Documentation ¶
Index ¶
- func PossibleValuesForAlertSeverity() []string
- func PossibleValuesForEntityItemQueryKind() []string
- func PossibleValuesForEntityKind() []string
- func PossibleValuesForEntityQueryKind() []string
- func PossibleValuesForEntityTimelineKind() []string
- func PossibleValuesForEntityType() []string
- func PossibleValuesForGetInsightsError() []string
- func PossibleValuesForKillChainIntent() []string
- func PossibleValuesForOutputType() []string
- func ValidateEntityID(input interface{}, key string) (warnings []string, errors []error)
- func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error)
- type ActivityTimelineItem
- type AlertSeverity
- type AnomalyTimelineItem
- type BookmarkTimelineItem
- type EntitiesClient
- func (c EntitiesClient) Expand(ctx context.Context, id EntityId, input EntityExpandParameters) (result ExpandOperationResponse, err error)
- func (c EntitiesClient) Get(ctx context.Context, id EntityId) (result GetOperationResponse, err error)
- func (c EntitiesClient) GetInsights(ctx context.Context, id EntityId, input EntityGetInsightsParameters) (result GetInsightsOperationResponse, err error)
- func (c EntitiesClient) GetTimelinelist(ctx context.Context, id EntityId, input EntityTimelineParameters) (result GetTimelinelistOperationResponse, err error)
- func (c EntitiesClient) List(ctx context.Context, id WorkspaceId) (resp ListOperationResponse, err error)
- func (c EntitiesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
- func (c EntitiesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate EntityOperationPredicate) (resp ListCompleteResult, err error)
- func (c EntitiesClient) Queries(ctx context.Context, id EntityId, options QueriesOperationOptions) (result QueriesOperationResponse, err error)
- type Entity
- type EntityEdges
- type EntityExpandParameters
- type EntityExpandResponse
- type EntityExpandResponseValue
- type EntityGetInsightsParameters
- func (o *EntityGetInsightsParameters) GetEndTimeAsTime() (*time.Time, error)
- func (o *EntityGetInsightsParameters) GetStartTimeAsTime() (*time.Time, error)
- func (o *EntityGetInsightsParameters) SetEndTimeAsTime(input time.Time)
- func (o *EntityGetInsightsParameters) SetStartTimeAsTime(input time.Time)
- type EntityGetInsightsResponse
- type EntityId
- type EntityInsightItem
- type EntityInsightItemQueryTimeInterval
- func (o *EntityInsightItemQueryTimeInterval) GetEndTimeAsTime() (*time.Time, error)
- func (o *EntityInsightItemQueryTimeInterval) GetStartTimeAsTime() (*time.Time, error)
- func (o *EntityInsightItemQueryTimeInterval) SetEndTimeAsTime(input time.Time)
- func (o *EntityInsightItemQueryTimeInterval) SetStartTimeAsTime(input time.Time)
- type EntityItemQueryKind
- type EntityKind
- type EntityOperationPredicate
- type EntityQueryItem
- type EntityQueryItemPropertiesDataTypesInlined
- type EntityQueryKind
- type EntityTimelineItem
- type EntityTimelineKind
- type EntityTimelineParameters
- type EntityTimelineResponse
- type EntityType
- type ExpandOperationResponse
- type ExpansionResultAggregation
- type ExpansionResultsMetadata
- type GetInsightsError
- type GetInsightsErrorKind
- type GetInsightsOperationResponse
- type GetInsightsResultsMetadata
- type GetOperationResponse
- type GetQueriesResponse
- type GetTimelinelistOperationResponse
- type InsightQueryItem
- type InsightQueryItemProperties
- type InsightQueryItemPropertiesAdditionalQuery
- type InsightQueryItemPropertiesDefaultTimeRange
- type InsightQueryItemPropertiesReferenceTimeRange
- type InsightQueryItemPropertiesTableQuery
- type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlinedLinkColumnsDefinitionsInlined
