incidentalerts

package
v0.20240125.1100331 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2024 License: MPL-2.0 Imports: 11 Imported by: 0

README

github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-08-01/incidentalerts Documentation

The incidentalerts SDK allows for interaction with the Azure Resource Manager Service securityinsights (API Version 2022-08-01).

This readme covers example usages, but further information on using this SDK can be found in the project root.

Import Path

import "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-08-01/incidentalerts"

Client Initialization

client := incidentalerts.NewIncidentAlertsClientWithBaseURI("https://management.azure.com")
client.Client.Authorizer = authorizer

Example Usage: IncidentAlertsClient.IncidentsListAlerts

ctx := context.TODO()
id := incidentalerts.NewIncidentID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceValue", "incidentIdValue")

read, err := client.IncidentsListAlerts(ctx, id)
if err != nil {
	// handle the error
}
if model := read.Model; model != nil {
	// do something with the model/response object
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PossibleValuesForAlertSeverity

func PossibleValuesForAlertSeverity() []string

func PossibleValuesForAlertStatus

func PossibleValuesForAlertStatus() []string

func PossibleValuesForAttackTactic

func PossibleValuesForAttackTactic() []string

func PossibleValuesForConfidenceLevel

func PossibleValuesForConfidenceLevel() []string

func PossibleValuesForConfidenceScoreStatus

func PossibleValuesForConfidenceScoreStatus() []string

func PossibleValuesForEntityKindEnum

func PossibleValuesForEntityKindEnum() []string

func PossibleValuesForIncidentSeverity

func PossibleValuesForIncidentSeverity() []string

func PossibleValuesForKillChainIntent

func PossibleValuesForKillChainIntent() []string

func ValidateIncidentID

func ValidateIncidentID(input interface{}, key string) (warnings []string, errors []error)

ValidateIncidentID checks that 'input' can be parsed as a Incident ID

Types

type AlertSeverity

type AlertSeverity string
const (
	AlertSeverityHigh          AlertSeverity = "High"
	AlertSeverityInformational AlertSeverity = "Informational"
	AlertSeverityLow           AlertSeverity = "Low"
	AlertSeverityMedium        AlertSeverity = "Medium"
)

type AlertStatus

type AlertStatus string
const (
	AlertStatusDismissed  AlertStatus = "Dismissed"
	AlertStatusInProgress AlertStatus = "InProgress"
	AlertStatusNew        AlertStatus = "New"
	AlertStatusResolved   AlertStatus = "Resolved"
	AlertStatusUnknown    AlertStatus = "Unknown"
)

type AttackTactic

type AttackTactic string
const (
	AttackTacticCollection              AttackTactic = "Collection"
	AttackTacticCommandAndControl       AttackTactic = "CommandAndControl"
	AttackTacticCredentialAccess        AttackTactic = "CredentialAccess"
	AttackTacticDefenseEvasion          AttackTactic = "DefenseEvasion"
	AttackTacticDiscovery               AttackTactic = "Discovery"
	AttackTacticExecution               AttackTactic = "Execution"
	AttackTacticExfiltration            AttackTactic = "Exfiltration"
	AttackTacticImpact                  AttackTactic = "Impact"
	AttackTacticImpairProcessControl    AttackTactic = "ImpairProcessControl"
	AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction"
	AttackTacticInitialAccess           AttackTactic = "InitialAccess"
	AttackTacticLateralMovement         AttackTactic = "LateralMovement"
	AttackTacticPersistence             AttackTactic = "Persistence"
	AttackTacticPreAttack               AttackTactic = "PreAttack"
	AttackTacticPrivilegeEscalation     AttackTactic = "PrivilegeEscalation"
	AttackTacticReconnaissance          AttackTactic = "Reconnaissance"
	AttackTacticResourceDevelopment     AttackTactic = "ResourceDevelopment"
)

type ConfidenceLevel

type ConfidenceLevel string
const (
	ConfidenceLevelHigh    ConfidenceLevel = "High"
	ConfidenceLevelLow     ConfidenceLevel = "Low"
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

