README
¶
github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules Documentation
The alertrules SDK allows for interaction with the Azure Resource Manager Service securityinsights (API Version 2022-10-01-preview).
This readme covers example usages, but further information on using this SDK can be found in the project root.
Import Path
import "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
Client Initialization
client := alertrules.NewAlertRulesClientWithBaseURI("https://management.azure.com")
client.Client.Authorizer = authorizer
Example Usage: AlertRulesClient.AlertRulesCreateOrUpdate
ctx := context.TODO()
id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue", "ruleIdValue")
payload := alertrules.AlertRule{
// ...
}
read, err := client.AlertRulesCreateOrUpdate(ctx, id, payload)
if err != nil {
// handle the error
}
if model := read.Model; model != nil {
// do something with the model/response object
}
Example Usage: AlertRulesClient.AlertRulesDelete
ctx := context.TODO()
id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue", "ruleIdValue")
read, err := client.AlertRulesDelete(ctx, id)
if err != nil {
// handle the error
}
if model := read.Model; model != nil {
// do something with the model/response object
}
Example Usage: AlertRulesClient.AlertRulesGet
ctx := context.TODO()
id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue", "ruleIdValue")
read, err := client.AlertRulesGet(ctx, id)
if err != nil {
// handle the error
}
if model := read.Model; model != nil {
// do something with the model/response object
}
Example Usage: AlertRulesClient.AlertRulesList
ctx := context.TODO()
id := alertrules.NewWorkspaceID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue")
// alternatively `client.AlertRulesList(ctx, id)` can be used to do batched pagination
items, err := client.AlertRulesListComplete(ctx, id)
if err != nil {
// handle the error
}
for _, item := range items {
// do something
}
Documentation
¶
Index ¶
- func PossibleValuesForAlertDetail() []string
- func PossibleValuesForAlertProperty() []string
- func PossibleValuesForAlertRuleKind() []string
- func PossibleValuesForAlertSeverity() []string
- func PossibleValuesForAttackTactic() []string
- func PossibleValuesForEntityMappingType() []string
- func PossibleValuesForEventGroupingAggregationKind() []string
- func PossibleValuesForMatchingMethod() []string
- func PossibleValuesForMicrosoftSecurityProductName() []string
- func PossibleValuesForTriggerOperator() []string
- func ValidateAlertRuleID(input interface{}, key string) (warnings []string, errors []error)
- func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error)
- type AlertDetail
- type AlertDetailsOverride
- type AlertProperty
- type AlertPropertyMapping
- type AlertRule
- type AlertRuleId
- type AlertRuleKind
- type AlertRuleOperationPredicate
- type AlertRulesClient
- func (c AlertRulesClient) AlertRulesCreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result AlertRulesCreateOrUpdateOperationResponse, err error)
- func (c AlertRulesClient) AlertRulesDelete(ctx context.Context, id AlertRuleId) (result AlertRulesDeleteOperationResponse, err error)
- func (c AlertRulesClient) AlertRulesGet(ctx context.Context, id AlertRuleId) (result AlertRulesGetOperationResponse, err error)
- func (c AlertRulesClient) AlertRulesList(ctx context.Context, id WorkspaceId) (resp AlertRulesListOperationResponse, err error)
- func (c AlertRulesClient) AlertRulesListComplete(ctx context.Context, id WorkspaceId) (AlertRulesListCompleteResult, error)
- func (c AlertRulesClient) AlertRulesListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (resp AlertRulesListCompleteResult, err error)
- type AlertRulesCreateOrUpdateOperationResponse
- type AlertRulesDeleteOperationResponse
- type AlertRulesGetOperationResponse
- type AlertRulesListCompleteResult
- type AlertRulesListOperationResponse
- type AlertSeverity
- type AttackTactic
- type EntityMapping
- type EntityMappingType
- type EventGroupingAggregationKind
- type EventGroupingSettings
- type FieldMapping