- type InsightsTableResult
- type InsightsTableResultColumnsInlined
- type KillChainIntent
- type ListCompleteResult
- type ListOperationResponse
- type OutputType
- type QueriesOperationOptions
- type QueriesOperationResponse
- type RawEntityQueryItemImpl
- type RawEntityTimelineItemImpl
- type SecurityAlertTimelineItem
- type TimelineAggregation
- type TimelineError
- type TimelineResultsMetadata
- type UserInfo
- type WorkspaceId
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PossibleValuesForAlertSeverity ¶
func PossibleValuesForAlertSeverity() []string
func PossibleValuesForEntityItemQueryKind ¶
func PossibleValuesForEntityItemQueryKind() []string
func PossibleValuesForEntityKind ¶
func PossibleValuesForEntityKind() []string
func PossibleValuesForEntityQueryKind ¶
func PossibleValuesForEntityQueryKind() []string
func PossibleValuesForEntityTimelineKind ¶
func PossibleValuesForEntityTimelineKind() []string
func PossibleValuesForEntityType ¶
func PossibleValuesForEntityType() []string
func PossibleValuesForGetInsightsError ¶
func PossibleValuesForGetInsightsError() []string
func PossibleValuesForKillChainIntent ¶
func PossibleValuesForKillChainIntent() []string
func PossibleValuesForOutputType ¶
func PossibleValuesForOutputType() []string
func ValidateEntityID ¶
ValidateEntityID checks that 'input' can be parsed as a Entity ID
func ValidateWorkspaceID ¶
ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID
Types ¶
type ActivityTimelineItem ¶
type ActivityTimelineItem struct { BucketEndTimeUTC string `json:"bucketEndTimeUTC"` BucketStartTimeUTC string `json:"bucketStartTimeUTC"` Content string `json:"content"` FirstActivityTimeUTC string `json:"firstActivityTimeUTC"` LastActivityTimeUTC string `json:"lastActivityTimeUTC"` QueryId string `json:"queryId"` Title string `json:"title"` }
func (ActivityTimelineItem) MarshalJSON ¶
func (s ActivityTimelineItem) MarshalJSON() ([]byte, error)
type AlertSeverity ¶
type AlertSeverity string
const ( AlertSeverityHigh AlertSeverity = "High" AlertSeverityInformational AlertSeverity = "Informational" AlertSeverityLow AlertSeverity = "Low" AlertSeverityMedium AlertSeverity = "Medium" )
type AnomalyTimelineItem ¶
type AnomalyTimelineItem struct { AzureResourceId string `json:"azureResourceId"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` EndTimeUtc string `json:"endTimeUtc"` Intent *string `json:"intent,omitempty"` ProductName *string `json:"productName,omitempty"` Reasons *[]string `json:"reasons,omitempty"` StartTimeUtc string `json:"startTimeUtc"` Techniques *[]string `json:"techniques,omitempty"` TimeGenerated string `json:"timeGenerated"` Vendor *string `json:"vendor,omitempty"` }
func (AnomalyTimelineItem) MarshalJSON ¶
func (s AnomalyTimelineItem) MarshalJSON() ([]byte, error)
type BookmarkTimelineItem ¶
type BookmarkTimelineItem struct { AzureResourceId string `json:"azureResourceId"` CreatedBy *UserInfo `json:"createdBy,omitempty"` DisplayName *string `json:"displayName,omitempty"` EndTimeUtc *string `json:"endTimeUtc,omitempty"` EventTime *string `json:"eventTime,omitempty"` Labels *[]string `json:"labels,omitempty"` Notes *string `json:"notes,omitempty"` StartTimeUtc *string `json:"startTimeUtc,omitempty"` }
func (BookmarkTimelineItem) MarshalJSON ¶
func (s BookmarkTimelineItem) MarshalJSON() ([]byte, error)
type EntitiesClient ¶
func NewEntitiesClientWithBaseURI ¶
func NewEntitiesClientWithBaseURI(endpoint string) EntitiesClient
func (EntitiesClient) Expand ¶
func (c EntitiesClient) Expand(ctx context.Context, id EntityId, input EntityExpandParameters) (result ExpandOperationResponse, err error)
Expand ...