type ConfidenceScoreStatus

type ConfidenceScoreStatus string
const (
	ConfidenceScoreStatusFinal         ConfidenceScoreStatus = "Final"
	ConfidenceScoreStatusInProcess     ConfidenceScoreStatus = "InProcess"
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	ConfidenceScoreStatusNotFinal      ConfidenceScoreStatus = "NotFinal"
)

type Entity

type Entity interface {
}

type EntityKindEnum

type EntityKindEnum string
const (
	EntityKindEnumAccount          EntityKindEnum = "Account"
	EntityKindEnumAzureResource    EntityKindEnum = "AzureResource"
	EntityKindEnumBookmark         EntityKindEnum = "Bookmark"
	EntityKindEnumCloudApplication EntityKindEnum = "CloudApplication"
	EntityKindEnumDnsResolution    EntityKindEnum = "DnsResolution"
	EntityKindEnumFile             EntityKindEnum = "File"
	EntityKindEnumFileHash         EntityKindEnum = "FileHash"
	EntityKindEnumHost             EntityKindEnum = "Host"
	EntityKindEnumIP               EntityKindEnum = "Ip"
	EntityKindEnumIoTDevice        EntityKindEnum = "IoTDevice"
	EntityKindEnumMailCluster      EntityKindEnum = "MailCluster"
	EntityKindEnumMailMessage      EntityKindEnum = "MailMessage"
	EntityKindEnumMailbox          EntityKindEnum = "Mailbox"
	EntityKindEnumMalware          EntityKindEnum = "Malware"
	EntityKindEnumProcess          EntityKindEnum = "Process"
	EntityKindEnumRegistryKey      EntityKindEnum = "RegistryKey"
	EntityKindEnumRegistryValue    EntityKindEnum = "RegistryValue"
	EntityKindEnumSecurityAlert    EntityKindEnum = "SecurityAlert"
	EntityKindEnumSecurityGroup    EntityKindEnum = "SecurityGroup"
	EntityKindEnumSubmissionMail   EntityKindEnum = "SubmissionMail"
	EntityKindEnumUrl              EntityKindEnum = "Url"
)

type HuntingBookmark

type HuntingBookmark struct {
	Properties *HuntingBookmarkProperties `json:"properties,omitempty"`

	// Fields inherited from Entity
	Id         *string                `json:"id,omitempty"`
	Name       *string                `json:"name,omitempty"`
	SystemData *systemdata.SystemData `json:"systemData,omitempty"`
	Type       *string                `json:"type,omitempty"`
}

func (HuntingBookmark) MarshalJSON

func (s HuntingBookmark) MarshalJSON() ([]byte, error)

type HuntingBookmarkProperties

type HuntingBookmarkProperties struct {
	AdditionalData *map[string]interface{} `json:"additionalData,omitempty"`
	Created        *string                 `json:"created,omitempty"`
	CreatedBy      *UserInfo               `json:"createdBy,omitempty"`
	DisplayName    string                  `json:"displayName"`
	EventTime      *string                 `json:"eventTime,omitempty"`
	FriendlyName   *string                 `json:"friendlyName,omitempty"`
	IncidentInfo   *IncidentInfo           `json:"incidentInfo,omitempty"`
	Labels         *[]string               `json:"labels,omitempty"`
	Notes          *string                 `json:"notes,omitempty"`
	Query          string                  `json:"query"`
	QueryResult    *string                 `json:"queryResult,omitempty"`
	Updated        *string                 `json:"updated,omitempty"`
	UpdatedBy      *UserInfo               `json:"updatedBy,omitempty"`
}

func (*HuntingBookmarkProperties) GetCreatedAsTime

func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) GetEventTimeAsTime

func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) GetUpdatedAsTime

func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)

func (*HuntingBookmarkProperties) SetCreatedAsTime

func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)

func (*HuntingBookmarkProperties) SetEventTimeAsTime

func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)