- type FusionAlertRule
- type FusionAlertRuleProperties
- type FusionScenarioExclusionPattern
- type FusionSourceSettings
- type FusionSourceSubTypeSetting
- type FusionSubTypeSeverityFilter
- type FusionSubTypeSeverityFiltersItem
- type GroupingConfiguration
- type IncidentConfiguration
- type MLBehaviorAnalyticsAlertRule
- type MLBehaviorAnalyticsAlertRuleProperties
- type MatchingMethod
- type MicrosoftSecurityIncidentCreationAlertRule
- type MicrosoftSecurityIncidentCreationAlertRuleProperties
- type MicrosoftSecurityProductName
- type NrtAlertRule
- type NrtAlertRuleProperties
- type ScheduledAlertRule
- type ScheduledAlertRuleProperties
- type SentinelEntityMapping
- type ThreatIntelligenceAlertRule
- type ThreatIntelligenceAlertRuleProperties
- type TriggerOperator
- type WorkspaceId
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PossibleValuesForAlertDetail ¶
func PossibleValuesForAlertDetail() []string
func PossibleValuesForAlertProperty ¶
func PossibleValuesForAlertProperty() []string
func PossibleValuesForAlertRuleKind ¶
func PossibleValuesForAlertRuleKind() []string
func PossibleValuesForAlertSeverity ¶
func PossibleValuesForAlertSeverity() []string
func PossibleValuesForAttackTactic ¶
func PossibleValuesForAttackTactic() []string
func PossibleValuesForEntityMappingType ¶
func PossibleValuesForEntityMappingType() []string
func PossibleValuesForEventGroupingAggregationKind ¶
func PossibleValuesForEventGroupingAggregationKind() []string
func PossibleValuesForMatchingMethod ¶
func PossibleValuesForMatchingMethod() []string
func PossibleValuesForMicrosoftSecurityProductName ¶
func PossibleValuesForMicrosoftSecurityProductName() []string
func PossibleValuesForTriggerOperator ¶
func PossibleValuesForTriggerOperator() []string
func ValidateAlertRuleID ¶
ValidateAlertRuleID checks that 'input' can be parsed as a Alert Rule ID
func ValidateWorkspaceID ¶
ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID
Types ¶
type AlertDetail ¶
type AlertDetail string
const ( AlertDetailDisplayName AlertDetail = "DisplayName" AlertDetailSeverity AlertDetail = "Severity" )
type AlertDetailsOverride ¶
type AlertDetailsOverride struct {
AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"`
AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"`
AlertDynamicProperties *[]AlertPropertyMapping `json:"alertDynamicProperties,omitempty"`
AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"`
AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"`
}
type AlertProperty ¶
type AlertProperty string
const ( AlertPropertyAlertLink AlertProperty = "AlertLink" AlertPropertyConfidenceLevel AlertProperty = "ConfidenceLevel" AlertPropertyConfidenceScore AlertProperty = "ConfidenceScore" AlertPropertyExtendedLinks AlertProperty = "ExtendedLinks" AlertPropertyProductComponentName AlertProperty = "ProductComponentName" AlertPropertyProductName AlertProperty = "ProductName" AlertPropertyProviderName AlertProperty = "ProviderName" AlertPropertyRemediationSteps AlertProperty = "RemediationSteps" AlertPropertyTechniques AlertProperty = "Techniques" )
type AlertPropertyMapping ¶
type AlertPropertyMapping struct {
AlertProperty *AlertProperty `json:"alertProperty,omitempty"`
Value *string `json:"value,omitempty"`
}
type AlertRuleId ¶
type AlertRuleId struct {
SubscriptionId string
ResourceGroupName string
WorkspaceName string
RuleId string
}
AlertRuleId is a struct representing the Resource ID for a Alert Rule
func NewAlertRuleID ¶
func NewAlertRuleID(subscriptionId string, resourceGroupName string, workspaceName string, ruleId string) AlertRuleId
NewAlertRuleID returns a new AlertRuleId struct
func ParseAlertRuleID ¶
func ParseAlertRuleID(input string) (*AlertRuleId, error)
ParseAlertRuleID parses 'input' into a AlertRuleId
func ParseAlertRuleIDInsensitively ¶
func ParseAlertRuleIDInsensitively(input string) (*AlertRuleId, error)
ParseAlertRuleIDInsensitively parses 'input' case-insensitively into a AlertRuleId note: this method should only be used for API response data and not user input
func (AlertRuleId) Segments ¶
func (id AlertRuleId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Alert Rule ID
func (AlertRuleId) String ¶
func (id AlertRuleId) String() string
String returns a human-readable description of this Alert Rule ID
type AlertRuleKind ¶
type AlertRuleKind string
const ( AlertRuleKindFusion AlertRuleKind = "Fusion" AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" AlertRuleKindNRT AlertRuleKind = "NRT" AlertRuleKindScheduled AlertRuleKind = "Scheduled" AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" )
type AlertRuleOperationPredicate ¶
type AlertRuleOperationPredicate struct {
}
func (AlertRuleOperationPredicate) Matches ¶
func (p AlertRuleOperationPredicate) Matches(input AlertRule) bool
type AlertRulesClient ¶
func NewAlertRulesClientWithBaseURI ¶
func NewAlertRulesClientWithBaseURI(endpoint string) AlertRulesClient
func (AlertRulesClient) AlertRulesCreateOrUpdate ¶
func (c AlertRulesClient) AlertRulesCreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result AlertRulesCreateOrUpdateOperationResponse, err error)
AlertRulesCreateOrUpdate ...
func (AlertRulesClient) AlertRulesDelete ¶
func (c AlertRulesClient) AlertRulesDelete(ctx context.Context, id AlertRuleId) (result AlertRulesDeleteOperationResponse, err error)
AlertRulesDelete ...
func (AlertRulesClient) AlertRulesGet ¶
func (c AlertRulesClient) AlertRulesGet(ctx context.Context, id AlertRuleId) (result AlertRulesGetOperationResponse, err error)
AlertRulesGet ...
func (AlertRulesClient) AlertRulesList ¶
func (c AlertRulesClient) AlertRulesList(ctx context.Context, id WorkspaceId) (resp AlertRulesListOperationResponse, err error)
AlertRulesList ...
func (AlertRulesClient) AlertRulesListComplete ¶
func (c AlertRulesClient) AlertRulesListComplete(ctx context.Context, id WorkspaceId) (AlertRulesListCompleteResult, error)
AlertRulesListComplete retrieves all of the results into a single object
func (AlertRulesClient) AlertRulesListCompleteMatchingPredicate ¶
func (c AlertRulesClient) AlertRulesListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (resp AlertRulesListCompleteResult, err error)
AlertRulesListCompleteMatchingPredicate retrieves all of the results and then applied the predicate
type AlertRulesListCompleteResult ¶
type AlertRulesListCompleteResult struct {
Items []AlertRule
}
type AlertRulesListOperationResponse ¶
type AlertRulesListOperationResponse struct {
HttpResponse *http.Response
Model *[]AlertRule
// contains filtered or unexported fields
}
func (AlertRulesListOperationResponse) HasMore ¶
func (r AlertRulesListOperationResponse) HasMore() bool
func (AlertRulesListOperationResponse) LoadMore ¶
func (r AlertRulesListOperationResponse) LoadMore(ctx context.Context) (resp AlertRulesListOperationResponse, err error)
type AlertSeverity ¶
type AlertSeverity string
const ( AlertSeverityHigh AlertSeverity = "High" AlertSeverityInformational AlertSeverity = "Informational" AlertSeverityLow AlertSeverity = "Low" AlertSeverityMedium AlertSeverity = "Medium" )
type AttackTactic ¶
type AttackTactic string
const ( AttackTacticCollection AttackTactic = "Collection" AttackTacticCommandAndControl AttackTactic = "CommandAndControl" AttackTacticCredentialAccess AttackTactic = "CredentialAccess" AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" AttackTacticDiscovery AttackTactic = "Discovery" AttackTacticExecution AttackTactic = "Execution" AttackTacticExfiltration AttackTactic = "Exfiltration" AttackTacticImpact AttackTactic = "Impact" AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" AttackTacticInitialAccess AttackTactic = "InitialAccess" AttackTacticLateralMovement AttackTactic = "LateralMovement" AttackTacticPersistence AttackTactic = "Persistence" AttackTacticPreAttack AttackTactic = "PreAttack" AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" AttackTacticReconnaissance AttackTactic = "Reconnaissance" AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" )
type EntityMapping ¶
type EntityMapping struct {
EntityType *EntityMappingType `json:"entityType,omitempty"`