func (EntitiesClient) Get ¶
func (c EntitiesClient) Get(ctx context.Context, id EntityId) (result GetOperationResponse, err error)
Get ...
func (EntitiesClient) GetInsights ¶
func (c EntitiesClient) GetInsights(ctx context.Context, id EntityId, input EntityGetInsightsParameters) (result GetInsightsOperationResponse, err error)
GetInsights ...
func (EntitiesClient) GetTimelinelist ¶
func (c EntitiesClient) GetTimelinelist(ctx context.Context, id EntityId, input EntityTimelineParameters) (result GetTimelinelistOperationResponse, err error)
GetTimelinelist ...
func (EntitiesClient) List ¶
func (c EntitiesClient) List(ctx context.Context, id WorkspaceId) (resp ListOperationResponse, err error)
List ...
func (EntitiesClient) ListComplete ¶
func (c EntitiesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
ListComplete retrieves all of the results into a single object
func (EntitiesClient) ListCompleteMatchingPredicate ¶
func (c EntitiesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate EntityOperationPredicate) (resp ListCompleteResult, err error)
ListCompleteMatchingPredicate retrieves all of the results and then applied the predicate
func (EntitiesClient) Queries ¶
func (c EntitiesClient) Queries(ctx context.Context, id EntityId, options QueriesOperationOptions) (result QueriesOperationResponse, err error)
Queries ...
type Entity ¶
type Entity struct { Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
type EntityEdges ¶
type EntityExpandParameters ¶
type EntityExpandParameters struct { EndTime *string `json:"endTime,omitempty"` ExpansionId *string `json:"expansionId,omitempty"` StartTime *string `json:"startTime,omitempty"` }
func (*EntityExpandParameters) GetEndTimeAsTime ¶
func (o *EntityExpandParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityExpandParameters) GetStartTimeAsTime ¶
func (o *EntityExpandParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityExpandParameters) SetEndTimeAsTime ¶
func (o *EntityExpandParameters) SetEndTimeAsTime(input time.Time)
func (*EntityExpandParameters) SetStartTimeAsTime ¶
func (o *EntityExpandParameters) SetStartTimeAsTime(input time.Time)
type EntityExpandResponse ¶
type EntityExpandResponse struct { MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` Value *EntityExpandResponseValue `json:"value,omitempty"` }
type EntityExpandResponseValue ¶
type EntityExpandResponseValue struct { Edges *[]EntityEdges `json:"edges,omitempty"` Entities *[]Entity `json:"entities,omitempty"` }
type EntityGetInsightsParameters ¶
type EntityGetInsightsParameters struct { AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"` EndTime string `json:"endTime"` InsightQueryIds *[]string `json:"insightQueryIds,omitempty"` StartTime string `json:"startTime"` }
func (*EntityGetInsightsParameters) GetEndTimeAsTime ¶
func (o *EntityGetInsightsParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityGetInsightsParameters) GetStartTimeAsTime ¶
func (o *EntityGetInsightsParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityGetInsightsParameters) SetEndTimeAsTime ¶
func (o *EntityGetInsightsParameters) SetEndTimeAsTime(input time.Time)
func (*EntityGetInsightsParameters) SetStartTimeAsTime ¶
func (o *EntityGetInsightsParameters) SetStartTimeAsTime(input time.Time)
type EntityGetInsightsResponse ¶
type EntityGetInsightsResponse struct { MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"` Value *[]EntityInsightItem `json:"value,omitempty"` }
type EntityId ¶
type EntityId struct { SubscriptionId string ResourceGroupName string WorkspaceName string EntityId string }
EntityId is a struct representing the Resource ID for a Entity
func NewEntityID ¶
func NewEntityID(subscriptionId string, resourceGroupName string, workspaceName string, entityId string) EntityId
NewEntityID returns a new EntityId struct
func ParseEntityID ¶
ParseEntityID parses 'input' into a EntityId
func ParseEntityIDInsensitively ¶
ParseEntityIDInsensitively parses 'input' case-insensitively into a EntityId note: this method should only be used for API response data and not user input
func (EntityId) Segments ¶
func (id EntityId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Entity ID
type EntityInsightItem ¶
type EntityInsightItem struct { ChartQueryResults *[]InsightsTableResult `json:"chartQueryResults,omitempty"` QueryId *string `json:"queryId,omitempty"` QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"` TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"` }
type EntityInsightItemQueryTimeInterval ¶
type EntityInsightItemQueryTimeInterval struct { EndTime *string `json:"endTime,omitempty"` StartTime *string `json:"startTime,omitempty"` }
func (*EntityInsightItemQueryTimeInterval) GetEndTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) GetEndTimeAsTime() (*time.Time, error)
func (*EntityInsightItemQueryTimeInterval) GetStartTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) GetStartTimeAsTime() (*time.Time, error)
func (*EntityInsightItemQueryTimeInterval) SetEndTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) SetEndTimeAsTime(input time.Time)
func (*EntityInsightItemQueryTimeInterval) SetStartTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) SetStartTimeAsTime(input time.Time)
type EntityItemQueryKind ¶
type EntityItemQueryKind string
const (
EntityItemQueryKindInsight EntityItemQueryKind = "Insight"
)
type EntityKind ¶
type EntityKind string
const ( EntityKindAccount EntityKind = "Account" EntityKindAzureResource EntityKind = "AzureResource" EntityKindBookmark EntityKind = "Bookmark" EntityKindCloudApplication EntityKind = "CloudApplication" EntityKindDnsResolution EntityKind = "DnsResolution" EntityKindFile EntityKind = "File" EntityKindFileHash EntityKind = "FileHash" EntityKindHost EntityKind = "Host" EntityKindIP EntityKind = "Ip" EntityKindIoTDevice EntityKind = "IoTDevice" EntityKindMailCluster EntityKind = "MailCluster" EntityKindMailMessage EntityKind = "MailMessage" EntityKindMailbox EntityKind = "Mailbox" EntityKindMalware EntityKind = "Malware" EntityKindNic EntityKind = "Nic" EntityKindProcess EntityKind = "Process" EntityKindRegistryKey EntityKind = "RegistryKey" EntityKindRegistryValue EntityKind = "RegistryValue" EntityKindSecurityAlert EntityKind = "SecurityAlert" EntityKindSecurityGroup EntityKind = "SecurityGroup" EntityKindSubmissionMail EntityKind = "SubmissionMail" EntityKindUrl EntityKind = "Url" )
type EntityOperationPredicate ¶
func (EntityOperationPredicate) Matches ¶
func (p EntityOperationPredicate) Matches(input Entity) bool
type EntityQueryItem ¶
type EntityQueryItem interface { }
type EntityQueryItemPropertiesDataTypesInlined ¶
type EntityQueryItemPropertiesDataTypesInlined struct {
DataType *string `json:"dataType,omitempty"`
}
type EntityQueryKind ¶
type EntityQueryKind string
const ( EntityQueryKindActivity EntityQueryKind = "Activity" EntityQueryKindExpansion EntityQueryKind = "Expansion" EntityQueryKindInsight EntityQueryKind = "Insight" )
type EntityTimelineItem ¶
type EntityTimelineItem interface { }
type EntityTimelineKind ¶
type EntityTimelineKind string
const ( EntityTimelineKindActivity EntityTimelineKind = "Activity" EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly" EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" )
type EntityTimelineParameters ¶
type EntityTimelineParameters struct { EndTime string `json:"endTime"` Kinds *[]EntityTimelineKind `json:"kinds,omitempty"` NumberOfBucket *int64 `json:"numberOfBucket,omitempty"` StartTime string `json:"startTime"` }
func (*EntityTimelineParameters) GetEndTimeAsTime ¶