func (*HuntingBookmarkProperties) SetUpdatedAsTime

func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)

type IncidentAlertList

type IncidentAlertList struct {
	Value []SecurityAlert `json:"value"`
}

type IncidentAlertsClient

type IncidentAlertsClient struct {
	Client autorest.Client
	// contains filtered or unexported fields
}

func NewIncidentAlertsClientWithBaseURI

func NewIncidentAlertsClientWithBaseURI(endpoint string) IncidentAlertsClient

func (IncidentAlertsClient) IncidentsListAlerts

func (c IncidentAlertsClient) IncidentsListAlerts(ctx context.Context, id IncidentId) (result IncidentsListAlertsOperationResponse, err error)

IncidentsListAlerts ...

type IncidentId

type IncidentId struct {
	SubscriptionId    string
	ResourceGroupName string
	WorkspaceName     string
	IncidentId        string
}

IncidentId is a struct representing the Resource ID for a Incident

func NewIncidentID

func NewIncidentID(subscriptionId string, resourceGroupName string, workspaceName string, incidentId string) IncidentId

NewIncidentID returns a new IncidentId struct

func ParseIncidentID

func ParseIncidentID(input string) (*IncidentId, error)

ParseIncidentID parses 'input' into a IncidentId

func ParseIncidentIDInsensitively

func ParseIncidentIDInsensitively(input string) (*IncidentId, error)

ParseIncidentIDInsensitively parses 'input' case-insensitively into a IncidentId note: this method should only be used for API response data and not user input

func (*IncidentId) FromParseResult added in v0.20231127.1171502

func (id *IncidentId) FromParseResult(input resourceids.ParseResult) error

func (IncidentId) ID

func (id IncidentId) ID() string

ID returns the formatted Incident ID

func (IncidentId) Segments

func (id IncidentId) Segments() []resourceids.Segment

Segments returns a slice of Resource ID Segments which comprise this Incident ID

func (IncidentId) String

func (id IncidentId) String() string

String returns a human-readable description of this Incident ID

type IncidentInfo

type IncidentInfo struct {
	IncidentId   *string           `json:"incidentId,omitempty"`
	RelationName *string           `json:"relationName,omitempty"`
	Severity     *IncidentSeverity `json:"severity,omitempty"`
	Title        *string           `json:"title,omitempty"`
}

type IncidentSeverity

type IncidentSeverity string
const (
	IncidentSeverityHigh          IncidentSeverity = "High"
	IncidentSeverityInformational IncidentSeverity = "Informational"
	IncidentSeverityLow           IncidentSeverity = "Low"
	IncidentSeverityMedium        IncidentSeverity = "Medium"
)

type IncidentsListAlertsOperationResponse

type IncidentsListAlertsOperationResponse struct {
	HttpResponse *http.Response
	Model        *IncidentAlertList
}

type KillChainIntent

type KillChainIntent string
const (
	KillChainIntentCollection          KillChainIntent = "Collection"
	KillChainIntentCommandAndControl   KillChainIntent = "CommandAndControl"
	KillChainIntentCredentialAccess    KillChainIntent = "CredentialAccess"
	KillChainIntentDefenseEvasion      KillChainIntent = "DefenseEvasion"
	KillChainIntentDiscovery           KillChainIntent = "Discovery"
	KillChainIntentExecution           KillChainIntent = "Execution"
	KillChainIntentExfiltration        KillChainIntent = "Exfiltration"
	KillChainIntentExploitation        KillChainIntent = "Exploitation"
	KillChainIntentImpact              KillChainIntent = "Impact"
	KillChainIntentLateralMovement     KillChainIntent = "LateralMovement"
	KillChainIntentPersistence         KillChainIntent = "Persistence"
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	KillChainIntentProbing             KillChainIntent = "Probing"
	KillChainIntentUnknown             KillChainIntent = "Unknown"
)

type RawEntityImpl added in v0.20230807.1063129

type RawEntityImpl struct {
	Type   string
	Values map[string]interface{}
}

RawEntityImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).

type SecurityAlert

type SecurityAlert struct {
	Properties *SecurityAlertProperties `json:"properties,omitempty"`

	// Fields inherited from Entity
	Id         *string                `json:"id,omitempty"`
	Name       *string                `json:"name,omitempty"`
	SystemData *systemdata.SystemData `json:"systemData,omitempty"`
	Type       *string                `json:"type,omitempty"`
}

func (SecurityAlert) MarshalJSON

func (s SecurityAlert) MarshalJSON() ([]byte, error)

type SecurityAlertProperties

type SecurityAlertProperties struct {
	AdditionalData        *map[string]interface{}                            `json:"additionalData,omitempty"`
	AlertDisplayName      *string                                            `json:"alertDisplayName,omitempty"`
	AlertLink             *string                                            `json:"alertLink,omitempty"`
	AlertType             *string                                            `json:"alertType,omitempty"`
	CompromisedEntity     *string                                            `json:"compromisedEntity,omitempty"`
	ConfidenceLevel       *ConfidenceLevel                                   `json:"confidenceLevel,omitempty"`
	ConfidenceReasons     *[]SecurityAlertPropertiesConfidenceReasonsInlined `json:"confidenceReasons,omitempty"`
	ConfidenceScore       *float64                                           `json:"confidenceScore,omitempty"`
	ConfidenceScoreStatus *ConfidenceScoreStatus                             `json:"confidenceScoreStatus,omitempty"`
	Description           *string                                            `json:"description,omitempty"`
	EndTimeUtc            *string                                            `json:"endTimeUtc,omitempty"`
	FriendlyName          *string                                            `json:"friendlyName,omitempty"`
	Intent                *KillChainIntent                                   `json:"intent,omitempty"`
	ProcessingEndTime     *string                                            `json:"processingEndTime,omitempty"`
	ProductComponentName  *string                                            `json:"productComponentName,omitempty"`
	ProductName           *string                                            `json:"productName,omitempty"`
	ProductVersion        *string                                            `json:"productVersion,omitempty"`
	ProviderAlertId       *string                                            `json:"providerAlertId,omitempty"`
	RemediationSteps      *[]string                                          `json:"remediationSteps,omitempty"`
	ResourceIdentifiers   *[]interface{}                                     `json:"resourceIdentifiers,omitempty"`
	Severity              *AlertSeverity                                     `json:"severity,omitempty"`
	StartTimeUtc          *string                                            `json:"startTimeUtc,omitempty"`
	Status                *AlertStatus                                       `json:"status,omitempty"`
	SystemAlertId         *string                                            `json:"systemAlertId,omitempty"`
	Tactics               *[]AttackTactic                                    `json:"tactics,omitempty"`
	TimeGenerated         *string                                            `json:"timeGenerated,omitempty"`
	VendorName            *string                                            `json:"vendorName,omitempty"`
}

func (*SecurityAlertProperties) GetEndTimeUtcAsTime

func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetProcessingEndTimeAsTime

func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetStartTimeUtcAsTime

func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)

func (*SecurityAlertProperties) GetTimeGeneratedAsTime

func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)

func (*SecurityAlertProperties) SetEndTimeUtcAsTime

func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)

func (*SecurityAlertProperties) SetProcessingEndTimeAsTime

func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)

func (*SecurityAlertProperties) SetStartTimeUtcAsTime

func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)

func (*SecurityAlertProperties) SetTimeGeneratedAsTime

func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)

type SecurityAlertPropertiesConfidenceReasonsInlined

type SecurityAlertPropertiesConfidenceReasonsInlined struct {
	Reason     *string `json:"reason,omitempty"`
	ReasonType *string `json:"reasonType,omitempty"`
}

type UserInfo

type UserInfo struct {
	Email    *string `json:"email,omitempty"`
	Name     *string `json:"name,omitempty"`
	ObjectId *string `json:"objectId,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL