incidentalerts

package
v0.20230407.1181702 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 7, 2023 License: MPL-2.0 Imports: 11 Imported by: 0

README

github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-08-01/incidentalerts Documentation

The incidentalerts SDK allows for interaction with the Azure Resource Manager Service securityinsights (API Version 2022-08-01).

This readme covers example usages, but further information on using this SDK can be found in the project root.

Import Path

import "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-08-01/incidentalerts"

Client Initialization

client := incidentalerts.NewIncidentAlertsClientWithBaseURI("https://management.azure.com")
client.Client.Authorizer = authorizer

Example Usage: IncidentAlertsClient.IncidentsListAlerts

ctx := context.TODO()
id := incidentalerts.NewIncidentID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue", "incidentIdValue")

read, err := client.IncidentsListAlerts(ctx, id)
if err != nil {
	// handle the error
}
if model := read.Model; model != nil {
	// do something with the model/response object
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PossibleValuesForAlertSeverity

func PossibleValuesForAlertSeverity() []string

func PossibleValuesForAlertStatus

func PossibleValuesForAlertStatus() []string

func PossibleValuesForAttackTactic

func PossibleValuesForAttackTactic() []string

func PossibleValuesForConfidenceLevel

func PossibleValuesForConfidenceLevel() []string

func PossibleValuesForConfidenceScoreStatus

func PossibleValuesForConfidenceScoreStatus() []string

func PossibleValuesForEntityKindEnum

func PossibleValuesForEntityKindEnum() []string

func PossibleValuesForIncidentSeverity

func PossibleValuesForIncidentSeverity() []string

func PossibleValuesForKillChainIntent

func PossibleValuesForKillChainIntent() []string

func ValidateIncidentID

func ValidateIncidentID(input interface{}, key string) (warnings []string, errors []error)

ValidateIncidentID checks that 'input' can be parsed as a Incident ID

Types

type AlertSeverity

type AlertSeverity string
const (
	AlertSeverityHigh          AlertSeverity = "High"
	AlertSeverityInformational AlertSeverity = "Informational"
	AlertSeverityLow           AlertSeverity = "Low"
	AlertSeverityMedium        AlertSeverity = "Medium"
)

type AlertStatus

type AlertStatus string
const (
	AlertStatusDismissed  AlertStatus = "Dismissed"
	AlertStatusInProgress AlertStatus = "InProgress"
	AlertStatusNew        AlertStatus = "New"
	AlertStatusResolved   AlertStatus = "Resolved"
	AlertStatusUnknown    AlertStatus = "Unknown"
)

type AttackTactic

type AttackTactic string
const (
	AttackTacticCollection              AttackTactic = "Collection"
	AttackTacticCommandAndControl       AttackTactic = "CommandAndControl"
	AttackTacticCredentialAccess        AttackTactic = "CredentialAccess"
	AttackTacticDefenseEvasion          AttackTactic = "DefenseEvasion"
	AttackTacticDiscovery               AttackTactic = "Discovery"
	AttackTacticExecution               AttackTactic = "Execution"
	AttackTacticExfiltration            AttackTactic = "Exfiltration"
	AttackTacticImpact                  AttackTactic = "Impact"
	AttackTacticImpairProcessControl    AttackTactic = "ImpairProcessControl"
	AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction"
	AttackTacticInitialAccess           AttackTactic = "InitialAccess"
	AttackTacticLateralMovement         AttackTactic = "LateralMovement"
	AttackTacticPersistence             AttackTactic = "Persistence"
	AttackTacticPreAttack               AttackTactic = "PreAttack"
	AttackTacticPrivilegeEscalation     AttackTactic = "PrivilegeEscalation"
	AttackTacticReconnaissance          AttackTactic = "Reconnaissance"
	AttackTacticResourceDevelopment     AttackTactic = "ResourceDevelopment"
)