func (o *EntityTimelineParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityTimelineParameters) GetStartTimeAsTime ¶
func (o *EntityTimelineParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityTimelineParameters) SetEndTimeAsTime ¶
func (o *EntityTimelineParameters) SetEndTimeAsTime(input time.Time)
func (*EntityTimelineParameters) SetStartTimeAsTime ¶
func (o *EntityTimelineParameters) SetStartTimeAsTime(input time.Time)
type EntityTimelineResponse ¶
type EntityTimelineResponse struct { MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` Value *[]EntityTimelineItem `json:"value,omitempty"` }
func (*EntityTimelineResponse) UnmarshalJSON ¶
func (s *EntityTimelineResponse) UnmarshalJSON(bytes []byte) error
type EntityType ¶
type EntityType string
const ( EntityTypeAccount EntityType = "Account" EntityTypeAzureResource EntityType = "AzureResource" EntityTypeCloudApplication EntityType = "CloudApplication" EntityTypeDNS EntityType = "DNS" EntityTypeFile EntityType = "File" EntityTypeFileHash EntityType = "FileHash" EntityTypeHost EntityType = "Host" EntityTypeHuntingBookmark EntityType = "HuntingBookmark" EntityTypeIP EntityType = "IP" EntityTypeIoTDevice EntityType = "IoTDevice" EntityTypeMailCluster EntityType = "MailCluster" EntityTypeMailMessage EntityType = "MailMessage" EntityTypeMailbox EntityType = "Mailbox" EntityTypeMalware EntityType = "Malware" EntityTypeNic EntityType = "Nic" EntityTypeProcess EntityType = "Process" EntityTypeRegistryKey EntityType = "RegistryKey" EntityTypeRegistryValue EntityType = "RegistryValue" EntityTypeSecurityAlert EntityType = "SecurityAlert" EntityTypeSecurityGroup EntityType = "SecurityGroup" EntityTypeSubmissionMail EntityType = "SubmissionMail" EntityTypeURL EntityType = "URL" )
type ExpandOperationResponse ¶
type ExpandOperationResponse struct { HttpResponse *http.Response Model *EntityExpandResponse }
type ExpansionResultAggregation ¶
type ExpansionResultAggregation struct { AggregationType *string `json:"aggregationType,omitempty"` Count int64 `json:"count"` DisplayName *string `json:"displayName,omitempty"` EntityKind EntityKind `json:"entityKind"` }
type ExpansionResultsMetadata ¶
type ExpansionResultsMetadata struct {
Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}
type GetInsightsError ¶
type GetInsightsError string
const (
GetInsightsErrorInsight GetInsightsError = "Insight"
)
type GetInsightsErrorKind ¶
type GetInsightsErrorKind struct { ErrorMessage string `json:"errorMessage"` Kind GetInsightsError `json:"kind"` QueryId *string `json:"queryId,omitempty"` }
type GetInsightsOperationResponse ¶
type GetInsightsOperationResponse struct { HttpResponse *http.Response Model *EntityGetInsightsResponse }
type GetInsightsResultsMetadata ¶
type GetInsightsResultsMetadata struct { Errors *[]GetInsightsErrorKind `json:"errors,omitempty"` TotalCount int64 `json:"totalCount"` }
type GetOperationResponse ¶
type GetQueriesResponse ¶
type GetQueriesResponse struct {
Value *[]EntityQueryItem `json:"value,omitempty"`
}
func (*GetQueriesResponse) UnmarshalJSON ¶
func (s *GetQueriesResponse) UnmarshalJSON(bytes []byte) error
type GetTimelinelistOperationResponse ¶
type GetTimelinelistOperationResponse struct { HttpResponse *http.Response Model *EntityTimelineResponse }
type InsightQueryItem ¶
type InsightQueryItem struct { Properties *InsightQueryItemProperties `json:"properties,omitempty"` // Fields inherited from EntityQueryItem Id *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` Type *string `json:"type,omitempty"` }
func (InsightQueryItem) MarshalJSON ¶
func (s InsightQueryItem) MarshalJSON() ([]byte, error)
type InsightQueryItemProperties ¶