FieldMappings *[]FieldMapping `json:"fieldMappings,omitempty"`
}
type EntityMappingType ¶
type EntityMappingType string
const ( EntityMappingTypeAccount EntityMappingType = "Account" EntityMappingTypeAzureResource EntityMappingType = "AzureResource" EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" EntityMappingTypeDNS EntityMappingType = "DNS" EntityMappingTypeFile EntityMappingType = "File" EntityMappingTypeFileHash EntityMappingType = "FileHash" EntityMappingTypeHost EntityMappingType = "Host" EntityMappingTypeIP EntityMappingType = "IP" EntityMappingTypeMailCluster EntityMappingType = "MailCluster" EntityMappingTypeMailMessage EntityMappingType = "MailMessage" EntityMappingTypeMailbox EntityMappingType = "Mailbox" EntityMappingTypeMalware EntityMappingType = "Malware" EntityMappingTypeProcess EntityMappingType = "Process" EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" EntityMappingTypeURL EntityMappingType = "URL" )
type EventGroupingAggregationKind ¶
type EventGroupingAggregationKind string
const ( EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" )
type EventGroupingSettings ¶
type EventGroupingSettings struct {
AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}
type FieldMapping ¶
type FusionAlertRule ¶
type FusionAlertRule struct {
Properties *FusionAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (FusionAlertRule) MarshalJSON ¶
func (s FusionAlertRule) MarshalJSON() ([]byte, error)
type FusionAlertRuleProperties ¶
type FusionAlertRuleProperties struct {
AlertRuleTemplateName string `json:"alertRuleTemplateName"`
Description *string `json:"description,omitempty"`
DisplayName *string `json:"displayName,omitempty"`
Enabled bool `json:"enabled"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
ScenarioExclusionPatterns *[]FusionScenarioExclusionPattern `json:"scenarioExclusionPatterns,omitempty"`
Severity *AlertSeverity `json:"severity,omitempty"`
SourceSettings *[]FusionSourceSettings `json:"sourceSettings,omitempty"`
Tactics *[]AttackTactic `json:"tactics,omitempty"`
Techniques *[]string `json:"techniques,omitempty"`
}
func (*FusionAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *FusionAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*FusionAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *FusionAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type FusionSourceSettings ¶
type FusionSourceSettings struct {
Enabled bool `json:"enabled"`
SourceName string `json:"sourceName"`
SourceSubTypes *[]FusionSourceSubTypeSetting `json:"sourceSubTypes,omitempty"`
}
type FusionSourceSubTypeSetting ¶
type FusionSourceSubTypeSetting struct {
Enabled bool `json:"enabled"`
SeverityFilters FusionSubTypeSeverityFilter `json:"severityFilters"`
SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty"`
SourceSubTypeName string `json:"sourceSubTypeName"`
}
type FusionSubTypeSeverityFilter ¶
type FusionSubTypeSeverityFilter struct {
Filters *[]FusionSubTypeSeverityFiltersItem `json:"filters,omitempty"`
IsSupported *bool `json:"isSupported,omitempty"`
}
type FusionSubTypeSeverityFiltersItem ¶
type FusionSubTypeSeverityFiltersItem struct {
Enabled bool `json:"enabled"`
Severity AlertSeverity `json:"severity"`
}
type GroupingConfiguration ¶
type GroupingConfiguration struct {
Enabled bool `json:"enabled"`
GroupByAlertDetails *[]AlertDetail `json:"groupByAlertDetails,omitempty"`
GroupByCustomDetails *[]string `json:"groupByCustomDetails,omitempty"`
GroupByEntities *[]EntityMappingType `json:"groupByEntities,omitempty"`
LookbackDuration string `json:"lookbackDuration"`
MatchingMethod MatchingMethod `json:"matchingMethod"`
ReopenClosedIncident bool `json:"reopenClosedIncident"`
}
type IncidentConfiguration ¶
type IncidentConfiguration struct {
CreateIncident bool `json:"createIncident"`
GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}
type MLBehaviorAnalyticsAlertRule ¶
type MLBehaviorAnalyticsAlertRule struct {
Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (MLBehaviorAnalyticsAlertRule) MarshalJSON ¶
func (s MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error)