type ConfidenceLevel

type ConfidenceLevel string
const (
	ConfidenceLevelHigh    ConfidenceLevel = "High"
	ConfidenceLevelLow     ConfidenceLevel = "Low"
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

type ConfidenceScoreStatus

type ConfidenceScoreStatus string
const (
	ConfidenceScoreStatusFinal         ConfidenceScoreStatus = "Final"
	ConfidenceScoreStatusInProcess     ConfidenceScoreStatus = "InProcess"
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	ConfidenceScoreStatusNotFinal      ConfidenceScoreStatus = "NotFinal"
)

type Entity

type Entity interface {
}

type EntityKindEnum

type EntityKindEnum string
const (
	EntityKindEnumAccount          EntityKindEnum = "Account"
	EntityKindEnumAzureResource    EntityKindEnum = "AzureResource"
	EntityKindEnumBookmark         EntityKindEnum = "Bookmark"
	EntityKindEnumCloudApplication EntityKindEnum = "CloudApplication"
	EntityKindEnumDnsResolution    EntityKindEnum = "DnsResolution"
	EntityKindEnumFile             EntityKindEnum = "File"
	EntityKindEnumFileHash         EntityKindEnum = "FileHash"
	EntityKindEnumHost             EntityKindEnum = "Host"
	EntityKindEnumIP               EntityKindEnum = "Ip"
	EntityKindEnumIoTDevice        EntityKindEnum = "IoTDevice"
	EntityKindEnumMailCluster      EntityKindEnum = "MailCluster"
	EntityKindEnumMailMessage      EntityKindEnum = "MailMessage"
	EntityKindEnumMailbox          EntityKindEnum = "Mailbox"
	EntityKindEnumMalware          EntityKindEnum = "Malware"
	EntityKindEnumProcess          EntityKindEnum = "Process"
	EntityKindEnumRegistryKey      EntityKindEnum = "RegistryKey"
	EntityKindEnumRegistryValue    EntityKindEnum = "RegistryValue"
	EntityKindEnumSecurityAlert    EntityKindEnum = "SecurityAlert"
	EntityKindEnumSecurityGroup    EntityKindEnum = "SecurityGroup"
	EntityKindEnumSubmissionMail   EntityKindEnum = "SubmissionMail"
	EntityKindEnumUrl              EntityKindEnum = "Url"
)

type HuntingBookmark

type HuntingBookmark struct {
	Properties *HuntingBookmarkProperties `json:"properties,omitempty"`

	// Fields inherited from Entity
	Id         *string                `json:"id,omitempty"`
	Name       *string                `json:"name,omitempty"`
	SystemData *systemdata.SystemData `json:"systemData,omitempty"`
	Type       *string                `json:"type,omitempty"`
}

func (HuntingBookmark) MarshalJSON

func (s HuntingBookmark) MarshalJSON() ([]byte, error)

type HuntingBookmarkProperties

type HuntingBookmarkProperties struct {
	AdditionalData *map[string]interface{} `json:"additionalData,omitempty"`
	Created        *string                 `json:"created,omitempty"`
	CreatedBy      *UserInfo               `json:"createdBy,omitempty"`
	DisplayName    string                  `json:"displayName"`
	EventTime      *string                 `json:"eventTime,omitempty"`
	FriendlyName   *string                 `json:"friendlyName,omitempty"`
	IncidentInfo   *IncidentInfo           `json:"incidentInfo,omitempty"`
	Labels         *[]string               `json:"labels,omitempty"`
	Notes          *string                 `json:"notes,omitempty"`
	Query          string                  `json:"query"`
	QueryResult    *string                 `json:"queryResult,omitempty"`
	Updated        *string                 `json:"updated,omitempty"`
	UpdatedBy      *UserInfo               `json:"updatedBy,omitempty"`
}

func (*HuntingBookmarkProperties) GetCreatedAsTime

func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) GetEventTimeAsTime

func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) GetUpdatedAsTime

func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) SetCreatedAsTime

func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)

