Documentation ¶
Index ¶
- func PossibleValuesForAlertSeverity() []string
- func PossibleValuesForAlertStatus() []string
- func PossibleValuesForAttackTactic() []string
- func PossibleValuesForConfidenceLevel() []string
- func PossibleValuesForConfidenceScoreStatus() []string
- func PossibleValuesForEntityKind() []string
- func PossibleValuesForIncidentSeverity() []string
- func PossibleValuesForKillChainIntent() []string
- func ValidateIncidentID(input interface{}, key string) (warnings []string, errors []error)
- type AlertSeverity
- type AlertStatus
- type AttackTactic
- type ConfidenceLevel
- type ConfidenceScoreStatus
- type Entity
- type EntityKind
- type HuntingBookmark
- type HuntingBookmarkProperties
- func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)
- func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)
- func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)
- type IncidentAlertList
- type IncidentAlertsClient
- type IncidentId
- type IncidentInfo
- type IncidentSeverity
- type IncidentsListAlertsOperationResponse
- type KillChainIntent
- type SecurityAlert
- type SecurityAlertProperties
- func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)
- type SecurityAlertPropertiesConfidenceReasonsInlined
- type UserInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PossibleValuesForAlertSeverity ¶
func PossibleValuesForAlertSeverity() []string
func PossibleValuesForAlertStatus ¶
func PossibleValuesForAlertStatus() []string
func PossibleValuesForAttackTactic ¶
func PossibleValuesForAttackTactic() []string
func PossibleValuesForConfidenceLevel ¶
func PossibleValuesForConfidenceLevel() []string
func PossibleValuesForConfidenceScoreStatus ¶
func PossibleValuesForConfidenceScoreStatus() []string
func PossibleValuesForEntityKind ¶
func PossibleValuesForEntityKind() []string
func PossibleValuesForIncidentSeverity ¶
func PossibleValuesForIncidentSeverity() []string
func PossibleValuesForKillChainIntent ¶
func PossibleValuesForKillChainIntent() []string
func ValidateIncidentID ¶
ValidateIncidentID checks that 'input' can be parsed as a Incident ID
Types ¶
type AlertSeverity ¶
type AlertSeverity string
const ( AlertSeverityHigh AlertSeverity = "High" AlertSeverityInformational AlertSeverity = "Informational" AlertSeverityLow AlertSeverity = "Low" AlertSeverityMedium AlertSeverity = "Medium" )
type AlertStatus ¶
type AlertStatus string
const ( AlertStatusDismissed AlertStatus = "Dismissed" AlertStatusInProgress AlertStatus = "InProgress" AlertStatusNew AlertStatus = "New" AlertStatusResolved AlertStatus = "Resolved" AlertStatusUnknown AlertStatus = "Unknown" )
type AttackTactic ¶
type AttackTactic string
const ( AttackTacticCollection AttackTactic = "Collection" AttackTacticCommandAndControl AttackTactic = "CommandAndControl" AttackTacticCredentialAccess AttackTactic = "CredentialAccess" AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" AttackTacticDiscovery AttackTactic = "Discovery" AttackTacticExecution AttackTactic = "Execution" AttackTacticExfiltration AttackTactic = "Exfiltration" AttackTacticImpact AttackTactic = "Impact" AttackTacticInitialAccess AttackTactic = "InitialAccess" AttackTacticLateralMovement AttackTactic = "LateralMovement" AttackTacticPersistence AttackTactic = "Persistence" AttackTacticPreAttack AttackTactic = "PreAttack" AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" )
type ConfidenceLevel ¶
type ConfidenceLevel string