type MLBehaviorAnalyticsAlertRuleProperties ¶
type MLBehaviorAnalyticsAlertRuleProperties struct {
AlertRuleTemplateName string `json:"alertRuleTemplateName"`
Description *string `json:"description,omitempty"`
DisplayName *string `json:"displayName,omitempty"`
Enabled bool `json:"enabled"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
Severity *AlertSeverity `json:"severity,omitempty"`
Tactics *[]AttackTactic `json:"tactics,omitempty"`
Techniques *[]string `json:"techniques,omitempty"`
}
func (*MLBehaviorAnalyticsAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *MLBehaviorAnalyticsAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*MLBehaviorAnalyticsAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *MLBehaviorAnalyticsAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type MatchingMethod ¶
type MatchingMethod string
const ( MatchingMethodAllEntities MatchingMethod = "AllEntities" MatchingMethodAnyAlert MatchingMethod = "AnyAlert" MatchingMethodSelected MatchingMethod = "Selected" )
type MicrosoftSecurityIncidentCreationAlertRule ¶
type MicrosoftSecurityIncidentCreationAlertRule struct {
Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON ¶
func (s MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
type MicrosoftSecurityIncidentCreationAlertRuleProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
Description *string `json:"description,omitempty"`
DisplayName string `json:"displayName"`
DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
Enabled bool `json:"enabled"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
ProductFilter MicrosoftSecurityProductName `json:"productFilter"`
SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}
func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type MicrosoftSecurityProductName ¶
type MicrosoftSecurityProductName string
const ( MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" )
type NrtAlertRule ¶
type NrtAlertRule struct {
Properties *NrtAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (NrtAlertRule) MarshalJSON ¶
func (s NrtAlertRule) MarshalJSON() ([]byte, error)
type NrtAlertRuleProperties ¶
type NrtAlertRuleProperties struct {
AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
CustomDetails *map[string]string `json:"customDetails,omitempty"`
Description *string `json:"description,omitempty"`
DisplayName string `json:"displayName"`
Enabled bool `json:"enabled"`
EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
Query string `json:"query"`
SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"`
Severity AlertSeverity `json:"severity"`
SuppressionDuration string `json:"suppressionDuration"`
SuppressionEnabled bool `json:"suppressionEnabled"`
Tactics *[]AttackTactic `json:"tactics,omitempty"`
Techniques *[]string `json:"techniques,omitempty"`
TemplateVersion *string `json:"templateVersion,omitempty"`
}
func (*NrtAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *NrtAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*NrtAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *NrtAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type ScheduledAlertRule ¶
type ScheduledAlertRule struct {
Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (ScheduledAlertRule) MarshalJSON ¶
func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)
type ScheduledAlertRuleProperties ¶
type ScheduledAlertRuleProperties struct {
AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
CustomDetails *map[string]string `json:"customDetails,omitempty"`
Description *string `json:"description,omitempty"`
DisplayName string `json:"displayName"`
Enabled bool `json:"enabled"`
EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
Query string `json:"query"`
QueryFrequency string `json:"queryFrequency"`
QueryPeriod string `json:"queryPeriod"`
SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"`
Severity AlertSeverity `json:"severity"`
SuppressionDuration string `json:"suppressionDuration"`
SuppressionEnabled bool `json:"suppressionEnabled"`
Tactics *[]AttackTactic `json:"tactics,omitempty"`
