user's authorization for a connector kind.""" - - VALID = "Valid" - INVALID = "Invalid" - - class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the data connector.""" @@ -454,30 +354,10 @@ class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): AZURE_SECURITY_CENTER = "AzureSecurityCenter" MICROSOFT_CLOUD_APP_SECURITY = "MicrosoftCloudAppSecurity" THREAT_INTELLIGENCE = "ThreatIntelligence" - THREAT_INTELLIGENCE_TAXII = "ThreatIntelligenceTaxii" OFFICE365 = "Office365" - OFFICE_ATP = "OfficeATP" - OFFICE_IRM = "OfficeIRM" - OFFICE365_PROJECT = "Office365Project" - OFFICE_POWER_BI = "OfficePowerBI" AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail" - AMAZON_WEB_SERVICES_S3 = "AmazonWebServicesS3" AZURE_ADVANCED_THREAT_PROTECTION = "AzureAdvancedThreatProtection" MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "MicrosoftDefenderAdvancedThreatProtection" - DYNAMICS365 = "Dynamics365" - MICROSOFT_THREAT_PROTECTION = "MicrosoftThreatProtection" - MICROSOFT_THREAT_INTELLIGENCE = "MicrosoftThreatIntelligence" - GENERIC_UI = "GenericUI" - API_POLLING = "APIPolling" - IOT = "IOT" - - -class DataConnectorLicenseState(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Describes the state of user's license for a connector kind.""" - - VALID = "Valid" - INVALID = "Invalid" - UNKNOWN = "Unknown" class DataTypeState(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -487,295 +367,141 @@ class DataTypeState(str, Enum, metaclass=CaseInsensitiveEnumMeta): DISABLED = "Disabled" -class DeleteStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Indicates whether the file was deleted from the storage account.""" - - #: The file was deleted. - DELETED = "Deleted" - #: The file was not deleted. - NOT_DELETED = "NotDeleted" - #: Unspecified - UNSPECIFIED = "Unspecified" - - class DeliveryAction(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery action of this mail message like Delivered, Blocked, Replaced etc.""" - #: Unknown UNKNOWN = "Unknown" - #: DeliveredAsSpam + """Unknown""" DELIVERED_AS_SPAM = "DeliveredAsSpam" - #: Delivered + """DeliveredAsSpam""" DELIVERED = "Delivered" - #: Blocked + """Delivered""" BLOCKED = "Blocked" - #: Replaced + """Blocked""" REPLACED = "Replaced" + """Replaced""" class DeliveryLocation(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery location of this mail message like Inbox, JunkFolder etc.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbox + """Unknown""" INBOX = "Inbox" - #: JunkFolder + """Inbox""" JUNK_FOLDER = "JunkFolder" - #: DeletedFolder + """JunkFolder""" DELETED_FOLDER = "DeletedFolder" - #: Quarantine + """DeletedFolder""" QUARANTINE = "Quarantine" - #: External + """Quarantine""" EXTERNAL = "External" - #: Failed + """External""" FAILED = "Failed" - #: Dropped + """Failed""" DROPPED = "Dropped" - #: Forwarded + """Dropped""" FORWARDED = "Forwarded" - - -class DeploymentFetchStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Status while trying to fetch the deployment information.""" - - SUCCESS = "Success" - UNAUTHORIZED = "Unauthorized" - NOT_FOUND = "NotFound" - - -class DeploymentResult(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Status while trying to fetch the deployment information.""" - - SUCCESS = "Success" - CANCELED = "Canceled" - FAILED = "Failed" - - -class DeploymentState(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The current state of the deployment.""" - - IN_PROGRESS = "In_Progress" - COMPLETED = "Completed" - QUEUED = "Queued" - CANCELING = "Canceling" - - -class DeviceImportance(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Device importance, determines if the device classified as 'crown jewel'.""" - - #: Unknown - Default value - UNKNOWN = "Unknown" - #: Low - LOW = "Low" - #: Normal - NORMAL = "Normal" - #: High - HIGH = "High" + """Forwarded""" class ElevationToken(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The elevation token associated with the process.""" - #: Default elevation token DEFAULT = "Default" - #: Full elevation token + """Default elevation token""" FULL = "Full" - #: Limited elevation token + """Full elevation token""" LIMITED = "Limited" + """Limited elevation token""" -class EntityItemQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """EntityItemQueryKind.""" - - #: insight - INSIGHT = "Insight" - - -class EntityKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class EntityKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the entity.""" - #: Entity represents account in the system. ACCOUNT = "Account" - #: Entity represents host in the system. + """Entity represents account in the system.""" HOST = "Host" - #: Entity represents file in the system. + """Entity represents host in the system.""" FILE = "File" - #: Entity represents azure resource in the system. + """Entity represents file in the system.""" AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. + """Entity represents azure resource in the system.""" CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns resolution in the system. + """Entity represents cloud application in the system.""" DNS_RESOLUTION = "DnsResolution" - #: Entity represents file hash in the system. + """Entity represents dns resolution in the system.""" FILE_HASH = "FileHash" - #: Entity represents ip in the system. + """Entity represents file hash in the system.""" IP = "Ip" - #: Entity represents malware in the system. + """Entity represents ip in the system.""" MALWARE = "Malware" - #: Entity represents process in the system. + """Entity represents malware in the system.""" PROCESS = "Process" - #: Entity represents registry key in the system. + """Entity represents process in the system.""" REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. + """Entity represents registry key in the system.""" REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. + """Entity represents registry value in the system.""" SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. + """Entity represents security group in the system.""" URL = "Url" - #: Entity represents IoT device in the system. + """Entity represents url in the system.""" IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. + """Entity represents IoT device in the system.""" SECURITY_ALERT = "SecurityAlert" - #: Entity represents bookmark in the system. + """Entity represents security alert in the system.""" BOOKMARK = "Bookmark" - #: Entity represents mail cluster in the system. + """Entity represents bookmark in the system.""" MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. + """Entity represents mail cluster in the system.""" MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. + """Entity represents mail message in the system.""" MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. + """Entity represents mailbox in the system.""" SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. - NIC = "Nic" + """Entity represents submission mail in the system.""" class EntityMappingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 type of the mapped entity.""" - #: User account entity type ACCOUNT = "Account" - #: Host entity type + """User account entity type""" HOST = "Host" - #: IP address entity type + """Host entity type""" IP = "IP" - #: Malware entity type + """IP address entity type""" MALWARE = "Malware" - #: System file entity type + """Malware entity type""" FILE = "File" - #: Process entity type + """System file entity type""" PROCESS = "Process" - #: Cloud app entity type + """Process entity type""" CLOUD_APPLICATION = "CloudApplication" - #: DNS entity type + """Cloud app entity type""" DNS = "DNS" - #: Azure resource entity type + """DNS entity type""" AZURE_RESOURCE = "AzureResource" - #: File-hash entity type + """Azure resource entity type""" FILE_HASH = "FileHash" - #: Registry key entity type + """File-hash entity type""" REGISTRY_KEY = "RegistryKey" - #: Registry value entity type + """Registry key entity type""" REGISTRY_VALUE = "RegistryValue" - #: Security group entity type + """Registry value entity type""" SECURITY_GROUP = "SecurityGroup" - #: URL entity type + """Security group entity type""" URL = "URL" - #: Mailbox entity type + """URL entity type""" MAILBOX = "Mailbox" - #: Mail cluster entity type + """Mailbox entity type""" MAIL_CLUSTER = "MailCluster" - #: Mail message entity type + """Mail cluster entity type""" MAIL_MESSAGE = "MailMessage" - #: Submission mail entity type + """Mail message entity type""" SUBMISSION_MAIL = "SubmissionMail" - - -class EntityProviders(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The entity provider that is synced.""" - - ACTIVE_DIRECTORY = "ActiveDirectory" - AZURE_ACTIVE_DIRECTORY = "AzureActiveDirectory" - - -class EntityQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the entity query.""" - - EXPANSION = "Expansion" - INSIGHT = "Insight" - ACTIVITY = "Activity" - - -class EntityQueryTemplateKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the entity query template.""" - - ACTIVITY = "Activity" - - -class EntityTimelineKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The entity query kind.""" - - #: activity - ACTIVITY = "Activity" - #: bookmarks - BOOKMARK = "Bookmark" - #: security alerts - SECURITY_ALERT = "SecurityAlert" - #: anomaly - ANOMALY = "Anomaly" - - -class EntityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the entity.""" - - #: Entity represents account in the system. - ACCOUNT = "Account" - #: Entity represents host in the system. - HOST = "Host" - #: Entity represents file in the system. - FILE = "File" - #: Entity represents azure resource in the system. - AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. - CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns in the system. - DNS = "DNS" - #: Entity represents file hash in the system. - FILE_HASH = "FileHash" - #: Entity represents ip in the system. - IP = "IP" - #: Entity represents malware in the system. - MALWARE = "Malware" - #: Entity represents process in the system. - PROCESS = "Process" - #: Entity represents registry key in the system. - REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. - REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. - SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. - URL = "URL" - #: Entity represents IoT device in the system. - IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. - SECURITY_ALERT = "SecurityAlert" - #: Entity represents HuntingBookmark in the system. - HUNTING_BOOKMARK = "HuntingBookmark" - #: Entity represents mail cluster in the system. - MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. - MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. - MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. - SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. - NIC = "Nic" - - -class Enum13(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum13.""" - - EXPANSION = "Expansion" - ACTIVITY = "Activity" - - -class Enum15(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum15.""" - - ACTIVITY = "Activity" + """Submission mail entity type""" class EventGroupingAggregationKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -785,241 +511,151 @@ class EventGroupingAggregationKind(str, Enum, metaclass=CaseInsensitiveEnumMeta) ALERT_PER_RESULT = "AlertPerResult" -class FileFormat(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The format of the file.""" - - #: A CSV file. - CSV = "CSV" - #: A JSON file. - JSON = "JSON" - #: A file of other format. - UNSPECIFIED = "Unspecified" - - class FileHashAlgorithm(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The hash algorithm type.""" - #: Unknown hash algorithm UNKNOWN = "Unknown" - #: MD5 hash type + """Unknown hash algorithm""" MD5 = "MD5" - #: SHA1 hash type + """MD5 hash type""" SHA1 = "SHA1" - #: SHA256 hash type + """SHA1 hash type""" SHA256 = "SHA256" - #: SHA256 Authenticode hash type + """SHA256 hash type""" SHA256_AC = "SHA256AC" - - -class FileImportContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The content type of this file.""" - - #: File containing records with the core fields of an indicator, plus the observables to construct - #: the STIX pattern. - BASIC_INDICATOR = "BasicIndicator" - #: File containing STIX indicators. - STIX_INDICATOR = "StixIndicator" - #: File containing other records. - UNSPECIFIED = "Unspecified" - - -class FileImportState(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The state of the file import.""" - - #: A fatal error has occurred while ingesting the file. - FATAL_ERROR = "FatalError" - #: The file has been ingested. - INGESTED = "Ingested" - #: The file has been ingested with errors. - INGESTED_WITH_ERRORS = "IngestedWithErrors" - #: The file ingestion is in progress. - IN_PROGRESS = "InProgress" - #: The file is invalid. - INVALID = "Invalid" - #: Waiting for the file to be uploaded. - WAITING_FOR_UPLOAD = "WaitingForUpload" - #: Unspecified state. - UNSPECIFIED = "Unspecified" - - -class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """the query kind.""" - - INSIGHT = "Insight" + """SHA256 Authenticode hash type""" class IncidentClassification(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The reason the incident was closed.""" - #: Incident classification was undetermined UNDETERMINED = "Undetermined" - #: Incident was true positive + """Incident classification was undetermined""" TRUE_POSITIVE = "TruePositive" - #: Incident was benign positive + """Incident was true positive""" BENIGN_POSITIVE = "BenignPositive" - #: Incident was false positive + """Incident was benign positive""" FALSE_POSITIVE = "FalsePositive" + """Incident was false positive""" class IncidentClassificationReason(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The classification reason the incident was closed with.""" - #: Classification reason was suspicious activity SUSPICIOUS_ACTIVITY = "SuspiciousActivity" - #: Classification reason was suspicious but expected + """Classification reason was suspicious activity""" SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" - #: Classification reason was incorrect alert logic + """Classification reason was suspicious but expected""" INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" - #: Classification reason was inaccurate data + """Classification reason was incorrect alert logic""" INACCURATE_DATA = "InaccurateData" + """Classification reason was inaccurate data""" class IncidentLabelType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the label.""" - #: Label manually created by a user USER = "User" - #: Label automatically created by the system + """Label manually created by a user""" AUTO_ASSIGNED = "AutoAssigned" + """Label automatically created by the system""" class IncidentSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the incident.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class IncidentStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The status of the incident.""" - #: An active incident which isn't being handled currently NEW = "New" - #: An active incident which is being handled + """An active incident which isn't being handled currently""" ACTIVE = "Active" - #: A non-active incident + """An active incident which is being handled""" CLOSED = "Closed" - - -class IncidentTaskStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """IncidentTaskStatus.""" - - #: A new task - NEW = "New" - #: A completed task - COMPLETED = "Completed" - - -class IngestionMode(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Describes how to ingest the records in the file.""" - - #: No records should be ingested when invalid records are detected. - INGEST_ONLY_IF_ALL_ARE_VALID = "IngestOnlyIfAllAreValid" - #: Valid records should still be ingested when invalid records are detected. - INGEST_ANY_VALID_RECORDS = "IngestAnyValidRecords" - #: Unspecified - UNSPECIFIED = "Unspecified" + """A non-active incident""" class KillChainIntent(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The intent of the alert.""" + """Holds the alert intent stage(s) mapping for this alert.""" - #: The default value. UNKNOWN = "Unknown" - #: Probing could be an attempt to access a certain resource regardless of a malicious intent or a + """The default value.""" + PROBING = "Probing" + """Probing could be an attempt to access a certain resource regardless of a malicious intent or a #: failed attempt to gain access to a target system to gather information prior to exploitation. #: This step is usually detected as an attempt originating from outside the network in attempt to - #: scan the target system and find a way in. - PROBING = "Probing" - #: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. + #: scan the target system and find a way in.""" + EXPLOITATION = "Exploitation" + """Exploitation is the stage where an attacker manage to get foothold on the attacked resource. #: This stage is applicable not only for compute hosts, but also for resources such as user #: accounts, certificates etc. Adversaries will often be able to control the resource after this - #: stage. - EXPLOITATION = "Exploitation" - #: Persistence is any access, action, or configuration change to a system that gives an adversary + #: stage.""" + PERSISTENCE = "Persistence" + """Persistence is any access, action, or configuration change to a system that gives an adversary #: a persistent presence on that system. Adversaries will often need to maintain access to systems #: through interruptions such as system restarts, loss of credentials, or other failures that - #: would require a remote access tool to restart or alternate backdoor for them to regain access. - PERSISTENCE = "Persistence" - #: Privilege escalation is the result of actions that allow an adversary to obtain a higher level + #: would require a remote access tool to restart or alternate backdoor for them to regain access.""" + PRIVILEGE_ESCALATION = "PrivilegeEscalation" + """Privilege escalation is the result of actions that allow an adversary to obtain a higher level #: of permissions on a system or network. Certain tools or actions require a higher level of #: privilege to work and are likely necessary at many points throughout an operation. User #: accounts with permissions to access specific systems or perform specific functions necessary - #: for adversaries to achieve their objective may also be considered an escalation of privilege. - PRIVILEGE_ESCALATION = "PrivilegeEscalation" - #: Defense evasion consists of techniques an adversary may use to evade detection or avoid other - #: defenses. Sometimes these actions are the same as or variations of techniques in other - #: categories that have the added benefit of subverting a particular defense or mitigation. + #: for adversaries to achieve their objective may also be considered an escalation of privilege.""" DEFENSE_EVASION = "DefenseEvasion" - #: Credential access represents techniques resulting in access to or control over system, domain, + """Defense evasion consists of techniques an adversary may use to evade detection or avoid other + #: defenses. Sometimes these actions are the same as or variations of techniques in other + #: categories that have the added benefit of subverting a particular defense or mitigation.""" + CREDENTIAL_ACCESS = "CredentialAccess" + """Credential access represents techniques resulting in access to or control over system, domain, #: or service credentials that are used within an enterprise environment. Adversaries will likely #: attempt to obtain legitimate credentials from users or administrator accounts (local system #: administrator or domain users with administrator access) to use within the network. With #: sufficient access within a network, an adversary can create accounts for later use within the - #: environment. - CREDENTIAL_ACCESS = "CredentialAccess" - #: Discovery consists of techniques that allow the adversary to gain knowledge about the system + #: environment.""" + DISCOVERY = "Discovery" + """Discovery consists of techniques that allow the adversary to gain knowledge about the system #: and internal network. When adversaries gain access to a new system, they must orient themselves #: to what they now have control of and what benefits operating from that system give to their #: current objective or overall goals during the intrusion. The operating system provides many - #: native tools that aid in this post-compromise information-gathering phase. - DISCOVERY = "Discovery" - #: Lateral movement consists of techniques that enable an adversary to access and control remote + #: native tools that aid in this post-compromise information-gathering phase.""" + LATERAL_MOVEMENT = "LateralMovement" + """Lateral movement consists of techniques that enable an adversary to access and control remote #: systems on a network and could, but does not necessarily, include execution of tools on remote #: systems. The lateral movement techniques could allow an adversary to gather information from a #: system without needing additional tools, such as a remote access tool. An adversary can use #: lateral movement for many purposes, including remote Execution of tools, pivoting to additional #: systems, access to specific information or files, access to additional credentials, or to cause - #: an effect. - LATERAL_MOVEMENT = "LateralMovement" - #: The execution tactic represents techniques that result in execution of adversary-controlled - #: code on a local or remote system. This tactic is often used in conjunction with lateral - #: movement to expand access to remote systems on a network. + #: an effect.""" EXECUTION = "Execution" - #: Collection consists of techniques used to identify and gather information, such as sensitive - #: files, from a target network prior to exfiltration. This category also covers locations on a - #: system or network where the adversary may look for information to exfiltrate. + """The execution tactic represents techniques that result in execution of adversary-controlled + #: code on a local or remote system. This tactic is often used in conjunction with lateral + #: movement to expand access to remote systems on a network.""" COLLECTION = "Collection" - #: Exfiltration refers to techniques and attributes that result or aid in the adversary removing - #: files and information from a target network. This category also covers locations on a system or - #: network where the adversary may look for information to exfiltrate. + """Collection consists of techniques used to identify and gather information, such as sensitive + #: files, from a target network prior to exfiltration. This category also covers locations on a + #: system or network where the adversary may look for information to exfiltrate.""" EXFILTRATION = "Exfiltration" - #: The command and control tactic represents how adversaries communicate with systems under their - #: control within a target network. + """Exfiltration refers to techniques and attributes that result or aid in the adversary removing + #: files and information from a target network. This category also covers locations on a system or + #: network where the adversary may look for information to exfiltrate.""" COMMAND_AND_CONTROL = "CommandAndControl" - #: The impact intent primary objective is to directly reduce the availability or integrity of a + """The command and control tactic represents how adversaries