type InsightQueryItemProperties struct { AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"` BaseQuery *string `json:"baseQuery,omitempty"` ChartQuery *interface{} `json:"chartQuery,omitempty"` DataTypes *[]EntityQueryItemPropertiesDataTypesInlined `json:"dataTypes,omitempty"` DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"` Description *string `json:"description,omitempty"` DisplayName *string `json:"displayName,omitempty"` EntitiesFilter *interface{} `json:"entitiesFilter,omitempty"` InputEntityType *EntityType `json:"inputEntityType,omitempty"` ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"` RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"` TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"` }
type InsightQueryItemPropertiesReferenceTimeRange ¶
type InsightQueryItemPropertiesReferenceTimeRange struct {
BeforeRange *string `json:"beforeRange,omitempty"`
}
type InsightQueryItemPropertiesTableQuery ¶
type InsightQueryItemPropertiesTableQuery struct { ColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined `json:"columnsDefinitions,omitempty"` QueriesDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined `json:"queriesDefinitions,omitempty"` }
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined ¶
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined struct { Header *string `json:"header,omitempty"` OutputType *OutputType `json:"outputType,omitempty"` SupportDeepLink *bool `json:"supportDeepLink,omitempty"` }
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined ¶
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined struct { Filter *string `json:"filter,omitempty"` LinkColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlinedLinkColumnsDefinitionsInlined `json:"linkColumnsDefinitions,omitempty"` Project *string `json:"project,omitempty"` Summarize *string `json:"summarize,omitempty"` }
type InsightsTableResult ¶
type InsightsTableResult struct { Columns *[]InsightsTableResultColumnsInlined `json:"columns,omitempty"` Rows *[][]string `json:"rows,omitempty"` }
type KillChainIntent ¶
type KillChainIntent string
const ( KillChainIntentCollection KillChainIntent = "Collection" KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" KillChainIntentDiscovery KillChainIntent = "Discovery" KillChainIntentExecution KillChainIntent = "Execution" KillChainIntentExfiltration KillChainIntent = "Exfiltration" KillChainIntentExploitation KillChainIntent = "Exploitation" KillChainIntentImpact KillChainIntent = "Impact" KillChainIntentLateralMovement KillChainIntent = "LateralMovement" KillChainIntentPersistence KillChainIntent = "Persistence" KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" KillChainIntentProbing KillChainIntent = "Probing" KillChainIntentUnknown KillChainIntent = "Unknown" )
type ListCompleteResult ¶
type ListCompleteResult struct {
Items []Entity
}
type ListOperationResponse ¶
type ListOperationResponse struct { HttpResponse *http.Response Model *[]Entity // contains filtered or unexported fields }
func (ListOperationResponse) HasMore ¶
func (r ListOperationResponse) HasMore() bool
func (ListOperationResponse) LoadMore ¶
func (r ListOperationResponse) LoadMore(ctx context.Context) (resp ListOperationResponse, err error)
type OutputType ¶
type OutputType string
const ( OutputTypeDate OutputType = "Date" OutputTypeEntity OutputType = "Entity" OutputTypeNumber OutputType = "Number" OutputTypeString OutputType = "String" )
type QueriesOperationOptions ¶
type QueriesOperationOptions struct {
Kind *EntityItemQueryKind
}
func DefaultQueriesOperationOptions ¶
func DefaultQueriesOperationOptions() QueriesOperationOptions
type QueriesOperationResponse ¶
type QueriesOperationResponse struct { HttpResponse *http.Response Model *GetQueriesResponse }
type RawEntityQueryItemImpl ¶ added in v0.20230807.1063129
RawEntityQueryItemImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
type RawEntityTimelineItemImpl ¶ added in v0.20230807.1063129
RawEntityTimelineItemImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
type SecurityAlertTimelineItem ¶
type SecurityAlertTimelineItem struct { AlertType string `json:"alertType"` AzureResourceId string `json:"azureResourceId"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` EndTimeUtc string `json:"endTimeUtc"` Intent *KillChainIntent `json:"intent,omitempty"` ProductName *string `json:"productName,omitempty"` Severity AlertSeverity `json:"severity"` StartTimeUtc string `json:"startTimeUtc"` Techniques *[]string `json:"techniques,omitempty"` TimeGenerated string `json:"timeGenerated"` }
func (SecurityAlertTimelineItem) MarshalJSON ¶
func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)
type TimelineAggregation ¶
type TimelineAggregation struct { Count int64 `json:"count"` Kind EntityTimelineKind `json:"kind"` }
type TimelineError ¶
type TimelineError struct { ErrorMessage string `json:"errorMessage"` Kind EntityTimelineKind `json:"kind"` QueryId *string `json:"queryId,omitempty"` }
type TimelineResultsMetadata ¶
type TimelineResultsMetadata struct { Aggregations []TimelineAggregation `json:"aggregations"` Errors *[]TimelineError `json:"errors,omitempty"` TotalCount int64 `json:"totalCount"` }
type WorkspaceId ¶
WorkspaceId is a struct representing the Resource ID for a Workspace
func NewWorkspaceID ¶
func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId
NewWorkspaceID returns a new WorkspaceId struct
func ParseWorkspaceID ¶
func ParseWorkspaceID(input string) (*WorkspaceId, error)
ParseWorkspaceID parses 'input' into a WorkspaceId
func ParseWorkspaceIDInsensitively ¶
func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error)
ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId note: this method should only be used for API response data and not user input
func (WorkspaceId) Segments ¶
func (id WorkspaceId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Workspace ID
func (WorkspaceId) String ¶
func (id WorkspaceId) String() string
String returns a human-readable description of this Workspace ID
Source Files ¶
- client.go
- constants.go
- id_entity.go
- id_workspace.go
- method_expand_autorest.go
- method_get_autorest.go
- method_getinsights_autorest.go
- method_gettimelinelist_autorest.go
- method_list_autorest.go
- method_queries_autorest.go
- model_activitytimelineitem.go
- model_anomalytimelineitem.go
- model_bookmarktimelineitem.go
- model_entity.go
- model_entityedges.go
- model_entityexpandparameters.go
- model_entityexpandresponse.go
- model_entityexpandresponsevalue.go
- model_entitygetinsightsparameters.go
- model_entitygetinsightsresponse.go
- model_entityinsightitem.go
- model_entityinsightitemquerytimeinterval.go
- model_entityqueryitem.go
- model_entityqueryitempropertiesdatatypesinlined.go
- model_entitytimelineitem.go
- model_entitytimelineparameters.go
- model_entitytimelineresponse.go
- model_expansionresultaggregation.go
- model_expansionresultsmetadata.go
- model_getinsightserrorkind.go
- model_getinsightsresultsmetadata.go
- model_getqueriesresponse.go
- model_insightqueryitem.go
- model_insightqueryitemproperties.go
- model_insightqueryitempropertiesadditionalquery.go
- model_insightqueryitempropertiesdefaulttimerange.go
- model_insightqueryitempropertiesreferencetimerange.go
- model_insightqueryitempropertiestablequery.go
- model_insightqueryitempropertiestablequerycolumnsdefinitionsinlined.go
- model_insightqueryitempropertiestablequeryqueriesdefinitionsinlined.go
- model_insightqueryitempropertiestablequeryqueriesdefinitionsinlinedlinkcolumnsdefinitionsinlined.go
- model_insightstableresult.go
- model_insightstableresultcolumnsinlined.go
- model_securityalerttimelineitem.go
- model_timelineaggregation.go
- model_timelineerror.go
- model_timelineresultsmetadata.go
- model_userinfo.go
- predicates.go
- version.go