const ( ConfidenceLevelHigh ConfidenceLevel = "High" ConfidenceLevelLow ConfidenceLevel = "Low" ConfidenceLevelUnknown ConfidenceLevel = "Unknown" )
type ConfidenceScoreStatus ¶
type ConfidenceScoreStatus string
const ( ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final" ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess" ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable" ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal" )
type EntityKind ¶
type EntityKind string
const ( EntityKindAccount EntityKind = "Account" EntityKindAzureResource EntityKind = "AzureResource" EntityKindBookmark EntityKind = "Bookmark" EntityKindCloudApplication EntityKind = "CloudApplication" EntityKindDnsResolution EntityKind = "DnsResolution" EntityKindFile EntityKind = "File" EntityKindFileHash EntityKind = "FileHash" EntityKindHost EntityKind = "Host" EntityKindIP EntityKind = "Ip" EntityKindIoTDevice EntityKind = "IoTDevice" EntityKindMailCluster EntityKind = "MailCluster" EntityKindMailMessage EntityKind = "MailMessage" EntityKindMailbox EntityKind = "Mailbox" EntityKindMalware EntityKind = "Malware" EntityKindProcess EntityKind = "Process" EntityKindRegistryKey EntityKind = "RegistryKey" EntityKindRegistryValue EntityKind = "RegistryValue" EntityKindSecurityAlert EntityKind = "SecurityAlert" EntityKindSecurityGroup EntityKind = "SecurityGroup" EntityKindSubmissionMail EntityKind = "SubmissionMail" EntityKindUrl EntityKind = "Url" )
type HuntingBookmark ¶
type HuntingBookmark struct { Properties *HuntingBookmarkProperties `json:"properties,omitempty"` // Fields inherited from Entity Id *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (HuntingBookmark) MarshalJSON ¶
func (s HuntingBookmark) MarshalJSON() ([]byte, error)
type HuntingBookmarkProperties ¶
type HuntingBookmarkProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Created *string `json:"created,omitempty"` CreatedBy *UserInfo `json:"createdBy,omitempty"` DisplayName string `json:"displayName"` EventTime *string `json:"eventTime,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` Labels *[]string `json:"labels,omitempty"` Notes *string `json:"notes,omitempty"` Query string `json:"query"` QueryResult *string `json:"queryResult,omitempty"` Updated *string `json:"updated,omitempty"` UpdatedBy *UserInfo `json:"updatedBy,omitempty"` }
func (*HuntingBookmarkProperties) GetCreatedAsTime ¶
func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) GetEventTimeAsTime ¶
func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) GetUpdatedAsTime ¶
func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) SetCreatedAsTime ¶
func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)
func (*HuntingBookmarkProperties) SetEventTimeAsTime ¶
func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)
func (*HuntingBookmarkProperties) SetUpdatedAsTime ¶
func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)
type IncidentAlertList ¶
type IncidentAlertList struct {
Value []Entity `json:"value"`
}
func (*IncidentAlertList) UnmarshalJSON ¶
func (s *IncidentAlertList) UnmarshalJSON(bytes []byte) error
type IncidentAlertsClient ¶
type IncidentAlertsClient struct { Client autorest.Client // contains filtered or unexported fields }
func NewIncidentAlertsClientWithBaseURI ¶
func NewIncidentAlertsClientWithBaseURI(endpoint string) IncidentAlertsClient
func (IncidentAlertsClient) IncidentsListAlerts ¶
func (c IncidentAlertsClient) IncidentsListAlerts(ctx context.Context, id IncidentId) (result IncidentsListAlertsOperationResponse, err error)
IncidentsListAlerts ...