communicate with systems under their + #: control within a target network.""" + IMPACT = "Impact" + """The impact intent primary objective is to directly reduce the availability or integrity of a #: system, service, or network; including manipulation of data to impact a business or operational #: process. This would often refer to techniques such as ransom-ware, defacement, data - #: manipulation and others. - IMPACT = "Impact" - - -class Kind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of content the metadata is for.""" - - DATA_CONNECTOR = "DataConnector" - DATA_TYPE = "DataType" - WORKBOOK = "Workbook" - WORKBOOK_TEMPLATE = "WorkbookTemplate" - PLAYBOOK = "Playbook" - PLAYBOOK_TEMPLATE = "PlaybookTemplate" - ANALYTICS_RULE_TEMPLATE = "AnalyticsRuleTemplate" - ANALYTICS_RULE = "AnalyticsRule" - HUNTING_QUERY = "HuntingQuery" - INVESTIGATION_QUERY = "InvestigationQuery" - PARSER = "Parser" - WATCHLIST = "Watchlist" - WATCHLIST_TEMPLATE = "WatchlistTemplate" - SOLUTION = "Solution" - AZURE_FUNCTION = "AzureFunction" - LOGIC_APPS_CUSTOM_CONNECTOR = "LogicAppsCustomConnector" - AUTOMATION_RULE = "AutomationRule" + #: manipulation and others.""" class MatchingMethod(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1027,13 +663,13 @@ class MatchingMethod(str, Enum, metaclass=CaseInsensitiveEnumMeta): groupByAlertDetails, groupByCustomDetails must be provided and not empty. """ - #: Grouping alerts into a single incident if all the entities match ALL_ENTITIES = "AllEntities" - #: Grouping any alerts triggered by this rule into a single incident + """Grouping alerts into a single incident if all the entities match""" ANY_ALERT = "AnyAlert" - #: Grouping alerts into a single incident if the selected entities, custom details and alert - #: details match + """Grouping any alerts triggered by this rule into a single incident""" SELECTED = "Selected" + """Grouping alerts into a single incident if the selected entities, custom details and alert + #: details match""" class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1044,116 +680,57 @@ class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta) AZURE_ADVANCED_THREAT_PROTECTION = "Azure Advanced Threat Protection" AZURE_ACTIVE_DIRECTORY_IDENTITY_PROTECTION = "Azure Active Directory Identity Protection" AZURE_SECURITY_CENTER_FOR_IO_T = "Azure Security Center for IoT" - OFFICE365_ADVANCED_THREAT_PROTECTION = "Office 365 Advanced Threat Protection" - MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "Microsoft Defender Advanced Threat Protection" - - -class Operator(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Operator used for list of dependencies in criteria array.""" - - AND = "AND" - OR = "OR" class OSFamily(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The operating system type.""" - #: Host with Linux operating system. LINUX = "Linux" - #: Host with Windows operating system. + """Host with Linux operating system.""" WINDOWS = "Windows" - #: Host with Android operating system. + """Host with Windows operating system.""" ANDROID = "Android" - #: Host with IOS operating system. + """Host with Android operating system.""" IOS = "IOS" - #: Host with Unknown operating system. + """Host with IOS operating system.""" UNKNOWN = "Unknown" - - -class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Insights Column type.""" - - NUMBER = "Number" - STRING = "String" - DATE = "Date" - ENTITY = "Entity" + """Host with Unknown operating system.""" class OwnerType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the owner the incident is assigned to.""" - #: The incident owner type is unknown UNKNOWN = "Unknown" - #: The incident owner type is an AAD user + """The incident owner type is unknown""" USER = "User" - #: The incident owner type is an AAD group + """The incident owner type is an AAD user""" GROUP = "Group" - - -class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Permission provider scope.""" - - RESOURCE_GROUP = "ResourceGroup" - SUBSCRIPTION = "Subscription" - WORKSPACE = "Workspace" - - -class PollingFrequency(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The polling frequency for the TAXII server.""" - - #: Once a minute - ONCE_A_MINUTE = "OnceAMinute" - #: Once an hour - ONCE_AN_HOUR = "OnceAnHour" - #: Once a day - ONCE_A_DAY = "OnceADay" - - -class Priority(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Priority of recommendation.""" - - #: Low priority for recommendation. - LOW = "Low" - #: Medium priority for recommendation. - MEDIUM = "Medium" - #: High priority for recommendation. - HIGH = "High" - - -class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Provider name.""" - - MICROSOFT_OPERATIONAL_INSIGHTS_SOLUTIONS = "Microsoft.OperationalInsights/solutions" - MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES = "Microsoft.OperationalInsights/workspaces" - MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES_DATASOURCES = "Microsoft.OperationalInsights/workspaces/datasources" - MICROSOFT_AADIAM_DIAGNOSTIC_SETTINGS = "microsoft.aadiam/diagnosticSettings" - MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES_SHARED_KEYS = "Microsoft.OperationalInsights/workspaces/sharedKeys" - MICROSOFT_AUTHORIZATION_POLICY_ASSIGNMENTS = "Microsoft.Authorization/policyAssignments" + """The incident owner type is an AAD group""" class RegistryHive(str, Enum, metaclass=CaseInsensitiveEnumMeta): """the hive that holds the registry key.""" - #: HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" - #: HKEY_CLASSES_ROOT + """HKEY_LOCAL_MACHINE""" HKEY_CLASSES_ROOT = "HKEY_CLASSES_ROOT" - #: HKEY_CURRENT_CONFIG + """HKEY_CLASSES_ROOT""" HKEY_CURRENT_CONFIG = "HKEY_CURRENT_CONFIG" - #: HKEY_USERS + """HKEY_CURRENT_CONFIG""" HKEY_USERS = "HKEY_USERS" - #: HKEY_CURRENT_USER_LOCAL_SETTINGS + """HKEY_USERS""" HKEY_CURRENT_USER_LOCAL_SETTINGS = "HKEY_CURRENT_USER_LOCAL_SETTINGS" - #: HKEY_PERFORMANCE_DATA + """HKEY_CURRENT_USER_LOCAL_SETTINGS""" HKEY_PERFORMANCE_DATA = "HKEY_PERFORMANCE_DATA" - #: HKEY_PERFORMANCE_NLSTEXT + """HKEY_PERFORMANCE_DATA""" HKEY_PERFORMANCE_NLSTEXT = "HKEY_PERFORMANCE_NLSTEXT" - #: HKEY_PERFORMANCE_TEXT + """HKEY_PERFORMANCE_NLSTEXT""" HKEY_PERFORMANCE_TEXT = "HKEY_PERFORMANCE_TEXT" - #: HKEY_A + """HKEY_PERFORMANCE_TEXT""" HKEY_A = "HKEY_A" - #: HKEY_CURRENT_USER + """HKEY_A""" HKEY_CURRENT_USER = "HKEY_CURRENT_USER" + """HKEY_CURRENT_USER""" class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1161,29 +738,22 @@ class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): type of a value in the registry. """ - #: None NONE = "None" - #: Unknown value type + """None""" UNKNOWN = "Unknown" - #: String value type + """Unknown value type""" STRING = "String" - #: ExpandString value type + """String value type""" EXPAND_STRING = "ExpandString" - #: Binary value type + """ExpandString value type""" BINARY = "Binary" - #: DWord value type + """Binary value type""" D_WORD = "DWord" - #: MultiString value type + """DWord value type""" MULTI_STRING = "MultiString" - #: QWord value type + """MultiString value type""" Q_WORD = "QWord" - - -class RepoType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of repository.""" - - GITHUB = "Github" - DEV_OPS = "DevOps" + """QWord value type""" class SecurityMLAnalyticsSettingsKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1192,90 +762,41 @@ class SecurityMLAnalyticsSettingsKind(str, Enum, metaclass=CaseInsensitiveEnumMe ANOMALY = "Anomaly" -class SettingKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the setting.""" - - ANOMALIES = "Anomalies" - EYES_ON = "EyesOn" - ENTITY_ANALYTICS = "EntityAnalytics" - UEBA = "Ueba" - - class SettingsStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The anomaly SecurityMLAnalyticsSettings status.""" - #: Anomaly settings status in Production mode PRODUCTION = "Production" - #: Anomaly settings status in Flighting mode + """Anomaly settings status in Production mode""" FLIGHTING = "Flighting" + """Anomaly settings status in Flighting mode""" -class SettingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the setting.""" - - COPYABLE_LABEL = "CopyableLabel" - INSTRUCTION_STEPS_GROUP = "InstructionStepsGroup" - INFO_MESSAGE = "InfoMessage" - - -class SourceKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Source type of the content.""" - - LOCAL_WORKSPACE = "LocalWorkspace" - COMMUNITY = "Community" - SOLUTION = "Solution" - SOURCE_REPOSITORY = "SourceRepository" - - -class SourceType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The sourceType of the watchlist.""" +class Source(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The source of the watchlist.""" LOCAL_FILE = "Local file" REMOTE_STORAGE = "Remote storage" -class State(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """State of recommendation.""" - - #: Recommendation is active. - ACTIVE = "Active" - #: Recommendation is disabled. - DISABLED = "Disabled" - #: Recommendation has been completed by user. - COMPLETED_BY_USER = "CompletedByUser" - #: Recommendation has been completed by action. - COMPLETED_BY_ACTION = "CompletedByAction" - #: Recommendation is hidden. - HIDDEN = "Hidden" - - -class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Type of support for content item.""" - - MICROSOFT = "Microsoft" - PARTNER = "Partner" - COMMUNITY = "Community" - - class TemplateStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The alert rule template status.""" - #: Alert rule template installed. and can not use more then once INSTALLED = "Installed" - #: Alert rule template is available. + """Alert rule template installed. and can not use more then once""" AVAILABLE = "Available" - #: Alert rule template is not available + """Alert rule template is available.""" NOT_AVAILABLE = "NotAvailable" + """Alert rule template is not available""" -class ThreatIntelligenceResourceKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceResourceInnerKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the threat intelligence entity.""" - #: Entity represents threat intelligence indicator in the system. INDICATOR = "indicator" + """Entity represents threat intelligence indicator in the system.""" -class ThreatIntelligenceSortingCriteriaEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceSortingOrder(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Sorting order (ascending/descending/unsorted).""" UNSORTED = "unsorted" @@ -1295,32 +816,16 @@ class TriggerOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): class TriggersOn(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersOn.""" - #: Trigger on Incidents INCIDENTS = "Incidents" - #: Trigger on Alerts + """Trigger on Incidents""" ALERTS = "Alerts" + """Trigger on Alerts""" class TriggersWhen(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersWhen.""" - #: Trigger on created objects CREATED = "Created" - #: Trigger on updated objects + """Trigger on created objects""" UPDATED = "Updated" - - -class UebaDataSources(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The data source that enriched by ueba.""" - - AUDIT_LOGS = "AuditLogs" - AZURE_ACTIVITY = "AzureActivity" - SECURITY_EVENT = "SecurityEvent" - SIGNIN_LOGS = "SigninLogs" - - -class Version(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The version of the source control.""" - - V1 = "V1" - V2 = "V2" + """Trigger on updated objects""" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 802d895ef601..792af61f8f53 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -10,39 +10,18 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations -from ._incidents_operations import IncidentsOperations from ._bookmarks_operations import BookmarksOperations -from ._bookmark_relations_operations import BookmarkRelationsOperations -from ._bookmark_operations import BookmarkOperations -from ._ip_geodata_operations import IPGeodataOperations -from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations -from ._entities_get_timeline_operations import EntitiesGetTimelineOperations -from ._entities_relations_operations import EntitiesRelationsOperations -from ._entity_relations_operations import EntityRelationsOperations -from ._entity_queries_operations import EntityQueriesOperations -from ._entity_query_templates_operations import EntityQueryTemplatesOperations -from ._file_imports_operations import FileImportsOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._incidents_operations import IncidentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations -from ._incident_tasks_operations import IncidentTasksOperations -from ._metadata_operations import MetadataOperations -from ._office_consents_operations import OfficeConsentsOperations from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations -from ._get_recommendations_operations import GetRecommendationsOperations -from ._get_operations import GetOperations -from ._update_operations import UpdateOperations from ._security_ml_analytics_settings_operations import SecurityMLAnalyticsSettingsOperations -from ._product_settings_operations import ProductSettingsOperations -from ._source_control_operations import SourceControlOperations -from ._source_controls_operations import SourceControlsOperations from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations -from ._data_connectors_operations import DataConnectorsOperations -from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations from ._patch import __all__ as _patch_all @@ -54,39 +33,18 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", - "IncidentsOperations", "BookmarksOperations", - "BookmarkRelationsOperations", - "BookmarkOperations", - "IPGeodataOperations", - "DomainWhoisOperations", - "EntitiesOperations", - "EntitiesGetTimelineOperations", - "EntitiesRelationsOperations", - "EntityRelationsOperations", - "EntityQueriesOperations", - "EntityQueryTemplatesOperations", - "FileImportsOperations", + "DataConnectorsOperations", + "IncidentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", - "IncidentTasksOperations", - "MetadataOperations", - "OfficeConsentsOperations", "SentinelOnboardingStatesOperations", - "GetRecommendationsOperations", - "GetOperations", - "UpdateOperations", "SecurityMLAnalyticsSettingsOperations", - "ProductSettingsOperations", - "SourceControlOperations", - "SourceControlsOperations", "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", "WatchlistsOperations", "WatchlistItemsOperations", - "DataConnectorsOperations", - "DataConnectorsCheckRequirementsOperations", "Operations", ] __all__.extend([p for p in _patch_all if p not in __all__]) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py index a26c034dbc69..88daa11fc95d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py @@ -47,9 +47,7 @@ def build_list_by_alert_rule_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -90,9 +88,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -134,9 +130,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -181,9 +175,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -259,7 +251,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) @@ -364,7 +356,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) @@ -514,7 +506,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -601,7 +593,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py index 938d7e565001..e17b5396c9bf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py @@ -47,9 +47,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -89,9 +87,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -164,7 +160,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) @@ -266,7 +262,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py index 911942febd7a..211105891cf1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py @@ -47,9 +47,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -89,9 +87,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -132,9 +128,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -178,9 +172,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -251,7 +243,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) @@ -351,7 +343,7 @@ def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwa _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) @@ -491,7 +483,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -575,7 +567,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py index bb9e386f6773..a655dbee8889 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py @@ -52,9 +52,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -95,9 +93,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -141,9 +137,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -184,9 +178,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -268,7 +260,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) @@ -409,7 +401,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -494,7 +486,7 @@ def delete(self, resource_group_name: str, workspace_name: str, automation_rule_ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[JSON] = kwargs.pop("cls", None) @@ -554,7 +546,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py deleted file mode 100644 index 493b78b645ee..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py +++ /dev/null @@ -1,260 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_expand_request( - resource_group_name: str, workspace_name: str, bookmark_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -class BookmarkOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`bookmark` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: _models.BookmarkExpandParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Required. - :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def expand( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - parameters: Union[_models.BookmarkExpandParameters, IO], - **kwargs: Any - ) -> _models.BookmarkExpandResponse: - """Expand an bookmark. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: BookmarkExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "BookmarkExpandParameters") - - request = build_expand_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.expand.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("BookmarkExpandResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - expand.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py deleted file mode 100644 index ea17c2058589..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py +++ /dev/null @@ -1,694 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - subscription_id: str, - *, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - if filter is not None: - _params["$filter"] = _SERIALIZER.query("filter", filter, "str") - if orderby is not None: - _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") - if top is not None: - _params["$top"] = _SERIALIZER.query("top", top, "int") - if skip_token is not None: - _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), - "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_or_update_request( - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), - "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), - "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -class BookmarkRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`bookmark_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> Iterable["_models.Relation"]: - """Gets all bookmark relations. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Relation or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Relation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("RelationList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any - ) -> _models.Relation: - """Gets a bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: _models.Relation, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Required. - :type relation: ~azure.mgmt.securityinsight.models.Relation - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Required. - :type relation: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - relation_name: str, - relation: Union[_models.Relation, IO], - **kwargs: Any - ) -> _models.Relation: - """Creates the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. - :type relation: ~azure.mgmt.securityinsight.models.Relation or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(relation, (IO, bytes)): - _content = relation - else: - _json = self._serialize.body(relation, "Relation") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("Relation", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any - ) -> None: - """Delete the bookmark relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param bookmark_id: Bookmark ID. Required. - :type bookmark_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py index 3f7b2f8ad3de..425bce38607a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py @@ -47,9 +47,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -89,9 +87,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -132,9 +128,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -178,9 +172,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -251,7 +243,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) @@ -351,7 +343,7 @@ def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) @@ -491,7 +483,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -575,7 +567,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py deleted file mode 100644 index a443aede96d7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py +++ /dev/null @@ -1,251 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_post_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -class DataConnectorsCheckRequirementsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`data_connectors_check_requirements` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: _models.DataConnectorsCheckRequirements, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. - Required. - :type data_connectors_check_requirements: - ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. - Required. - :type data_connectors_check_requirements: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def post( - self, - resource_group_name: str, - workspace_name: str, - data_connectors_check_requirements: Union[_models.DataConnectorsCheckRequirements, IO], - **kwargs: Any - ) -> _models.DataConnectorRequirementsState: - """Get requirements state for a data connector type. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. - :type data_connectors_check_requirements: - ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnectorRequirementsState or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): - _content = data_connectors_check_requirements - else: - _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") - - request = build_post_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.post.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("DataConnectorRequirementsState", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - post.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py index d0adeeadb0c8..bf47d8dcecd4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py @@ -47,9 +47,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -89,9 +87,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -132,9 +128,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -178,9 +172,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -215,95 +207,6 @@ def build_delete_request( return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) -def build_connect_request( - resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_disconnect_request( - resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - class DataConnectorsOperations: """ .. warning:: @@ -340,7 +243,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) @@ -442,7 +345,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) @@ -582,7 +485,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -666,7 +569,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -700,215 +603,3 @@ def delete( # pylint: disable=inconsistent-return-statements delete.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}" } - - @overload - def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: _models.DataConnectorConnectBody, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Required. - :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Required. - :type connect_body: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def connect( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - connect_body: Union[_models.DataConnectorConnectBody, IO], - **kwargs: Any - ) -> None: - """Connects a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. - :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[None] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(connect_body, (IO, bytes)): - _content = connect_body - else: - _json = self._serialize.body(connect_body, "DataConnectorConnectBody") - - request = build_connect_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - data_connector_id=data_connector_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.connect.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - connect.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect" - } - - @distributed_trace - def disconnect( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any - ) -> None: - """Disconnect a data connector. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param data_connector_id: Connector ID. Required. - :type data_connector_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_disconnect_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - data_connector_id=data_connector_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.disconnect.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - disconnect.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py deleted file mode 100644 index ce39a050336d..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py +++ /dev/null @@ -1,155 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_get_request(resource_group_name: str, subscription_id: str, *, domain: str, **kwargs: Any) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - _params["domain"] = _SERIALIZER.query("domain", domain, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class DomainWhoisOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`domain_whois` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.EnrichmentDomainWhois: - """Get whois information for a single domain name. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param domain: Domain name to be enriched. Required. - :type domain: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EnrichmentDomainWhois or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhois - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - subscription_id=self._config.subscription_id, - domain=domain, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EnrichmentDomainWhois", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py deleted file mode 100644 index 0cdd1ffdd887..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py +++ /dev/null @@ -1,260 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntitiesGetTimelineOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entities_get_timeline` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @overload - def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityTimelineParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityTimelineParameters, IO], - **kwargs: Any - ) -> _models.EntityTimelineResponse: - """Timeline for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityTimelineResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityTimelineParameters") - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityTimelineResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py deleted file mode 100644 index 7a25ea360d46..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py +++ /dev/null @@ -1,828 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_expand_request( - resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_queries_request( - resource_group_name: str, - workspace_name: str, - entity_id: str, - subscription_id: str, - *, - kind: Union[str, _models.EntityItemQueryKind], - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - _params["kind"] = _SERIALIZER.query("kind", kind, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_insights_request( - resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntitiesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entities` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.Entity"]: - """Gets all entities. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Entity or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Entity] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("EntityList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities" - } - - @distributed_trace - def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **kwargs: Any) -> _models.Entity: - """Gets an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Entity or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Entity - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Entity] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Entity", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}" - } - - @overload - def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityExpandParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def expand( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityExpandParameters, IO], - **kwargs: Any - ) -> _models.EntityExpandResponse: - """Expands an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityExpandResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityExpandParameters") - - request = build_expand_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.expand.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityExpandResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - expand.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand" - } - - @distributed_trace - def queries( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - kind: Union[str, _models.EntityItemQueryKind], - **kwargs: Any - ) -> _models.GetQueriesResponse: - """Get Insights and Activities for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param kind: The Kind parameter for queries. "Insight" Required. - :type kind: str or ~azure.mgmt.securityinsight.models.EntityItemQueryKind - :keyword callable cls: A custom type or function that will be passed the direct response - :return: GetQueriesResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.GetQueriesResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) - - request = build_queries_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.queries.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("GetQueriesResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - queries.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries" - } - - @overload - def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: _models.EntityGetInsightsParameters, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Required. - :type parameters: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def get_insights( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - parameters: Union[_models.EntityGetInsightsParameters, IO], - **kwargs: Any - ) -> _models.EntityGetInsightsResponse: - """Execute Insights for an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. - :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityGetInsightsResponse or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(parameters, (IO, bytes)): - _content = parameters - else: - _json = self._serialize.body(parameters, "EntityGetInsightsParameters") - - request = build_get_insights_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.get_insights.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityGetInsightsResponse", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get_insights.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py deleted file mode 100644 index e160a77e83f7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py +++ /dev/null @@ -1,240 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - entity_id: str, - subscription_id: str, - *, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - if filter is not None: - _params["$filter"] = _SERIALIZER.query("filter", filter, "str") - if orderby is not None: - _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") - if top is not None: - _params["$top"] = _SERIALIZER.query("top", top, "int") - if skip_token is not None: - _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntitiesRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entities_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - entity_id: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> Iterable["_models.Relation"]: - """Gets all relations of an entity. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Relation or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Relation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("RelationList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py deleted file mode 100644 index 89f9d636c466..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py +++ /dev/null @@ -1,631 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - kind: Optional[Union[str, _models.Enum13]] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - if kind is not None: - _params["kind"] = _SERIALIZER.query("kind", kind, "str") - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_or_update_request( - resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntityQueriesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entity_queries` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, - **kwargs: Any - ) -> Iterable["_models.EntityQuery"]: - """Gets all entity queries. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and - "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either EntityQuery or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("EntityQueryList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any - ) -> _models.EntityQuery: - """Gets an entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: _models.CustomEntityQuery, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Required. - :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Required. - :type entity_query: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - entity_query_id: str, - entity_query: Union[_models.CustomEntityQuery, IO], - **kwargs: Any - ) -> _models.EntityQuery: - """Creates or updates the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. - :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQuery or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQuery - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(entity_query, (IO, bytes)): - _content = entity_query - else: - _json = self._serialize.body(entity_query, "CustomEntityQuery") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("EntityQuery", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any - ) -> None: - """Delete the entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_id: entity query ID. Required. - :type entity_query_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_id=entity_query_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py deleted file mode 100644 index cd961f94a317..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py +++ /dev/null @@ -1,320 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - kind: Optional[Union[str, _models.Enum15]] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - if kind is not None: - _params["kind"] = _SERIALIZER.query("kind", kind, "str") - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, entity_query_template_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityQueryTemplateId": _SERIALIZER.url("entity_query_template_id", entity_query_template_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntityQueryTemplatesOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entity_query_templates` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, - **kwargs: Any - ) -> Iterable["_models.EntityQueryTemplate"]: - """Gets all entity query templates. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - kind=kind, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("EntityQueryTemplateList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, entity_query_template_id: str, **kwargs: Any - ) -> _models.EntityQueryTemplate: - """Gets an entity query. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_query_template_id: entity query template ID. Required. - :type entity_query_template_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EntityQueryTemplate or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EntityQueryTemplate - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_query_template_id=entity_query_template_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EntityQueryTemplate", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py deleted file mode 100644 index 676e478cc9d2..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py +++ /dev/null @@ -1,179 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_get_relation_request( - resource_group_name: str, - workspace_name: str, - entity_id: str, - relation_name: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), - "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class EntityRelationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`entity_relations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def get_relation( - self, resource_group_name: str, workspace_name: str, entity_id: str, relation_name: str, **kwargs: Any - ) -> _models.Relation: - """Gets an entity relation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param entity_id: entity ID. Required. - :type entity_id: str - :param relation_name: Relation Name. Required. - :type relation_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Relation] = kwargs.pop("cls", None) - - request = build_get_relation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - entity_id=entity_id, - relation_name=relation_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get_relation.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Relation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get_relation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py deleted file mode 100644 index 156bf96f7654..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py +++ /dev/null @@ -1,718 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, cast, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.polling import LROPoller, NoPolling, PollingMethod -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat -from azure.mgmt.core.polling.arm_polling import ARMPolling - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - if filter is not None: - _params["$filter"] = _SERIALIZER.query("filter", filter, "str") - if orderby is not None: - _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") - if top is not None: - _params["$top"] = _SERIALIZER.query("top", top, "int") - if skip_token is not None: - _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_request( - resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -class FileImportsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`file_imports` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> Iterable["_models.FileImport"]: - """Gets all file imports. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If - a previous response contains a nextLink element, the value of the nextLink element will include - a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. - Default value is None. - :type skip_token: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either FileImport or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.FileImport] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("FileImportList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> _models.FileImport: - """Gets a file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: _models.FileImport, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Required. - :type file_import: ~azure.mgmt.securityinsight.models.FileImport - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Required. - :type file_import: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create( - self, - resource_group_name: str, - workspace_name: str, - file_import_id: str, - file_import: Union[_models.FileImport, IO], - **kwargs: Any - ) -> _models.FileImport: - """Creates the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. - :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: FileImport or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.FileImport - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(file_import, (IO, bytes)): - _content = file_import - else: - _json = self._serialize.body(file_import, "FileImport") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - def _delete_initial( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> Optional[_models.FileImport]: - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self._delete_initial.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [202, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = None - if response.status_code == 202: - deserialized = self._deserialize("FileImport", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - _delete_initial.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } - - @distributed_trace - def begin_delete( - self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any - ) -> LROPoller[_models.FileImport]: - """Delete the file import. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param file_import_id: File import ID. Required. - :type file_import_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this - operation to not poll, or pass in your own initialized polling object for a personal polling - strategy. - :paramtype polling: bool or ~azure.core.polling.PollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of LROPoller that returns either FileImport or the result of cls(response) - :rtype: ~azure.core.polling.LROPoller[~azure.mgmt.securityinsight.models.FileImport] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) - polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) - lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) - cont_token: Optional[str] = kwargs.pop("continuation_token", None) - if cont_token is None: - raw_result = self._delete_initial( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - file_import_id=file_import_id, - api_version=api_version, - cls=lambda x, y, z: x, - headers=_headers, - params=_params, - **kwargs - ) - kwargs.pop("error_map", None) - - def get_long_running_output(pipeline_response): - deserialized = self._deserialize("FileImport", pipeline_response) - if cls: - return cls(pipeline_response, deserialized, {}) - return deserialized - - if polling is True: - polling_method: PollingMethod = cast( - PollingMethod, ARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) - ) - elif polling is False: - polling_method = cast(PollingMethod, NoPolling()) - else: - polling_method = polling - if cont_token: - return LROPoller.from_continuation_token( - polling_method=polling_method, - continuation_token=cont_token, - client=self._client, - deserialization_callback=get_long_running_output, - ) - return LROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore - - begin_delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py deleted file mode 100644 index 8d495ea329ef..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py +++ /dev/null @@ -1,170 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_single_recommendation_request( - resource_group_name: str, workspace_name: str, recommendation_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class GetOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`get` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def single_recommendation( - self, resource_group_name: str, workspace_name: str, recommendation_id: str, **kwargs: Any - ) -> _models.Recommendation: - """Gets a recommendation by its id. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Recommendation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Recommendation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - - request = build_single_recommendation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.single_recommendation.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Recommendation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - single_recommendation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py deleted file mode 100644 index a6e5f145a99f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py +++ /dev/null @@ -1,164 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class GetRecommendationsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`get_recommendations` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.RecommendationList: - """Gets a list of all recommendations. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: RecommendationList or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.RecommendationList - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("RecommendationList", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py index 8b63ffbf0831..0c9203e6aff3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py @@ -56,9 +56,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -112,9 +110,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -161,9 +157,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -213,9 +207,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -282,7 +274,7 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> Iterable["_models.IncidentComment"]: - """Gets all incident comments. + """Gets all comments for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -311,7 +303,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) @@ -393,7 +385,7 @@ def get_next(next_link=None): def get( self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> _models.IncidentComment: - """Gets an incident comment. + """Gets a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -420,7 +412,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) @@ -472,7 +464,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -506,7 +498,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -538,7 +530,7 @@ def create_or_update( incident_comment: Union[_models.IncidentComment, IO], **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates the incident comment. + """Creates or updates a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -570,7 +562,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -630,7 +622,7 @@ def create_or_update( def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> None: - """Delete the incident comment. + """Deletes a comment for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -657,7 +649,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py index 4c9164691097..88363c15be92 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py @@ -56,9 +56,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -112,9 +110,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -161,9 +157,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -213,9 +207,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -282,7 +274,7 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> Iterable["_models.Relation"]: - """Gets all incident relations. + """Gets all relations for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -311,7 +303,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) @@ -393,7 +385,7 @@ def get_next(next_link=None): def get( self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> _models.Relation: - """Gets an incident relation. + """Gets a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -420,7 +412,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) @@ -472,7 +464,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -506,7 +498,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -538,7 +530,7 @@ def create_or_update( relation: Union[_models.Relation, IO], **kwargs: Any ) -> _models.Relation: - """Creates or updates the incident relation. + """Creates or updates a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -570,7 +562,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -630,7 +622,7 @@ def create_or_update( def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> None: - """Delete the incident relation. + """Deletes a relation for a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -657,7 +649,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py deleted file mode 100644 index 95ff858a910f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py +++ /dev/null @@ -1,653 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), - "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_or_update_request( - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), - "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - subscription_id: str, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), - "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -class IncidentTasksOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`incident_tasks` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any - ) -> Iterable["_models.IncidentTask"]: - """Gets all incident tasks. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentTask or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.IncidentTask] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("IncidentTaskList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, incident_id: str, incident_task_id: str, **kwargs: Any - ) -> _models.IncidentTask: - """Gets an incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: _models.IncidentTask, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Required. - :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Required. - :type incident_task: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_task_id: str, - incident_task: Union[_models.IncidentTask, IO], - **kwargs: Any - ) -> _models.IncidentTask: - """Creates or updates the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. - :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentTask or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.IncidentTask - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(incident_task, (IO, bytes)): - _content = incident_task - else: - _json = self._serialize.body(incident_task, "IncidentTask") - - request = build_create_or_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_or_update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("IncidentTask", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create_or_update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, incident_id: str, incident_task_id: str, **kwargs: Any - ) -> None: - """Delete the incident task. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param incident_task_id: Incident task ID. Required. - :type incident_task_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - incident_task_id=incident_task_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py index fcbe3e15a34c..2775d5a8d80e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py @@ -30,15 +30,10 @@ from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -if sys.version_info >= (3, 9): - from collections.abc import MutableMapping -else: - from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports if sys.version_info >= (3, 8): from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports else: from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -46,52 +41,6 @@ _SERIALIZER.client_side_validation = False -def build_run_playbook_request( - resource_group_name: str, workspace_name: str, incident_identifier: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentIdentifier": _SERIALIZER.url("incident_identifier", incident_identifier, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - def build_list_request( resource_group_name: str, workspace_name: str, @@ -106,9 +55,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -156,9 +103,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -199,9 +144,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -245,9 +188,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -282,61 +223,13 @@ def build_delete_request( return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) -def build_create_team_request( - resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - - def build_list_alerts_request( resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -377,9 +270,7 @@ def build_list_bookmarks_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -420,9 +311,7 @@ def build_list_entities_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -476,161 +365,6 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @overload - def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[_models.ManualTriggerRequestBody] = None, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Default value is None. - :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[IO] = None, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Default value is None. - :type request_body: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def run_playbook( - self, - resource_group_name: str, - workspace_name: str, - incident_identifier: str, - request_body: Optional[Union[_models.ManualTriggerRequestBody, IO]] = None, - **kwargs: Any - ) -> JSON: - """Triggers playbook on a specific incident. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_identifier: Required. - :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. - :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: JSON or the result of cls(response) - :rtype: JSON - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[JSON] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(request_body, (IO, bytes)): - _content = request_body - else: - if request_body is not None: - _json = self._serialize.body(request_body, "ManualTriggerRequestBody") - else: - _json = None - - request = build_run_playbook_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_identifier=incident_identifier, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.run_playbook.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("object", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - run_playbook.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook" - } - @distributed_trace def list( self, @@ -669,7 +403,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) @@ -748,7 +482,7 @@ def get_next(next_link=None): @distributed_trace def get(self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any) -> _models.Incident: - """Gets an incident. + """Gets a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -773,7 +507,7 @@ def get(self, resource_group_name: str, workspace_name: str, incident_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) @@ -823,7 +557,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -854,7 +588,7 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -883,7 +617,7 @@ def create_or_update( incident: Union[_models.Incident, IO], **kwargs: Any ) -> _models.Incident: - """Creates or updates the incident. + """Creates or updates an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -913,7 +647,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -972,7 +706,7 @@ def create_or_update( def delete( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> None: - """Delete the incident. + """Deletes a given incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -997,7 +731,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -1032,166 +766,11 @@ def delete( # pylint: disable=inconsistent-return-statements "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}" } - @overload - def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: _models.TeamInformation, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Required. - :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Required. - :type team_properties: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create_team( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - team_properties: Union[_models.TeamInformation, IO], - **kwargs: Any - ) -> _models.TeamInformation: - """Creates a Microsoft team to investigate the incident by sharing information and insights - between participants. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param incident_id: Incident ID. Required. - :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. - :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: TeamInformation or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.TeamInformation - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(team_properties, (IO, bytes)): - _content = team_properties - else: - _json = self._serialize.body(team_properties, "TeamInformation") - - request = build_create_team_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create_team.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("TeamInformation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - create_team.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam" - } - @distributed_trace def list_alerts( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentAlertList: - """Gets all incident alerts. + """Gets all alerts for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -1216,7 +795,7 @@ def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) @@ -1259,7 +838,7 @@ def list_alerts( def list_bookmarks( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentBookmarkList: - """Gets all incident bookmarks. + """Gets all bookmarks for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -1284,7 +863,7 @@ def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) @@ -1327,7 +906,7 @@ def list_bookmarks( def list_entities( self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentEntitiesResponse: - """Gets all incident related entities. + """Gets all entities for an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -1352,7 +931,7 @@ def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py deleted file mode 100644 index 89c8e309e108..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py +++ /dev/null @@ -1,155 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_get_request(resource_group_name: str, subscription_id: str, *, ip_address: str, **kwargs: Any) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - _params["ipAddress"] = _SERIALIZER.query("ip_address", ip_address, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -class IPGeodataOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`ip_geodata` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _models.EnrichmentIpGeodata: - """Get geodata for a single IP address. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param ip_address: IP address (v4 or v6) to be enriched. Required. - :type ip_address: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: EnrichmentIpGeodata or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.EnrichmentIpGeodata - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - subscription_id=self._config.subscription_id, - ip_address=ip_address, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("EnrichmentIpGeodata", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py deleted file mode 100644 index 532bea1e8db1..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py +++ /dev/null @@ -1,850 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip: Optional[int] = None, - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - if filter is not None: - _params["$filter"] = _SERIALIZER.query("filter", filter, "str") - if orderby is not None: - _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") - if top is not None: - _params["$top"] = _SERIALIZER.query("top", top, "int") - if skip is not None: - _params["$skip"] = _SERIALIZER.query("skip", skip, "int") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_request( - resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_update_request( - resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PATCH", url=_url, params=_params, headers=_headers, **kwargs) - - -class MetadataOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`metadata` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - filter: Optional[str] = None, - orderby: Optional[str] = None, - top: Optional[int] = None, - skip: Optional[int] = None, - **kwargs: Any - ) -> Iterable["_models.MetadataModel"]: - """List of all metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param filter: Filters the results, based on a Boolean condition. Optional. Default value is - None. - :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str - :param top: Returns only the first n results. Optional. Default value is None. - :type top: int - :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the - next page of results if there are any left. Default value is None. - :type skip: int - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either MetadataModel or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.MetadataModel] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - filter=filter, - orderby=orderby, - top=top, - skip=skip, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("MetadataList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any - ) -> _models.MetadataModel: - """Get a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any - ) -> None: - """Delete a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: _models.MetadataModel, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Required. - :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Required. - :type metadata: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata: Union[_models.MetadataModel, IO], - **kwargs: Any - ) -> _models.MetadataModel: - """Create a Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. - :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(metadata, (IO, bytes)): - _content = metadata - else: - _json = self._serialize.body(metadata, "MetadataModel") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } - - @overload - def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: _models.MetadataPatch, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Required. - :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Required. - :type metadata_patch: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def update( - self, - resource_group_name: str, - workspace_name: str, - metadata_name: str, - metadata_patch: Union[_models.MetadataPatch, IO], - **kwargs: Any - ) -> _models.MetadataModel: - """Update an existing Metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param metadata_name: The Metadata name. Required. - :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. - :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: MetadataModel or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.MetadataModel - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(metadata_patch, (IO, bytes)): - _content = metadata_patch - else: - _json = self._serialize.body(metadata_patch, "MetadataPatch") - - request = build_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - metadata_name=metadata_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("MetadataModel", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py deleted file mode 100644 index 6c185d8b07ac..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py +++ /dev/null @@ -1,411 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, consent_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, consent_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -class OfficeConsentsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`office_consents` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.OfficeConsent"]: - """Gets all office365 consents. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either OfficeConsent or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.OfficeConsent] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("OfficeConsentList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any - ) -> _models.OfficeConsent: - """Gets an office365 consent. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param consent_id: consent ID. Required. - :type consent_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: OfficeConsent or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.OfficeConsent - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - consent_id=consent_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("OfficeConsent", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any - ) -> None: - """Delete the office365 consent. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param consent_id: consent ID. Required. - :type consent_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - consent_id=consent_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py index e74ff2e56de3..d1338ca3139e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py @@ -45,9 +45,7 @@ def build_list_request(**kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -93,7 +91,7 @@ def list(self, **kwargs: Any) -> Iterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py deleted file mode 100644 index 86def718fd40..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py +++ /dev/null @@ -1,583 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_update_request( - resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -class ProductSettingsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`product_settings` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.SettingList: - """List of all the settings. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SettingList or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SettingList - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("SettingList", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings" - } - - @distributed_trace - def get(self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any) -> _models.Settings: - """Gets a setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.Settings] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Settings", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any - ) -> None: - """Delete setting of the product. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } - - @overload - def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: _models.Settings, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Required. - :type settings: ~azure.mgmt.securityinsight.models.Settings - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Required. - :type settings: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def update( - self, - resource_group_name: str, - workspace_name: str, - settings_name: str, - settings: Union[_models.Settings, IO], - **kwargs: Any - ) -> _models.Settings: - """Updates setting. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. - Required. - :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. - :type settings: ~azure.mgmt.securityinsight.models.Settings or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: Settings or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.Settings - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Settings] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(settings, (IO, bytes)): - _content = settings - else: - _json = self._serialize.body(settings, "Settings") - - request = build_update_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - settings_name=settings_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.update.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Settings", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - update.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py index 67f7732a0682..ce90306e402a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py @@ -47,9 +47,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -89,9 +87,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -132,9 +128,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -178,9 +172,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -255,7 +247,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) @@ -357,7 +349,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) @@ -500,7 +492,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -584,7 +576,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py index dede32ea1345..28f1ef646870 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py @@ -49,9 +49,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -98,9 +96,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -150,9 +146,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -195,9 +189,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -280,7 +272,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) @@ -428,7 +420,7 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -516,7 +508,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -578,7 +570,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py deleted file mode 100644 index 4a4957b10d8d..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py +++ /dev/null @@ -1,209 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_repositories_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - json: Union[str, _models.RepoType], - **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, json=json, **kwargs) - - -class SourceControlOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`source_control` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list_repositories( - self, resource_group_name: str, workspace_name: str, repo_type: Union[str, _models.RepoType], **kwargs: Any - ) -> Iterable["_models.Repo"]: - """Gets a list of repositories metadata. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. - :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either Repo or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Repo] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) - cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - _json = self._serialize.body(repo_type, "str") - - request = build_list_repositories_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - template_url=self.list_repositories.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("RepoList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list_repositories.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py deleted file mode 100644 index e4f8c1291dc3..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py +++ /dev/null @@ -1,613 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload -import urllib.parse - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_list_request( - resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_get_request( - resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_delete_request( - resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - - -def build_create_request( - resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) - - -class SourceControlsOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`source_controls` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace - def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.SourceControl"]: - """Gets all source controls, without source control items. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either SourceControl or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.SourceControl] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) - - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - def prepare_request(next_link=None): - if not next_link: - - request = build_list_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.list.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - else: - # make call to next link with the client's api-version - _parsed_next_link = urllib.parse.urlparse(next_link) - _next_request_params = case_insensitive_dict( - { - key: [urllib.parse.quote(v) for v in value] - for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() - } - ) - _next_request_params["api-version"] = self._config.api_version - request = HttpRequest( - "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - request.method = "GET" - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize("SourceControlList", pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) # type: ignore - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged(get_next, extract_data) - - list.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols" - } - - @distributed_trace - def get( - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> _models.SourceControl: - """Gets a source control byt its identifier. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - - request = build_get_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.get.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("SourceControl", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - get.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } - - @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = kwargs.pop("headers", {}) or {} - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) - - request = build_delete_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - template_url=self.delete.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: _models.SourceControl, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def create( - self, - resource_group_name: str, - workspace_name: str, - source_control_id: str, - source_control: Union[_models.SourceControl, IO], - **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param source_control_id: Source control Id. Required. - :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl - :raises ~azure.core.exceptions.HttpResponseError: - """ - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control - else: - _json = self._serialize.body(source_control, "SourceControl") - - request = build_create_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - source_control_id=source_control_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self.create.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore - - return deserialized # type: ignore - - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py index 282e791e6ca8..805f15791cb5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py @@ -45,9 +45,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -127,7 +125,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py index 6800898f0f65..e3b009d0bdbb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py @@ -47,9 +47,7 @@ def build_create_indicator_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -92,9 +90,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -135,9 +131,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -181,9 +175,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -224,9 +216,7 @@ def build_query_indicators_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -269,9 +259,7 @@ def build_append_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -315,9 +303,7 @@ def build_replace_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -471,7 +457,7 @@ def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -554,7 +540,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) @@ -699,7 +685,7 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -783,7 +769,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -913,7 +899,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -1103,7 +1089,7 @@ def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -1256,7 +1242,7 @@ def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py index 8353884e05ce..1ef54d78d0fd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py @@ -47,17 +47,15 @@ def build_list_request( subscription_id: str, *, filter: Optional[str] = None, - orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, + orderby: Optional[str] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -86,12 +84,12 @@ def build_list_request( _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if filter is not None: _params["$filter"] = _SERIALIZER.query("filter", filter, "str") - if orderby is not None: - _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") if top is not None: _params["$top"] = _SERIALIZER.query("top", top, "int") if skip_token is not None: _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") # Construct headers _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") @@ -124,9 +122,9 @@ def list( resource_group_name: str, workspace_name: str, filter: Optional[str] = None, - orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, + orderby: Optional[str] = None, **kwargs: Any ) -> Iterable["_models.ThreatIntelligenceInformation"]: """Get all threat intelligence indicators. @@ -139,8 +137,6 @@ def list( :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. :type filter: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str :param top: Returns only the first n results. Optional. Default value is None. :type top: int :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If @@ -148,6 +144,8 @@ def list( a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. Default value is None. :type skip_token: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) @@ -158,7 +156,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -179,9 +177,9 @@ def prepare_request(next_link=None): workspace_name=workspace_name, subscription_id=self._config.subscription_id, filter=filter, - orderby=orderby, top=top, skip_token=skip_token, + orderby=orderby, api_version=api_version, template_url=self.list.metadata["url"], headers=_headers, diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py deleted file mode 100644 index b35219b0a81e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py +++ /dev/null @@ -1,343 +0,0 @@ -# pylint: disable=too-many-lines -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload - -from azure.core.exceptions import ( - ClientAuthenticationError, - HttpResponseError, - ResourceExistsError, - ResourceNotFoundError, - ResourceNotModifiedError, - map_error, -) -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpResponse -from azure.core.polling import LROPoller, NoPolling, PollingMethod -from azure.core.rest import HttpRequest -from azure.core.tracing.decorator import distributed_trace -from azure.core.utils import case_insensitive_dict -from azure.mgmt.core.exceptions import ARMErrorFormat -from azure.mgmt.core.polling.arm_polling import ARMPolling - -from .. import models as _models -from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section - -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports -T = TypeVar("T") -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -_SERIALIZER = Serializer() -_SERIALIZER.client_side_validation = False - - -def build_recommendation_request( - resource_group_name: str, workspace_name: str, recommendation_id: str, subscription_id: str, **kwargs: Any -) -> HttpRequest: - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - accept = _headers.pop("Accept", "application/json") - - # Construct URL - _url = kwargs.pop( - "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}", - ) # pylint: disable=line-too-long - path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), - "resourceGroupName": _SERIALIZER.url( - "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 - ), - "workspaceName": _SERIALIZER.url( - "workspace_name", - workspace_name, - "str", - max_length=90, - min_length=1, - pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - ), - "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), - } - - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore - - # Construct parameters - _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") - - # Construct headers - if content_type is not None: - _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") - _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - - return HttpRequest(method="PATCH", url=_url, params=_params, headers=_headers, **kwargs) - - -class UpdateOperations: - """ - .. warning:: - **DO NOT** instantiate this class directly. - - Instead, you should access the following operations through - :class:`~azure.mgmt.securityinsight.SecurityInsights`'s - :attr:`update` attribute. - """ - - models = _models - - def __init__(self, *args, **kwargs): - input_args = list(args) - self._client = input_args.pop(0) if input_args else kwargs.pop("client") - self._config = input_args.pop(0) if input_args else kwargs.pop("config") - self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") - self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - def _recommendation_initial( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: Union[List[_models.RecommendationPatch], IO], - **kwargs: Any - ) -> _models.Recommendation: - error_map = { - 401: ClientAuthenticationError, - 404: ResourceNotFoundError, - 409: ResourceExistsError, - 304: ResourceNotModifiedError, - } - error_map.update(kwargs.pop("error_map", {}) or {}) - - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - - content_type = content_type or "application/json" - _json = None - _content = None - if isinstance(recommendation_patch, (IO, bytes)): - _content = recommendation_patch - else: - _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") - - request = build_recommendation_request( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - subscription_id=self._config.subscription_id, - api_version=api_version, - content_type=content_type, - json=_json, - content=_content, - template_url=self._recommendation_initial.metadata["url"], - headers=_headers, - params=_params, - ) - request = _convert_request(request) - request.url = self._client.format_url(request.url) - - pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs - ) - - response = pipeline_response.http_response - - if response.status_code not in [202]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize("Recommendation", pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - - _recommendation_initial.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } - - @overload - def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: List[_models.RecommendationPatch], - *, - content_type: str = "application/json", - **kwargs: Any - ) -> LROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Required. - :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] - :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this - operation to not poll, or pass in your own initialized polling object for a personal polling - strategy. - :paramtype polling: bool or ~azure.core.polling.PollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of LROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.LROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @overload - def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: IO, - *, - content_type: str = "application/json", - **kwargs: Any - ) -> LROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Required. - :type recommendation_patch: IO - :keyword content_type: Body Parameter content-type. Content type parameter for binary body. - Default value is "application/json". - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this - operation to not poll, or pass in your own initialized polling object for a personal polling - strategy. - :paramtype polling: bool or ~azure.core.polling.PollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of LROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.LROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - - @distributed_trace - def begin_recommendation( - self, - resource_group_name: str, - workspace_name: str, - recommendation_id: str, - recommendation_patch: Union[List[_models.RecommendationPatch], IO], - **kwargs: Any - ) -> LROPoller[_models.Recommendation]: - """Patch a recommendation. - - :param resource_group_name: The name of the resource group. The name is case insensitive. - Required. - :type resource_group_name: str - :param workspace_name: The name of the workspace. Required. - :type workspace_name: str - :param recommendation_id: Recommendation Id. Required. - :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. - :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO - :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. - Default value is None. - :paramtype content_type: str - :keyword callable cls: A custom type or function that will be passed the direct response - :keyword str continuation_token: A continuation token to restart a poller from a saved state. - :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this - operation to not poll, or pass in your own initialized polling object for a personal polling - strategy. - :paramtype polling: bool or ~azure.core.polling.PollingMethod - :keyword int polling_interval: Default waiting time between two polls for LRO operations if no - Retry-After header is present. - :return: An instance of LROPoller that returns either Recommendation or the result of - cls(response) - :rtype: ~azure.core.polling.LROPoller[~azure.mgmt.securityinsight.models.Recommendation] - :raises ~azure.core.exceptions.HttpResponseError: - """ - _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) - _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) - polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) - lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) - cont_token: Optional[str] = kwargs.pop("continuation_token", None) - if cont_token is None: - raw_result = self._recommendation_initial( - resource_group_name=resource_group_name, - workspace_name=workspace_name, - recommendation_id=recommendation_id, - recommendation_patch=recommendation_patch, - api_version=api_version, - content_type=content_type, - cls=lambda x, y, z: x, - headers=_headers, - params=_params, - **kwargs - ) - kwargs.pop("error_map", None) - - def get_long_running_output(pipeline_response): - deserialized = self._deserialize("Recommendation", pipeline_response) - if cls: - return cls(pipeline_response, deserialized, {}) - return deserialized - - if polling is True: - polling_method: PollingMethod = cast(PollingMethod, ARMPolling(lro_delay, **kwargs)) - elif polling is False: - polling_method = cast(PollingMethod, NoPolling()) - else: - polling_method = polling - if cont_token: - return LROPoller.from_continuation_token( - polling_method=polling_method, - continuation_token=cont_token, - client=self._client, - deserialization_callback=get_long_running_output, - ) - return LROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore - - begin_recommendation.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}" - } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py index 1139c4e49331..f447792cacfc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py @@ -53,9 +53,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -103,9 +101,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -152,9 +148,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -201,9 +195,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -270,14 +262,14 @@ def list( skip_token: Optional[str] = None, **kwargs: Any ) -> Iterable["_models.WatchlistItem"]: - """Gets all watchlist Items. + """Get all watchlist Items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -292,7 +284,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) @@ -371,16 +363,16 @@ def get_next(next_link=None): def get( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> _models.WatchlistItem: - """Gets a watchlist, without its watchlist items. + """Get a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response :return: WatchlistItem or the result of cls(response) @@ -398,7 +390,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) @@ -449,9 +441,9 @@ def delete( # pylint: disable=inconsistent-return-statements :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response :return: None or the result of cls(response) @@ -469,7 +461,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -517,16 +509,16 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem @@ -551,16 +543,16 @@ def create_or_update( content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Required. :type watchlist_item: IO @@ -583,16 +575,16 @@ def create_or_update( watchlist_item: Union[_models.WatchlistItem, IO], **kwargs: Any ) -> _models.WatchlistItem: - """Creates or updates a watchlist item. + """Create or update a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str - :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :param watchlist_item_id: The watchlist item id (GUID). Required. :type watchlist_item_id: str :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO @@ -615,7 +607,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py index c675404d4edb..b830d424ce77 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py @@ -52,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -96,9 +94,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,9 +135,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -182,9 +176,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: Literal["2023-02-01"] = kwargs.pop("api_version", _params.pop("api-version", "2023-02-01")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -245,7 +237,7 @@ def __init__(self, *args, **kwargs): def list( self, resource_group_name: str, workspace_name: str, skip_token: Optional[str] = None, **kwargs: Any ) -> Iterable["_models.Watchlist"]: - """Gets all watchlists, without watchlist items. + """Get all watchlists, without watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -265,7 +257,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) @@ -343,14 +335,14 @@ def get_next(next_link=None): def get( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> _models.Watchlist: - """Gets a watchlist, without its watchlist items. + """Get a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response :return: Watchlist or the result of cls(response) @@ -368,7 +360,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) @@ -418,7 +410,7 @@ def delete( # pylint: disable=inconsistent-return-statements :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response :return: None or the result of cls(response) @@ -436,7 +428,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) cls: ClsType[None] = kwargs.pop("cls", None) @@ -464,14 +456,8 @@ def delete( # pylint: disable=inconsistent-return-statements map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - response_headers = {} - if response.status_code == 200: - response_headers["Azure-AsyncOperation"] = self._deserialize( - "str", response.headers.get("Azure-AsyncOperation") - ) - if cls: - return cls(pipeline_response, None, response_headers) + return cls(pipeline_response, None, {}) delete.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}" @@ -489,18 +475,15 @@ def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist @@ -525,18 +508,15 @@ def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Required. :type watchlist: IO @@ -559,18 +539,15 @@ def create_or_update( **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with either - rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for - small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large - watchlist, where the content size can go up to 500 MB. The status of processing such large file - can be polled through the URL returned in Azure-AsyncOperation header. + content type). To create a Watchlist and its Items, we should call this endpoint with + rawContent and contentType properties. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: Watchlist Alias. Required. + :param watchlist_alias: The watchlist alias. Required. :type watchlist_alias: str :param watchlist: The watchlist. Is either a model type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO @@ -593,7 +570,7 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( + api_version: Literal["2023-02-01"] = kwargs.pop( "api_version", _params.pop("api-version", self._config.api_version) ) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) @@ -633,19 +610,14 @@ def create_or_update( map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - response_headers = {} if response.status_code == 200: deserialized = self._deserialize("Watchlist", pipeline_response) if response.status_code == 201: - response_headers["Azure-AsyncOperation"] = self._deserialize( - "str", response.headers.get("Azure-AsyncOperation") - ) - deserialized = self._deserialize("Watchlist", pipeline_response) if cls: - return cls(pipeline_response, deserialized, response_headers) # type: ignore + return cls(pipeline_response, deserialized, {}) # type: ignore return deserialized # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py index 41e25ad33c82..1a97038359e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/automationRules/AutomationRules_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py index 5425a32f6ccd..87832dc41e0d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/automationRules/AutomationRules_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py index 56075cbd2de2..828c695a984a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/automationRules/AutomationRules_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py index 5916a50c7a2a..fc8261a826ce 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/automationRules/AutomationRules_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py index a75c2fbfdef1..68fb984b4dc8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py deleted file mode 100644 index 2a05669c46df..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py +++ /dev/null @@ -1,54 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python connect_api_polling.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.connect( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - connect_body={ - "apiKey": "123456789", - "kind": "APIKey", - "requestConfigUserInputValues": [ - { - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "somePlaceHolderValue", - "requestObjectKey": "apiEndpoint", - } - ], - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPolling.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py deleted file mode 100644 index f63f252194af..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py +++ /dev/null @@ -1,57 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python connect_api_polling_v2_logs.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.connect( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - connect_body={ - "apiKey": "123456789", - "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", - "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", - "kind": "APIKey", - "outputStream": "Custom-MyTableRawData", - "requestConfigUserInputValues": [ - { - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "somePlaceHolderValue", - "requestObjectKey": "apiEndpoint", - } - ], - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py index 805f96e8a4ec..7bbda84fdb0d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/CreateActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/actions/CreateActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py deleted file mode 100644 index ceceb21be0af..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py +++ /dev/null @@ -1,126 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_api_polling.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - data_connector={ - "kind": "APIPolling", - "properties": { - "connectorUiConfig": { - "availability": {"isPreview": True, "status": 1}, - "connectivityCriteria": [{"type": "SentinelKindsV2", "value": []}], - "dataTypes": [ - { - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)", - "name": "{{graphQueriesTableName}}", - } - ], - "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", - "graphQueries": [ - { - "baseQuery": "{{graphQueriesTableName}}", - "legend": "GitHub audit log events", - "metricName": "Total events received", - } - ], - "graphQueriesTableName": "GitHubAuditLogPolling_CL", - "instructionSteps": [ - { - "description": "Enable GitHub audit Logs. \n Follow `this `_ to create or find your personal key", - "instructions": [ - { - "parameters": { - "enable": "true", - "userRequestPlaceHoldersInput": [ - { - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "", - "requestObjectKey": "apiEndpoint", - } - ], - }, - "type": "APIKey", - } - ], - "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", - } - ], - "permissions": { - "customs": [ - { - "description": "You need access to GitHub personal token, the key should have 'admin:org' scope", - "name": "GitHub API personal token Key", - } - ], - "resourceProvider": [ - { - "permissionsDisplayText": "read and write permissions are required.", - "provider": "Microsoft.OperationalInsights/workspaces", - "providerDisplayName": "Workspace", - "requiredPermissions": {"delete": True, "read": True, "write": True}, - "scope": "Workspace", - } - ], - }, - "publisher": "GitHub", - "sampleQueries": [ - {"description": "All logs", "query": "{{graphQueriesTableName}}\n | take 10 "} - ], - "title": "GitHub Enterprise Audit Log", - }, - "pollingConfig": { - "auth": {"apiKeyIdentifier": "token", "apiKeyName": "Authorization", "authType": "APIKey"}, - "paging": {"pageSizeParaName": "per_page", "pagingType": "LinkHeader"}, - "request": { - "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", - "headers": {"Accept": "application/json", "User-Agent": "Scuba"}, - "httpMethod": "Get", - "queryParameters": {"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}"}, - "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", - "queryWindowInMin": 15, - "rateLimitQps": 50, - "retryCount": 2, - "timeoutInSeconds": 60, - }, - "response": {"eventsJsonPaths": ["$"]}, - }, - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateAPIPolling.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py index 44e578eca8d0..c1fbc7d65bc2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py @@ -36,22 +36,14 @@ def main(): bookmark={ "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', "properties": { - "created": "2021-09-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", "createdBy": {"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"}, "displayName": "My bookmark", - "entityMappings": [ - { - "entityType": "Account", - "fieldMappings": [{"identifier": "Fullname", "value": "johndoe@microsoft.com"}], - } - ], "labels": ["Tag1", "Tag2"], "notes": "Found a suspicious activity", "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", "queryResult": "Security Event query result", - "tactics": ["Execution"], - "techniques": ["T1609"], - "updated": "2021-09-01T13:15:30Z", + "updated": "2019-01-01T13:15:30Z", "updatedBy": {"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"}, }, }, @@ -59,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/CreateBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/bookmarks/CreateBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py deleted file mode 100644 index fa4c8433745e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py +++ /dev/null @@ -1,48 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_bookmark_relation.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.bookmark_relations.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", - relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - relation={ - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" - } - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py deleted file mode 100644 index 14c0e141de06..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py +++ /dev/null @@ -1,50 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_dynamics365_data_connetor.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="c2541efb-c9a6-47fe-9501-87d1017d1512", - data_connector={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "kind": "Dynamics365", - "properties": { - "dataTypes": {"dynamics365CdsActivities": {"state": "Enabled"}}, - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py deleted file mode 100644 index 0d31fbd40726..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py +++ /dev/null @@ -1,64 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_entity_query_activity.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_queries.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", - entity_query={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "kind": "Activity", - "properties": { - "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - "description": "Account deleted on host", - "enabled": True, - "entitiesFilter": {"Host_OsFamily": ["Windows"]}, - "inputEntityType": "Host", - "queryDefinitions": { - "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - "requiredInputFieldsSets": [ - ["Host_HostName", "Host_NTDomain"], - ["Host_HostName", "Host_DnsDomain"], - ["Host_AzureID"], - ["Host_OMSAgentID"], - ], - "templateName": None, - "title": "An account was deleted on this host", - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/CreateEntityQueryActivity.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py deleted file mode 100644 index 9a9744fd6ec9..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py +++ /dev/null @@ -1,50 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_file_import.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.file_imports.create( - resource_group_name="myRg", - workspace_name="myWorkspace", - file_import_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - file_import={ - "properties": { - "contentType": "StixIndicator", - "importFile": {"fileFormat": "JSON", "fileName": "myFile.json", "fileSize": 4653}, - "ingestionMode": "IngestAnyValidRecords", - "source": "mySource", - } - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/CreateFileImport.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py index 7f4268b32cbc..11e360727fdd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py @@ -36,144 +36,12 @@ def main(): alert_rule={ "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", "kind": "Fusion", - "properties": { - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "enabled": True, - "sourceSettings": [ - {"enabled": True, "sourceName": "Anomalies", "sourceSubTypes": None}, - { - "enabled": True, - "sourceName": "Alert providers", - "sourceSubTypes": [ - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Active Directory Identity Protection", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Defender", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Defender for IoT", - }, - { - "enabled": True, - "severityFilter": ["High", "Medium", "Low", "Informational"], - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft 365 Defender", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Cloud App Security", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Endpoint", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Identity", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Office 365", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", - }, - ], - }, - { - "enabled": True, - "sourceName": "Raw logs from other sources", - "sourceSubTypes": [ - { - "enabled": True, - "severityFilters": {"filters": None}, - "sourceSubTypeName": "Palo Alto Networks", - } - ], - }, - ], - }, + "properties": {"alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", "enabled": True}, }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/CreateFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py deleted file mode 100644 index cea2c133fe51..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py +++ /dev/null @@ -1,179 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_fusion_alert_rule_with_fusion_scenario_exclusion.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.alert_rules.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - rule_id="myFirstFusionRule", - alert_rule={ - "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", - "kind": "Fusion", - "properties": { - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "enabled": True, - "sourceSettings": [ - {"enabled": True, "sourceName": "Anomalies", "sourceSubTypes": None}, - { - "enabled": True, - "sourceName": "Alert providers", - "sourceSubTypes": [ - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Active Directory Identity Protection", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Defender", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Defender for IoT", - }, - { - "enabled": True, - "severityFilter": ["High", "Medium", "Low", "Informational"], - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft 365 Defender", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Cloud App Security", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Endpoint", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Identity", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Microsoft Defender for Office 365", - }, - { - "enabled": True, - "severityFilters": { - "filters": [ - {"enabled": True, "severity": "High"}, - {"enabled": True, "severity": "Medium"}, - {"enabled": True, "severity": "Low"}, - {"enabled": True, "severity": "Informational"}, - ] - }, - "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", - }, - ], - }, - { - "enabled": True, - "sourceName": "Raw logs from other sources", - "sourceSubTypes": [ - { - "enabled": True, - "severityFilters": {"filters": None}, - "sourceSubTypeName": "Palo Alto Networks", - } - ], - }, - ], - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py deleted file mode 100644 index b28a4a25f666..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py +++ /dev/null @@ -1,161 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_generic_ui.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - data_connector={ - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "availability": {"isPreview": True, "status": 1}, - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ], - } - ], - "dataTypes": [ - { - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)", - "name": "{{graphQueriesTableName}}", - } - ], - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "graphQueries": [ - { - "baseQuery": "{{graphQueriesTableName}}", - "legend": "{{graphQueriesTableName}}", - "metricName": "Total data received", - } - ], - "graphQueriesTableName": "QualysHostDetection_CL", - "instructionSteps": [ - { - "description": "..\n\n **NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the `Azure Functions pricing page `_ for details.", - "title": "", - }, - { - "description": "..\n\n **(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. `Follow these instructions `_ to use Azure Key Vault with an Azure Function App.", - "title": "", - }, - { - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n\n#. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n#. Click on the **New** drop-down menu and select **Users..**\n#. Create a username and password for the API account. \n#. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n#. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n#. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n#. Save all changes.", - "title": "", - }, - { - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n..\n\n **IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": {"fillWith": ["WorkspaceId"], "label": "Workspace ID"}, - "type": "CopyableLabel", - }, - { - "parameters": {"fillWith": ["PrimaryKey"], "label": "Primary Key"}, - "type": "CopyableLabel", - }, - ], - "title": "", - }, - { - "description": 'Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n\n#. \n Click the **Deploy to Azure** button below. \n\n \n .. image:: https://aka.ms/deploytoazurebutton\n :target: https://aka.ms/sentinelqualysvmazuredeploy\n :alt: Deploy To Azure\n\n\n#. Select the preferred **Subscription**\\ , **Resource Group** and **Location**. \n#. Enter the **Workspace ID**\\ , **Workspace Key**\\ , **API Username**\\ , **API Password** , update the **URI**\\ , and any additional URI **Filter Parameters** (each filter should be separated by an "&" symbol, no spaces.) \n ..\n\n * Enter the URI that corresponds to your region. The complete list of API Server URLs can be `found here `_ -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n * The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n * Note: If using Azure Key Vault secrets for any of the values above, use the\\ ``@Microsoft.KeyVault(SecretUri={Security Identifier})``\\ schema in place of the string values. Refer to `Key Vault references documentation `_ for further details. \n\n\n#. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n#. Click **Purchase** to deploy.', - "title": "Option 1 - Azure Resource Manager (ARM) Template", - }, - { - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", - "title": "Option 2 - Manual Deployment of Azure Functions", - }, - { - "description": "**1. Create a Function App**\n\n\n#. From the Azure Portal, navigate to `Function App `_\\ , and select **+ Add**.\n#. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n#. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n#. Make other preferrable configuration changes, if needed, then click **Create**.", - "title": "", - }, - { - "description": "**2. Import Function App Code**\n\n\n#. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n#. Select **Timer Trigger**.\n#. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n#. Click on **Code + Test** on the left pane. \n#. Copy the `Function App Code `_ and paste into the Function App ``run.ps1`` editor.\n#. Click **Save**.", - "title": "", - }, - { - "description": '**3. Configure the Function App**\n\n\n#. In the Function App, select the Function App Name and select **Configuration**.\n#. In the **Application settings** tab, select **+ New application setting**.\n#. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n .. code-block::\n\n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n\n ..\n\n * Enter the URI that corresponds to your region. The complete list of API Server URLs can be `found here `_. The ``uri`` value must follow the following schema: ``https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=`` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n * Add any additional filter parameters, for the ``filterParameters`` variable, that need to be appended to the URI. Each parameter should be seperated by an "&" symbol and should not include any spaces.\n * Set the ``timeInterval`` (in minutes) to the value of ``5`` to correspond to the Timer Trigger of every ``5`` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n * Note: If using Azure Key Vault, use the\\ ``@Microsoft.KeyVault(SecretUri={Security Identifier})``\\ schema in place of the string values. Refer to `Key Vault references documentation `_ for further details.\n\n\n#. Once all application settings have been entered, click **Save**.', - "title": "", - }, - { - "description": '**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n\n#. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n#. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n#. Add the line ``"functionTimeout": "00:10:00",`` above the ``managedDependancy`` line \n#. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n..\n\n NOTE: If a longer timeout duration is required, consider upgrading to an `App Service Plan `_', - "title": "", - }, - ], - "permissions": { - "customs": [ - { - "description": "Read and write permissions to Azure Functions to create a Function App is required. `See the documentation to learn more about Azure Functions `_.", - "name": "Microsoft.Web/sites permissions", - }, - { - "description": "A Qualys VM API username and password is required. `See the documentation to learn more about Qualys VM API `_.", - "name": "Qualys API Key", - }, - ], - "resourceProvider": [ - { - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "provider": "Microsoft.OperationalInsights/workspaces", - "providerDisplayName": "Workspace", - "requiredPermissions": {"delete": True, "read": True, "write": True}, - "scope": "Workspace", - }, - { - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "providerDisplayName": "Keys", - "requiredPermissions": {"action": True}, - "scope": "Workspace", - }, - ], - }, - "publisher": "Qualys", - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_", - } - ], - "title": "Qualys Vulnerability Management (CCP DEMO)", - } - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateGenericUI.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident.py similarity index 80% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident.py index 99dd33a78950..9e502dbf5a99 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_create_or_update.py + python create_incident.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -38,17 +38,11 @@ def main(): "properties": { "classification": "FalsePositive", "classificationComment": "Not a malicious activity", - "classificationReason": "InaccurateData", + "classificationReason": "IncorrectAlertLogic", "description": "This is a demo incident", "firstActivityTimeUtc": "2019-01-01T13:00:30Z", "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "owner": { - "assignedTo": None, - "email": None, - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "ownerType": None, - "userPrincipalName": None, - }, + "owner": {"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"}, "severity": "High", "status": "Closed", "title": "My incident", @@ -58,6 +52,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/CreateIncident.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_comment.py similarity index 90% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_comment.py index 76b762bca38f..dfb94421800c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_comment.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incident_comments_create_or_update.py + python create_incident_comment.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -39,6 +39,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/comments/CreateIncidentComment.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py index 18684885840e..7401b1829d51 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py @@ -36,13 +36,13 @@ def main(): relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", relation={ "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" } }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/CreateIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/relations/CreateIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py index f1dae6d1fced..664905c4687b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py @@ -46,6 +46,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py deleted file mode 100644 index b52313895455..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py +++ /dev/null @@ -1,68 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_nrt_alert_rule.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.alert_rules.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - alert_rule={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "kind": "NRT", - "properties": { - "description": "", - "displayName": "Rule2", - "enabled": True, - "eventGroupingSettings": {"aggregationKind": "AlertPerResult"}, - "incidentConfiguration": { - "createIncident": True, - "groupingConfiguration": { - "enabled": True, - "groupByEntities": ["Host", "Account"], - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "reopenClosedIncident": False, - }, - }, - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": False, - "tactics": ["Persistence", "LateralMovement"], - "techniques": ["T1037", "T1021"], - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateNrtAlertRule.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py deleted file mode 100644 index 17400d2e0bbe..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py +++ /dev/null @@ -1,50 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_office365_project_data_connetor.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - data_connector={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "kind": "Office365Project", - "properties": { - "dataTypes": {"logs": {"state": "Enabled"}}, - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py index e64dbac15d70..1474f7adf77b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py @@ -49,6 +49,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/CreateOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py deleted file mode 100644 index c2c0e69ee1c2..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py +++ /dev/null @@ -1,50 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_office_power_bi_data_connector.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - data_connector={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "kind": "OfficePowerBI", - "properties": { - "dataTypes": {"logs": {"state": "Enabled"}}, - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py index 41f7815cc6e8..c0a43a12ff44 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py @@ -70,12 +70,10 @@ def main(): "query": "Heartbeat", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "sentinelEntitiesMappings": [{"columnName": "Entities"}], "severity": "High", "suppressionDuration": "PT1H", "suppressionEnabled": False, "tactics": ["Persistence", "LateralMovement"], - "techniques": ["T1037", "T1021"], "triggerOperator": "GreaterThan", "triggerThreshold": 0, }, @@ -84,6 +82,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/CreateScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py index 5c8fe53f325f..55f9fda3e037 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/onboardingStates/CreateSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py deleted file mode 100644 index e4ba898e9ea7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py +++ /dev/null @@ -1,60 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_source_control.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.source_controls.create( - resource_group_name="myRg", - workspace_name="myWorkspace", - source_control_id="789e0c1f-4a3d-43ad-809c-e713b677b04a", - source_control={ - "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', - "properties": { - "contentTypes": ["AnalyticRules", "Workbook"], - "description": "This is a source control", - "displayName": "My Source Control", - "repoType": "Github", - "repository": { - "branch": "master", - "displayUrl": "https://github.com/user/repo", - "pathMapping": [ - {"contentType": "AnalyticRules", "path": "path/to/rules"}, - {"contentType": "Workbook", "path": "path/to/workbooks"}, - ], - "url": "https://github.com/user/repo", - }, - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/CreateSourceControl.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py index e58c78df5816..3c23a53a8c3d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py deleted file mode 100644 index 1b4a4587c163..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py +++ /dev/null @@ -1,58 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python create_threat_intelligence_taxii_data_connector.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - data_connector={ - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "collectionId": "135", - "dataTypes": {"taxiiClient": {"state": "Enabled"}}, - "friendlyName": "testTaxii", - "password": "--", - "pollingFrequency": "OnceADay", - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "userName": "--", - "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", - }, - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py index 47b0e922392f..d2a59ef5d1b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py @@ -40,14 +40,13 @@ def main(): "displayName": "High Value Assets Watchlist", "itemsSearchKey": "header1", "provider": "Microsoft", - "source": "watchlist.csv", - "sourceType": "Local file", + "source": "Local file", }, }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/CreateWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py index 96205b46222e..dd4f306d7ff8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py @@ -43,14 +43,13 @@ def main(): "numberOfLinesToSkip": 1, "provider": "Microsoft", "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", - "source": "watchlist.csv", - "sourceType": "Local file", + "source": "Local file", }, }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py index f527c1dbf8eb..792168cb92b4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py @@ -51,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/CreateWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py index 01907457a01d..12529842126b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/DeleteActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/actions/DeleteActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py index e8eccd69f4ac..32bc13bee818 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/DeleteAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/DeleteAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py deleted file mode 100644 index 49864982ae30..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_api_polling.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteAPIPolling.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py index 5f63071b1758..67688d3506aa 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/DeleteBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/bookmarks/DeleteBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py deleted file mode 100644 index 940f286c435e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_bookmark_relation.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.bookmark_relations.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", - relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py deleted file mode 100644 index a65893898988..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_entity_query.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_queries.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/DeleteEntityQuery.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py deleted file mode 100644 index 599eaa20379e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_eyes_on_setting.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.product_settings.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - settings_name="EyesOn", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/DeleteEyesOnSetting.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py deleted file mode 100644 index 3b966a3523f3..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_file_import.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.file_imports.begin_delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - file_import_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ).result() - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/DeleteFileImport.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py deleted file mode 100644 index b73a6e33886e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_generic_ui.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteGenericUI.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident.py index 46d6ef624106..b2ccea129880 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_delete.py + python delete_incident.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/DeleteIncident.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_comment.py similarity index 90% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_comment.py index 41de0f2f027c..7b80241d2837 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_comment.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incident_comments_delete.py + python delete_incident_comment.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/comments/DeleteIncidentComment.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py index 78337555b97a..63521722f624 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/relations/DeleteIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py deleted file mode 100644 index 49bd06ba9428..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_metadata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - metadata_name="metadataName", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/DeleteMetadata.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py deleted file mode 100644 index 8b565c226eb2..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_office365_project_data_connetor.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py deleted file mode 100644 index d66ae4ac7351..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_office_consents.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.office_consents.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - consent_id="04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/DeleteOfficeConsents.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py index ea1346bce56e..b6c62afebde0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/DeleteOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py deleted file mode 100644 index 9e48c8e08851..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_office_power_bi_data_connetor.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py index 10c84d42cbb3..d655d112c333 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py index 7efd7e514297..98e283c23879 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/onboardingStates/DeleteSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py deleted file mode 100644 index b39bed43c896..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python delete_source_control.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.source_controls.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - source_control_id="789e0c1f-4a3d-43ad-809c-e713b677b04a", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/DeleteSourceControl.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py index 254248e2572d..b350ed11ca38 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/threatintelligence/DeleteThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py index 657798684a34..5f1ee0e6cb5e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/DeleteWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py index d22cdfb7f9df..5fa9b9570573 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/DeleteWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py deleted file mode 100644 index 86acefb3218e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python disconnect_api_polling.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.disconnect( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DisconnectAPIPolling.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py deleted file mode 100644 index 4cdf7445de26..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_account_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAccountEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py index 6bf9693e038f..a611bbff0bff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetActionOfAlertRuleById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/actions/GetActionOfAlertRuleById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py deleted file mode 100644 index 627d89dee6b5..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_activity_entity_query_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_queries.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetActivityEntityQueryById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py deleted file mode 100644 index 8535ed42977e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_activity_entity_query_template_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_query_templates.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_query_template_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py index 1d18bbcb0164..36bb99689968 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py index 4f232d8a66d2..16f20966a5f9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py index 71e28322c8e7..a8a23af54e44 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetAllActionsByAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/actions/GetAllActionsByAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py index 6bfe39da69fe..de245de363f3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetAllAlertRules.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/GetAllAlertRules.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py deleted file mode 100644 index dd257f859112..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_all_bookmark_relations.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.bookmark_relations.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py deleted file mode 100644 index 292751766fbf..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_all_entity_relations.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities_relations.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="afbd324f-6c48-459c-8710-8d1e1cd03812", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetAllEntityRelations.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_alerts.py similarity index 87% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_alerts.py index a62de178a146..25019b98f71e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_alerts.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_list_alerts.py + python get_all_incident_alerts.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -32,11 +32,11 @@ def main(): response = client.incidents.list_alerts( resource_group_name="myRg", workspace_name="myWorkspace", - incident_id="69a30280-6a4c-4aa7-9af0-5d63f335d600", + incident_id="afbd324f-6c48-459c-8710-8d1e1cd03812", ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/GetAllIncidentAlerts.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_bookmarks.py similarity index 86% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_bookmarks.py index b931f0ff5499..0278f945f480 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_bookmarks.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_list_bookmarks.py + python get_all_incident_bookmarks.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -32,11 +32,11 @@ def main(): response = client.incidents.list_bookmarks( resource_group_name="myRg", workspace_name="myWorkspace", - incident_id="69a30280-6a4c-4aa7-9af0-5d63f335d600", + incident_id="afbd324f-6c48-459c-8710-8d1e1cd03812", ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/GetAllIncidentBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_comments.py similarity index 90% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_comments.py index 7fce290b89df..ee3e86943228 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_comments.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incident_comments_list.py + python get_all_incident_comments.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/comments/GetAllIncidentComments.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_entities.py similarity index 86% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_entities.py index 93dbebcc10c5..54951b7cae81 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_entities.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_list_entities.py + python get_all_incident_entities.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -32,11 +32,11 @@ def main(): response = client.incidents.list_entities( resource_group_name="myRg", workspace_name="myWorkspace", - incident_id="69a30280-6a4c-4aa7-9af0-5d63f335d600", + incident_id="afbd324f-6c48-459c-8710-8d1e1cd03812", ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/GetAllIncidentEntities.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py index d51befaed744..7105170d2894 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/relations/GetAllIncidentRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py deleted file mode 100644 index 7db4cc0f8c28..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_all_metadata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadata.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py deleted file mode 100644 index 5b4257bac619..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_all_metadata_odata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadataOData.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py index 1a674b133d69..3e7a00d5615e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py index 50414b351665..139f2120947a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py deleted file mode 100644 index 9686f64f3e57..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py +++ /dev/null @@ -1,41 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_all_settings.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.product_settings.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetAllSettings.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py index 763052e052f7..0906454d0382 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py deleted file mode 100644 index 6738b3b06f21..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_amazon_web_services_s3_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="afef3743-0c88-469c-84ff-ca2e87dc1e48", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py index 58c9a9583e24..dc575540abfe 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py deleted file mode 100644 index e36510675dde..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_api_polling.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAPIPolling.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py index 6fce52a1fd6c..47c24a2099a6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetAzureActiveDirectoryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py index b6d603f21861..93bb6cf43419 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py deleted file mode 100644 index b050cca4c7c5..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_azure_resource_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAzureResourceEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py index efd0ea37571e..ebb8eb0ae28c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetAzureSecurityCenterById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py index 8e87468ceb1e..5f20c8cae2dd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarkById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/bookmarks/GetBookmarkById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py deleted file mode 100644 index 7426af196f31..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_bookmark_relation_by_name.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.bookmark_relations.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", - relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py index 3bfe6238bf16..c6f97459b037 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/bookmarks/GetBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py deleted file mode 100644 index 6f0e16b2e736..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_cloud_application_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetCloudApplicationEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py index 3427dc2447ff..9d93fba44094 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDataConnectors.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetDataConnectors.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py deleted file mode 100644 index d12e56266b46..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_dns_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="f4e74920-f2c0-4412-a45f-66d94fdf01f8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetDnsEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py deleted file mode 100644 index 7b5578864e8a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_dynamics365_data_connector_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="c2541efb-c9a6-47fe-9501-87d1017d1512", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py deleted file mode 100644 index 7497dda7be87..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_entities.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetEntities.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py deleted file mode 100644 index 8cee24ba1398..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_entity_queries.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_queries.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetEntityQueries.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py deleted file mode 100644 index 9891a363b78b..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_entity_query_templates.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_query_templates.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py deleted file mode 100644 index 9f6da60a51c1..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_entity_relation_by_name.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_relations.get_relation( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="afbd324f-6c48-459c-8710-8d1e1cd03812", - relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetEntityRelationByName.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py deleted file mode 100644 index b602cd4c4c5f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_expansion_entity_query_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entity_queries.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py deleted file mode 100644 index 631125a81101..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_eyes_on_setting.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.product_settings.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - settings_name="EyesOn", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetEyesOnSetting.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py deleted file mode 100644 index 91f2d212d0ef..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_file_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="af378b21-b4aa-4fe7-bc70-13f8621a322f", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py deleted file mode 100644 index e3191f6d250b..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_file_hash_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="ea359fa6-c1e5-f878-e105-6344f3e399a1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileHashEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py deleted file mode 100644 index 31cca3f33ca3..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_file_import_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.file_imports.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - file_import_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImportById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py deleted file mode 100644 index 453ebae65bdc..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_file_imports.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.file_imports.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImports.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py index 20bbac08277f..88660910e29b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/GetFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py deleted file mode 100644 index 3d93903adcd8..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_generic_ui.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetGenericUI.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py deleted file mode 100644 index 93496f23f2d7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py +++ /dev/null @@ -1,41 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_geodata_by_ip.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", - ) - - response = client.ip_geodata.get( - resource_group_name="myRg", - ip_address="1.2.3.4", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetGeodataByIp.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py deleted file mode 100644 index da73796bf50e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_host_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetHostEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_by_id.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_by_id.py index 159a603b2460..fd7b283ad220 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_by_id.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_get.py + python get_incident_by_id.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/GetIncidentById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_comment_by_id.py similarity index 90% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_comment_by_id.py index 376e884be9ca..02dd22457a42 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_comment_by_id.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incident_comments_get.py + python get_incident_comment_by_id.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/comments/GetIncidentCommentById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py index 56607932ef56..88d176a1d40d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/relations/GetIncidentRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incidents.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incidents.py index 92ad2ea10b6b..fbb54ebaf3a8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incidents.py @@ -14,7 +14,7 @@ pip install azure-identity pip install azure-mgmt-securityinsight # USAGE - python incidents_list.py + python get_incidents.py Before run the sample, please set the values of the client ID, tenant ID and client secret of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/incidents/GetIncidents.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py deleted file mode 100644 index 2862942122ce..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_io_tby_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="d2e5dc7a-f3a2-429d-954b-939fa8c2932e", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetIoTById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py deleted file mode 100644 index eb492445a610..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_io_tdevice_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIoTDeviceEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py deleted file mode 100644 index 0df0f6826bed..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_ip_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIpEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py deleted file mode 100644 index f43526065efd..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_mail_cluster_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailClusterEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py deleted file mode 100644 index 5d9c55a18e9f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_mail_message_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailMessageEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py deleted file mode 100644 index ab443b71cfd7..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_mailbox_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailboxEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py deleted file mode 100644 index 5c8a14d51428..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_malware_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="af378b21-b4aa-4fe7-bc70-13f8621a322f", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMalwareEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py deleted file mode 100644 index e8d786700ebb..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_metadata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="2e1dc338-d04d-4443-b721-037eff4fdcac", - ) - - response = client.metadata.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - metadata_name="metadataName", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetMetadata.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py index 31c5ac11df7d..5e89f1d9da99 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py index b1d6154e90aa..e7db495f0b44 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py deleted file mode 100644 index 51ae83893b7d..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_microsoft_insider_risk_management_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="3d3e955e-33eb-401d-89a7-251c81ddd660", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py index fd1493e29bb6..15bc884d5528 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py deleted file mode 100644 index 404e3265f958..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_microsoft_threat_intelligence_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py deleted file mode 100644 index d97c5ff04218..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_microsoft_threat_protection_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py deleted file mode 100644 index e3ffcd9605df..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_nrt_alert_rule.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.alert_rules.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetNrtAlertRule.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py deleted file mode 100644 index ce52eaf4847f..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_office365_advanced_threat_protection_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="3d3e955e-33eb-401d-89a7-251c81ddd660", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py deleted file mode 100644 index 5486268cc6f0..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_office365_project_data_connetor_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py deleted file mode 100644 index 047adb41a559..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_office_consents.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.office_consents.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsents.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py deleted file mode 100644 index 07d171e85fe9..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_office_consents_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.office_consents.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - consent_id="04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsentsById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py index 0a4e4319b4f7..16d52083f4cf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetOfficeDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py deleted file mode 100644 index 6136caf31c43..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_office_power_bi_data_connetor_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py deleted file mode 100644 index f00cd0a7d744..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_process_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="7264685c-038c-42c6-948c-38e14ef1fb98", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetProcessEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py deleted file mode 100644 index eb816400aa67..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_queries.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.queries( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - kind="Insight", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetQueries.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py deleted file mode 100644 index 10ce219569fc..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_recommendation.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.get.single_recommendation( - resource_group_name="myRg", - workspace_name="myWorkspace", - recommendation_id="6d4b54eb-8684-4aa3-a156-3aa37b8014bc", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendation.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py deleted file mode 100644 index 049b5a6b8a82..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py +++ /dev/null @@ -1,41 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_recommendations.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.get_recommendations.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendations.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py deleted file mode 100644 index cb4e42df61ca..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_registry_key_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryKeyEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py deleted file mode 100644 index 5081e924eae9..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_registry_value_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="dc44bd11-b348-4d76-ad29-37bf7aa41356", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryValueEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py deleted file mode 100644 index a79ba4b95ce1..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_repositories.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.source_control.list_repositories( - resource_group_name="myRg", - workspace_name="myWorkspace", - repo_type="Github", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/repositories/GetRepositories.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py index fe0d97781a54..6a13c8f4e8da 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/alertRules/GetScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py deleted file mode 100644 index d97f34e82268..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_security_alert_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="4aa486e0-6f85-41af-99ea-7acdce7be6c8", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityAlertEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py deleted file mode 100644 index 4dbc57ea7730..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_security_group_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityGroupEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py index 9913163dbb50..641284d92698 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/onboardingStates/GetSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py deleted file mode 100644 index 340237ce6a45..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_source_control_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.source_controls.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - source_control_id="789e0c1f-4a3d-43ad-809c-e713b677b04a", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControlById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py deleted file mode 100644 index ceb9628d252b..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_source_controls.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.source_controls.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControls.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py deleted file mode 100644 index 3ee652535e57..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_submission_mail_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSubmissionMailEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py index 6dc9762759ac..a8986acdaa30 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/threatintelligence/GetThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py index 41e6c872c5ee..40f2cdc0d4ba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py @@ -26,17 +26,17 @@ def main(): client = SecurityInsights( credential=DefaultAzureCredential(), - subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.threat_intelligence_indicator.get( + response = client.data_connectors.get( resource_group_name="myRg", workspace_name="myWorkspace", - name="e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/dataConnectors/GetThreatIntelligenceById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py deleted file mode 100644 index 52cb79c118e1..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_threat_intelligence_taxii_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.data_connectors.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - data_connector_id="c39bb458-02a7-4b3f-b0c8-71a1d2692652", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py deleted file mode 100644 index fb4d819a677e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_url_entity_by_id.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetUrlEntityById.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py index 52d3b745e293..19632587b55b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistByAlias.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/GetWatchlistByAlias.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py index 412ba40fef43..5ef8880fd62a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItemById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/GetWatchlistItemById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py index ca7c80699b5b..c9ca6e73fa66 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/GetWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py index 2546e29b6ff9..3855410f91a2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlists.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/watchlists/GetWatchlists.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py deleted file mode 100644 index 53f54bfb1d25..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py +++ /dev/null @@ -1,41 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python get_whois_by_domain_name.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", - ) - - response = client.domain_whois.get( - resource_group_name="myRg", - domain="microsoft.com", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetWhoisByDomainName.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py deleted file mode 100644 index 358cd15f754e..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py +++ /dev/null @@ -1,44 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incident_tasks_create_or_update.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incident_tasks.create_or_update( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - incident_task_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - incident_task={"properties": {"description": "Task description", "status": "New", "title": "Task title"}}, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py deleted file mode 100644 index 4e742bfbd432..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incident_tasks_delete.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incident_tasks.delete( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - incident_task_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py deleted file mode 100644 index e825d109fd60..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incident_tasks_get.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incident_tasks.get( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - incident_task_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py deleted file mode 100644 index 371a20ddd697..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incident_tasks_list.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incident_tasks.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - ) - for item in response: - print(item) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py deleted file mode 100644 index 6f3462eb2a73..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py +++ /dev/null @@ -1,48 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incidents_create_team.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incidents.create_team( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_id="69a30280-6a4c-4aa7-9af0-5d63f335d600", - team_properties={ - "groupIds": None, - "memberIds": None, - "teamDescription": "Team description", - "teamName": "Team name", - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py deleted file mode 100644 index eeccd2e1694d..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py +++ /dev/null @@ -1,42 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python incidents_run_playbook.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.incidents.run_playbook( - resource_group_name="myRg", - workspace_name="myWorkspace", - incident_identifier="73e01a99-5cd7-4139-a149-9f2736ff2ar4", - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py index c5bdf9face9c..63f4d3421183 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py @@ -34,6 +34,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/operations/ListOperations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2023-02-01/examples/operations/ListOperations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py deleted file mode 100644 index 7cbdf1b8fb56..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python patch_metadata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.update( - resource_group_name="myRg", - workspace_name="myWorkspace", - metadata_name="metadataName", - metadata_patch={"properties": {"author": {"email": "email@microsoft.com", "name": "User Name"}}}, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PatchMetadata.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py deleted file mode 100644 index 42ed7cf1e6ac..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python patch_recommendation.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.update.begin_recommendation( - resource_group_name="myRg", - workspace_name="myWorkspace", - recommendation_id="6d4b54eb-8684-4aa3-a156-3aa37b8014bc", - recommendation_patch=[{"state": "Active"}], - ).result() - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/PatchRecommendation.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py deleted file mode 100644 index 49329bae179a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py +++ /dev/null @@ -1,47 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python post_expand_bookmark.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.bookmark.expand( - resource_group_name="myRg", - workspace_name="myWorkspace", - bookmark_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", - parameters={ - "endTime": "2020-01-24T17:21:00.000Z", - "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", - "startTime": "2019-12-25T17:21:00.000Z", - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/expand/PostExpandBookmark.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py deleted file mode 100644 index 6419a34d794d..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py +++ /dev/null @@ -1,47 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python post_expand_entity.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.expand( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - parameters={ - "endTime": "2019-05-26T00:00:00.000Z", - "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", - "startTime": "2019-04-25T00:00:00.000Z", - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/expand/PostExpandEntity.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py deleted file mode 100644 index 4e210c82efb3..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py +++ /dev/null @@ -1,48 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python post_get_insights.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities.get_insights( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - parameters={ - "addDefaultExtendedTimeRange": False, - "endTime": "2021-10-01T00:00:00.000Z", - "insightQueryIds": ["cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"], - "startTime": "2021-09-01T00:00:00.000Z", - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/insights/PostGetInsights.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py deleted file mode 100644 index 8d224b26250a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py +++ /dev/null @@ -1,47 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python post_timeline_entity.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.entities_get_timeline.list( - resource_group_name="myRg", - workspace_name="myWorkspace", - entity_id="e1d3d618-e11f-478b-98e3-bb381539a8e1", - parameters={ - "endTime": "2021-10-01T00:00:00.000Z", - "numberOfBucket": 4, - "startTime": "2021-09-01T00:00:00.000Z", - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/timeline/PostTimelineEntity.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py deleted file mode 100644 index 62ff77bced8a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py +++ /dev/null @@ -1,95 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python put_metadata.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.create( - resource_group_name="myRg", - workspace_name="myWorkspace", - metadata_name="metadataName", - metadata={ - "properties": { - "author": {"email": "email@microsoft.com", "name": "User Name"}, - "categories": {"domains": ["Application", "Security – Insider Threat"], "verticals": ["Healthcare"]}, - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "contentSchemaVersion": "2.0", - "customVersion": "1.0", - "dependencies": { - "criteria": [ - { - "criteria": [ - { - "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", - "kind": "DataConnector", - "name": "Microsoft Defender for Endpoint", - }, - {"contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", "kind": "DataConnector"}, - { - "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", - "kind": "DataConnector", - "version": "2.0", - }, - ], - "operator": "OR", - }, - {"contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", "kind": "Playbook", "version": "1.0"}, - {"contentId": "21ba424a-9438-4444-953a-7059539a7a1b", "kind": "Parser"}, - ], - "operator": "AND", - }, - "firstPublishDate": "2021-05-18", - "kind": "AnalyticsRule", - "lastPublishDate": "2021-05-18", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "previewImages": ["firstImage.png", "secondImage.jpeg"], - "previewImagesDark": ["firstImageDark.png", "secondImageDark.jpeg"], - "providers": ["Amazon", "Microsoft"], - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf", - }, - "support": { - "email": "support@microsoft.com", - "link": "https://support.microsoft.com/", - "name": "Microsoft", - "tier": "Partner", - }, - "threatAnalysisTactics": ["reconnaissance", "commandandcontrol"], - "threatAnalysisTechniques": ["T1548", "T1548.001"], - "version": "1.0.0.0", - } - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadata.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py deleted file mode 100644 index 10215a694f1a..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py +++ /dev/null @@ -1,49 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python put_metadata_minimal.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.metadata.create( - resource_group_name="myRg", - workspace_name="myWorkspace", - metadata_name="metadataName", - metadata={ - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - } - }, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadataMinimal.json -if __name__ == "__main__": - main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py deleted file mode 100644 index 9f10f20bb113..000000000000 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py +++ /dev/null @@ -1,43 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- - -from azure.identity import DefaultAzureCredential -from azure.mgmt.securityinsight import SecurityInsights - -""" -# PREREQUISITES - pip install azure-identity - pip install azure-mgmt-securityinsight -# USAGE - python update_eyes_on_setting.py - - Before run the sample, please set the values of the client ID, tenant ID and client secret - of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, - AZURE_CLIENT_SECRET. For more info about how to get the value, please see: - https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal -""" - - -def main(): - client = SecurityInsights( - credential=DefaultAzureCredential(), - subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - ) - - response = client.product_settings.update( - resource_group_name="myRg", - workspace_name="myWorkspace", - settings_name="EyesOn", - settings={"etag": '"0300bf09-0000-0000-0000-5c37296e0000"', "kind": "EyesOn", "properties": {}}, - ) - print(response) - - -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/UpdateEyesOnSetting.json -if __name__ == "__main__": - main()