func (*HuntingBookmarkProperties) SetEventTimeAsTime

func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)

func (*HuntingBookmarkProperties) SetUpdatedAsTime

func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)

type IncidentAlertList

type IncidentAlertList struct {
	Value []Entity `json:"value"`
}

func (*IncidentAlertList) UnmarshalJSON

func (s *IncidentAlertList) UnmarshalJSON(bytes []byte) error

type IncidentAlertsClient

type IncidentAlertsClient struct {
	Client autorest.Client
	// contains filtered or unexported fields
}

func NewIncidentAlertsClientWithBaseURI

func NewIncidentAlertsClientWithBaseURI(endpoint string) IncidentAlertsClient

func (IncidentAlertsClient) IncidentsListAlerts

func (c IncidentAlertsClient) IncidentsListAlerts(ctx context.Context, id IncidentId) (result IncidentsListAlertsOperationResponse, err error)

IncidentsListAlerts ...

type IncidentId

type IncidentId struct {
	SubscriptionId    string
	ResourceGroupName string
	WorkspaceName     string
	IncidentId        string
}

IncidentId is a struct representing the Resource ID for a Incident

func NewIncidentID

func NewIncidentID(subscriptionId string, resourceGroupName string, workspaceName string, incidentId string) IncidentId

NewIncidentID returns a new IncidentId struct

func ParseIncidentID

func ParseIncidentID(input string) (*IncidentId, error)

ParseIncidentID parses 'input' into a IncidentId

func ParseIncidentIDInsensitively

func ParseIncidentIDInsensitively(input string) (*IncidentId, error)

ParseIncidentIDInsensitively parses 'input' case-insensitively into a IncidentId note: this method should only be used for API response data and not user input

func (IncidentId) ID

func (id IncidentId) ID() string

ID returns the formatted Incident ID

func (IncidentId) Segments

func (id IncidentId) Segments() []resourceids.Segment

Segments returns a slice of Resource ID Segments which comprise this Incident ID

func (IncidentId) String

func (id IncidentId) String() string

String returns a human-readable description of this Incident ID

type IncidentInfo

type IncidentInfo struct {
	IncidentId   *string           `json:"incidentId,omitempty"`
	RelationName *string           `json:"relationName,omitempty"`
	Severity     *IncidentSeverity `json:"severity,omitempty"`
	Title        *string           `json:"title,omitempty"`
}

type IncidentSeverity

type IncidentSeverity string
const (
	IncidentSeverityHigh          IncidentSeverity = "High"
	IncidentSeverityInformational IncidentSeverity = "Informational"
	IncidentSeverityLow           IncidentSeverity = "Low"
	IncidentSeverityMedium        IncidentSeverity = "Medium"
)

type IncidentsListAlertsOperationResponse

type IncidentsListAlertsOperationResponse struct {
	HttpResponse *http.Response
	Model        *IncidentAlertList
}

type KillChainIntent

type KillChainIntent string
const (
	KillChainIntentCollection          KillChainIntent = "Collection"
	KillChainIntentCommandAndControl   KillChainIntent = "CommandAndControl"
	KillChainIntentCredentialAccess    KillChainIntent = "CredentialAccess"
	KillChainIntentDefenseEvasion      KillChainIntent = "DefenseEvasion"
	KillChainIntentDiscovery           KillChainIntent = "Discovery"
	KillChainIntentExecution           KillChainIntent = "Execution"
	KillChainIntentExfiltration        KillChainIntent = "Exfiltration"
	KillChainIntentExploitation        KillChainIntent = "Exploitation"
	KillChainIntentImpact              KillChainIntent = "Impact"
	KillChainIntentLateralMovement     KillChainIntent = "LateralMovement"
	KillChainIntentPersistence         KillChainIntent = "Persistence"
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	KillChainIntentProbing             KillChainIntent = "Probing"
	KillChainIntentUnknown             KillChainIntent = "Unknown"
)

type SecurityAlert

type SecurityAlert struct {
	Properties *SecurityAlertProperties `json:"properties,omitempty"`