type IncidentId ¶
type IncidentId struct { SubscriptionId string ResourceGroupName string WorkspaceName string IncidentId string }
IncidentId is a struct representing the Resource ID for a Incident
func NewIncidentID ¶
func NewIncidentID(subscriptionId string, resourceGroupName string, workspaceName string, incidentId string) IncidentId
NewIncidentID returns a new IncidentId struct
func ParseIncidentID ¶
func ParseIncidentID(input string) (*IncidentId, error)
ParseIncidentID parses 'input' into a IncidentId
func ParseIncidentIDInsensitively ¶
func ParseIncidentIDInsensitively(input string) (*IncidentId, error)
ParseIncidentIDInsensitively parses 'input' case-insensitively into a IncidentId note: this method should only be used for API response data and not user input
func (IncidentId) Segments ¶
func (id IncidentId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Incident ID
func (IncidentId) String ¶
func (id IncidentId) String() string
String returns a human-readable description of this Incident ID
type IncidentInfo ¶
type IncidentInfo struct { IncidentId *string `json:"incidentId,omitempty"` RelationName *string `json:"relationName,omitempty"` Severity *IncidentSeverity `json:"severity,omitempty"` Title *string `json:"title,omitempty"` }
type IncidentSeverity ¶
type IncidentSeverity string
const ( IncidentSeverityHigh IncidentSeverity = "High" IncidentSeverityInformational IncidentSeverity = "Informational" IncidentSeverityLow IncidentSeverity = "Low" IncidentSeverityMedium IncidentSeverity = "Medium" )
type IncidentsListAlertsOperationResponse ¶
type IncidentsListAlertsOperationResponse struct { HttpResponse *http.Response Model *IncidentAlertList }
type KillChainIntent ¶
type KillChainIntent string
const ( KillChainIntentCollection KillChainIntent = "Collection" KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" KillChainIntentDiscovery KillChainIntent = "Discovery" KillChainIntentExecution KillChainIntent = "Execution" KillChainIntentExfiltration KillChainIntent = "Exfiltration" KillChainIntentExploitation KillChainIntent = "Exploitation" KillChainIntentImpact KillChainIntent = "Impact" KillChainIntentLateralMovement KillChainIntent = "LateralMovement" KillChainIntentPersistence KillChainIntent = "Persistence" KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" KillChainIntentProbing KillChainIntent = "Probing" KillChainIntentUnknown KillChainIntent = "Unknown" )
type SecurityAlert ¶
type SecurityAlert struct { Properties *SecurityAlertProperties `json:"properties,omitempty"` // Fields inherited from Entity Id *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (SecurityAlert) MarshalJSON ¶
func (s SecurityAlert) MarshalJSON() ([]byte, error)
type SecurityAlertProperties ¶
type SecurityAlertProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` AlertDisplayName *string `json:"alertDisplayName,omitempty"` AlertLink *string `json:"alertLink,omitempty"` AlertType *string `json:"alertType,omitempty"` CompromisedEntity *string `json:"compromisedEntity,omitempty"` ConfidenceLevel *ConfidenceLevel `json:"confidenceLevel,omitempty"` ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsInlined `json:"confidenceReasons,omitempty"` ConfidenceScore *float64 `json:"confidenceScore,omitempty"` ConfidenceScoreStatus *ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` Description *string `json:"description,omitempty"` EndTimeUtc *string `json:"endTimeUtc,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` Intent *KillChainIntent `json:"intent,omitempty"` ProcessingEndTime *string `json:"processingEndTime,omitempty"` ProductComponentName *string `json:"productComponentName,omitempty"` ProductName *string `json:"productName,omitempty"` ProductVersion *string `json:"productVersion,omitempty"` ProviderAlertId *string `json:"providerAlertId,omitempty"` RemediationSteps *[]string `json:"remediationSteps,omitempty"` ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"` Severity *AlertSeverity `json:"severity,omitempty"` StartTimeUtc *string `json:"startTimeUtc,omitempty"` Status *AlertStatus `json:"status,omitempty"` SystemAlertId *string `json:"systemAlertId,omitempty"` Tactics *[]AttackTactic `json:"tactics,omitempty"` TimeGenerated *string `json:"timeGenerated,omitempty"` VendorName *string `json:"vendorName,omitempty"` }
func (*SecurityAlertProperties) GetEndTimeUtcAsTime ¶
func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetProcessingEndTimeAsTime ¶
func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetStartTimeUtcAsTime ¶
func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetTimeGeneratedAsTime ¶
func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)
func (*SecurityAlertProperties) SetEndTimeUtcAsTime ¶
func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)
func (*SecurityAlertProperties) SetProcessingEndTimeAsTime ¶
func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)
func (*SecurityAlertProperties) SetStartTimeUtcAsTime ¶
func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)
func (*SecurityAlertProperties) SetTimeGeneratedAsTime ¶
func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)
Source Files ¶
- client.go
- constants.go
- id_incident.go
- method_incidentslistalerts_autorest.go
- model_entity.go
- model_huntingbookmark.go
- model_huntingbookmarkproperties.go
- model_incidentalertlist.go
- model_incidentinfo.go
- model_securityalert.go
- model_securityalertproperties.go
- model_securityalertpropertiesconfidencereasonsinlined.go
- model_userinfo.go
- version.go
Click to show internal directories.
Click to hide internal directories.