Techniques *[]string `json:"techniques,omitempty"`
TemplateVersion *string `json:"templateVersion,omitempty"`
TriggerOperator TriggerOperator `json:"triggerOperator"`
TriggerThreshold int64 `json:"triggerThreshold"`
}
func (*ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type SentinelEntityMapping ¶
type SentinelEntityMapping struct {
ColumnName *string `json:"columnName,omitempty"`
}
type ThreatIntelligenceAlertRule ¶
type ThreatIntelligenceAlertRule struct {
Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"`
// Fields inherited from AlertRule
Etag *string `json:"etag,omitempty"`
Id *string `json:"id,omitempty"`
Name *string `json:"name,omitempty"`
SystemData *systemdata.SystemData `json:"systemData,omitempty"`
Type *string `json:"type,omitempty"`
}
func (ThreatIntelligenceAlertRule) MarshalJSON ¶
func (s ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error)
type ThreatIntelligenceAlertRuleProperties ¶
type ThreatIntelligenceAlertRuleProperties struct {
AlertRuleTemplateName string `json:"alertRuleTemplateName"`
Description *string `json:"description,omitempty"`
DisplayName *string `json:"displayName,omitempty"`
Enabled bool `json:"enabled"`
LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"`
Severity *AlertSeverity `json:"severity,omitempty"`
Tactics *[]AttackTactic `json:"tactics,omitempty"`
Techniques *[]string `json:"techniques,omitempty"`
}
func (*ThreatIntelligenceAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *ThreatIntelligenceAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*ThreatIntelligenceAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *ThreatIntelligenceAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type TriggerOperator ¶
type TriggerOperator string
const ( TriggerOperatorEqual TriggerOperator = "Equal" TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" TriggerOperatorLessThan TriggerOperator = "LessThan" TriggerOperatorNotEqual TriggerOperator = "NotEqual" )
type WorkspaceId ¶
WorkspaceId is a struct representing the Resource ID for a Workspace
func NewWorkspaceID ¶
func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId
NewWorkspaceID returns a new WorkspaceId struct
func ParseWorkspaceID ¶
func ParseWorkspaceID(input string) (*WorkspaceId, error)
ParseWorkspaceID parses 'input' into a WorkspaceId
func ParseWorkspaceIDInsensitively ¶
func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error)
ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId note: this method should only be used for API response data and not user input
func (WorkspaceId) Segments ¶
func (id WorkspaceId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Workspace ID
func (WorkspaceId) String ¶
func (id WorkspaceId) String() string
String returns a human-readable description of this Workspace ID
Source Files
¶
- client.go
- constants.go
- id_alertrule.go
- id_workspace.go
- method_alertrulescreateorupdate_autorest.go
- method_alertrulesdelete_autorest.go
- method_alertrulesget_autorest.go
- method_alertruleslist_autorest.go
- model_alertdetailsoverride.go
- model_alertpropertymapping.go
- model_alertrule.go
- model_entitymapping.go
- model_eventgroupingsettings.go
- model_fieldmapping.go
- model_fusionalertrule.go
- model_fusionalertruleproperties.go
- model_fusionscenarioexclusionpattern.go
- model_fusionsourcesettings.go
- model_fusionsourcesubtypesetting.go
- model_fusionsubtypeseverityfilter.go
- model_fusionsubtypeseverityfiltersitem.go
- model_groupingconfiguration.go
- model_incidentconfiguration.go
- model_microsoftsecurityincidentcreationalertrule.go
- model_microsoftsecurityincidentcreationalertruleproperties.go
- model_mlbehavioranalyticsalertrule.go
- model_mlbehavioranalyticsalertruleproperties.go
- model_nrtalertrule.go
- model_nrtalertruleproperties.go
- model_scheduledalertrule.go
- model_scheduledalertruleproperties.go
- model_sentinelentitymapping.go
- model_threatintelligencealertrule.go
- model_threatintelligencealertruleproperties.go
- predicates.go
- version.go
Click to show internal directories.
Click to hide internal directories.