	// Fields inherited from Entity
	Id         *string                `json:"id,omitempty"`
	Name       *string                `json:"name,omitempty"`
	SystemData *systemdata.SystemData `json:"systemData,omitempty"`
	Type       *string                `json:"type,omitempty"`
}

func (SecurityAlert) MarshalJSON

func (s SecurityAlert) MarshalJSON() ([]byte, error)

type SecurityAlertProperties

type SecurityAlertProperties struct {
	AdditionalData        *map[string]interface{}                            `json:"additionalData,omitempty"`
	AlertDisplayName      *string                                            `json:"alertDisplayName,omitempty"`
	AlertLink             *string                                            `json:"alertLink,omitempty"`
	AlertType             *string                                            `json:"alertType,omitempty"`
	CompromisedEntity     *string                                            `json:"compromisedEntity,omitempty"`
	ConfidenceLevel       *ConfidenceLevel                                   `json:"confidenceLevel,omitempty"`
	ConfidenceReasons     *[]SecurityAlertPropertiesConfidenceReasonsInlined `json:"confidenceReasons,omitempty"`
	ConfidenceScore       *float64                                           `json:"confidenceScore,omitempty"`
	ConfidenceScoreStatus *ConfidenceScoreStatus                             `json:"confidenceScoreStatus,omitempty"`
	Description           *string                                            `json:"description,omitempty"`
	EndTimeUtc            *string                                            `json:"endTimeUtc,omitempty"`
	FriendlyName          *string                                            `json:"friendlyName,omitempty"`
	Intent                *KillChainIntent                                   `json:"intent,omitempty"`
	ProcessingEndTime     *string                                            `json:"processingEndTime,omitempty"`
	ProductComponentName  *string                                            `json:"productComponentName,omitempty"`
	ProductName           *string                                            `json:"productName,omitempty"`
	ProductVersion        *string                                            `json:"productVersion,omitempty"`
	ProviderAlertId       *string                                            `json:"providerAlertId,omitempty"`
	RemediationSteps      *[]string                                          `json:"remediationSteps,omitempty"`
	ResourceIdentifiers   *[]interface{}                                     `json:"resourceIdentifiers,omitempty"`
	Severity              *AlertSeverity                                     `json:"severity,omitempty"`
	StartTimeUtc          *string                                            `json:"startTimeUtc,omitempty"`
	Status                *AlertStatus                                       `json:"status,omitempty"`
	SystemAlertId         *string                                            `json:"systemAlertId,omitempty"`
	Tactics               *[]AttackTactic                                    `json:"tactics,omitempty"`
	TimeGenerated         *string                                            `json:"timeGenerated,omitempty"`
	VendorName            *string                                            `json:"vendorName,omitempty"`
}

func (*SecurityAlertProperties) GetEndTimeUtcAsTime

func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetProcessingEndTimeAsTime

func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetStartTimeUtcAsTime

func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetTimeGeneratedAsTime

func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)

func (*SecurityAlertProperties) SetEndTimeUtcAsTime

func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)

func (*SecurityAlertProperties) SetProcessingEndTimeAsTime

func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)

func (*SecurityAlertProperties) SetStartTimeUtcAsTime

func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)

func (*SecurityAlertProperties) SetTimeGeneratedAsTime

func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)

type SecurityAlertPropertiesConfidenceReasonsInlined

type SecurityAlertPropertiesConfidenceReasonsInlined struct {
	Reason     *string `json:"reason,omitempty"`
	ReasonType *string `json:"reasonType,omitempty"`
}

type UserInfo

type UserInfo struct {
	Email    *string `json:"email,omitempty"`
	Name     *string `json:"name,omitempty"`
	ObjectId *string `json:"objectId,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL