securityinsight

package
v48.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Constants

View Source
const (
	// DefaultBaseURI is the default URI used for the service Securityinsight
	DefaultBaseURI = "https://management.azure.com"
)

Variables

This section is empty.

Functions

func UserAgent

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AADCheckRequirements

type AADCheckRequirements struct {
	// AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.
	*AADCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AADCheckRequirements represents AAD (Azure Active Directory) requirements check request.

func (AADCheckRequirements) AsAADCheckRequirements

func (acr AADCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAATPCheckRequirements

func (acr AADCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsASCCheckRequirements

func (acr AADCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAwsCloudTrailCheckRequirements

func (acr AADCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (acr AADCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsDataConnectorsCheckRequirements

func (acr AADCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMCASCheckRequirements

func (acr AADCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMDATPCheckRequirements

func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsOfficeATPCheckRequirements

func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTICheckRequirements

func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTiTaxiiCheckRequirements

func (acr AADCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) MarshalJSON

func (acr AADCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADCheckRequirements.

func (*AADCheckRequirements) UnmarshalJSON

func (acr *AADCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADCheckRequirements struct.

type AADCheckRequirementsProperties

type AADCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AADCheckRequirementsProperties AAD (Azure Active Directory) requirements check properties.

type AADDataConnector

type AADDataConnector struct {
	// AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
	*AADDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeATPDataConnector

func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTiTaxiiDataConnector

func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties

type AADDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPCheckRequirements

type AATPCheckRequirements struct {
	// AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.
	*AATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AATPCheckRequirements represents AATP (Azure Advanced Threat Protection) requirements check request.

func (AATPCheckRequirements) AsAADCheckRequirements

func (acr AATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAATPCheckRequirements

func (acr AATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsASCCheckRequirements

func (acr AATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAwsCloudTrailCheckRequirements

func (acr AATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (acr AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsDataConnectorsCheckRequirements

func (acr AATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMCASCheckRequirements

func (acr AATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMDATPCheckRequirements

func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsOfficeATPCheckRequirements

func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTICheckRequirements

func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTiTaxiiCheckRequirements

func (acr AATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) MarshalJSON

func (acr AATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPCheckRequirements.

func (*AATPCheckRequirements) UnmarshalJSON

func (acr *AATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPCheckRequirements struct.

type AATPCheckRequirementsProperties

type AATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AATPCheckRequirementsProperties AATP (Azure Advanced Threat Protection) requirements check properties.

type AATPDataConnector

type AATPDataConnector struct {
	// AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
	*AATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeATPDataConnector

func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTiTaxiiDataConnector

func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties

type AATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type ASCCheckRequirements

type ASCCheckRequirements struct {
	// ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.
	*ASCCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

ASCCheckRequirements represents ASC (Azure Security Center) requirements check request.

func (ASCCheckRequirements) AsAADCheckRequirements

func (acr ASCCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAATPCheckRequirements

func (acr ASCCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsASCCheckRequirements

func (acr ASCCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAwsCloudTrailCheckRequirements

func (acr ASCCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (acr ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsDataConnectorsCheckRequirements

func (acr ASCCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMCASCheckRequirements

func (acr ASCCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMDATPCheckRequirements

func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsOfficeATPCheckRequirements

func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTICheckRequirements

func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTiTaxiiCheckRequirements

func (acr ASCCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) MarshalJSON

func (acr ASCCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCCheckRequirements.

func (*ASCCheckRequirements) UnmarshalJSON

func (acr *ASCCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCCheckRequirements struct.

type ASCCheckRequirementsProperties

type ASCCheckRequirementsProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCCheckRequirementsProperties ASC (Azure Security Center) requirements check properties.

type ASCDataConnector

type ASCDataConnector struct {
	// ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
	*ASCDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeATPDataConnector

func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTiTaxiiDataConnector

func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties

type ASCDataConnectorProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.

type AccountEntity

type AccountEntity struct {
	// AccountEntityProperties - Account entity properties
	*AccountEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AccountEntity represents an account entity.

func (AccountEntity) AsAccountEntity

func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsAzureResourceEntity

func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsBasicEntity

func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsCloudApplicationEntity

func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsDNSEntity

func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsEntity

func (ae AccountEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileEntity

func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileHashEntity

func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHostEntity

func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHuntingBookmark

func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIPEntity

func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIoTDeviceEntity

func (ae AccountEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMalwareEntity

func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsProcessEntity

func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryKeyEntity

func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryValueEntity

func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityAlert

func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityGroupEntity

func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsURLEntity

func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) MarshalJSON

func (ae AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntity.

func (*AccountEntity) UnmarshalJSON

func (ae *AccountEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AccountEntity struct.

type AccountEntityProperties

type AccountEntityProperties struct {
	// AadTenantID - READ-ONLY; The Azure Active Directory tenant id.
	AadTenantID *string `json:"aadTenantId,omitempty"`
	// AadUserID - READ-ONLY; The Azure Active Directory user id.
	AadUserID *string `json:"aadUserId,omitempty"`
	// AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty"`
	// DisplayName - READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty"`
	// ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Puid - READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty"`
	// Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty"`
	// UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty"`
	// DNSDomain - READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AccountEntityProperties account entity property bag.

func (AccountEntityProperties) MarshalJSON

func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntityProperties.

type ActionPropertiesBase

type ActionPropertiesBase struct {
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionPropertiesBase action property bag base.

type ActionRequest

type ActionRequest struct {
	// ActionRequestProperties - Action properties for put request
	*ActionRequestProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ActionRequest action for alert rule.

func (ActionRequest) MarshalJSON

func (ar ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionRequest.

func (*ActionRequest) UnmarshalJSON

func (ar *ActionRequest) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionRequest struct.

type ActionRequestProperties

type ActionRequestProperties struct {
	// TriggerURI - Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionRequestProperties action property bag.

type ActionResponse

type ActionResponse struct {
	autorest.Response `json:"-"`
	// Etag - Etag of the action.
	Etag *string `json:"etag,omitempty"`
	// ActionResponseProperties - Action properties for get request
	*ActionResponseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

ActionResponse action for alert rule.

func (ActionResponse) MarshalJSON

func (ar ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionResponse.

func (*ActionResponse) UnmarshalJSON

func (ar *ActionResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionResponse struct.

type ActionResponseProperties

type ActionResponseProperties struct {
	// WorkflowID - The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionResponseProperties action property bag.

type ActionsClient

type ActionsClient struct {
	BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ActionsClient) ListByAlertRule

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList

type ActionsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of actions.
	Value *[]ActionResponse `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ActionsList) MarshalJSON

func (al ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionsList.

type ActionsListIterator

type ActionsListIterator struct {
	// contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of ActionResponse values.

func NewActionsListIterator

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value

func (iter ActionsListIterator) Value() ActionResponse

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage

type ActionsListPage struct {
	// contains filtered or unexported fields
}

ActionsListPage contains a page of ActionResponse values.

func NewActionsListPage

func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values

func (page ActionsListPage) Values() []ActionResponse

Values returns the slice of values for the current page or nil if there are no values.

type ActivityTimelineItem

type ActivityTimelineItem struct {
	// QueryID - The activity query id.
	QueryID *string `json:"queryId,omitempty"`
	// BucketStartTimeUTC - The grouping bucket start time.
	BucketStartTimeUTC *date.Time `json:"bucketStartTimeUTC,omitempty"`
	// BucketEndTimeUTC - The grouping bucket end time.
	BucketEndTimeUTC *date.Time `json:"bucketEndTimeUTC,omitempty"`
	// FirstActivityTimeUTC - The time of the first activity in the grouping bucket.
	FirstActivityTimeUTC *date.Time `json:"firstActivityTimeUTC,omitempty"`
	// LastActivityTimeUTC - The time of the last activity in the grouping bucket.
	LastActivityTimeUTC *date.Time `json:"lastActivityTimeUTC,omitempty"`
	// Content - The activity timeline content.
	Content *string `json:"content,omitempty"`
	// Title - The activity timeline title.
	Title *string `json:"title,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

ActivityTimelineItem represents Activity timeline item.

func (ActivityTimelineItem) AsActivityTimelineItem

func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBasicEntityTimelineItem

func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBookmarkTimelineItem

func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsEntityTimelineItem

func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsSecurityAlertTimelineItem

func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) MarshalJSON

func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityTimelineItem.

type Aggregations

type Aggregations struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

Aggregations the aggregation.

func (Aggregations) AsAggregations

func (a Aggregations) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsBasicAggregations

func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsCasesAggregation

func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for Aggregations.

func (Aggregations) MarshalJSON

func (a Aggregations) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Aggregations.

type AggregationsKind

type AggregationsKind struct {
	// Kind - The kind of the setting
	Kind *string `json:"kind,omitempty"`
}

AggregationsKind describes an Azure resource with kind.

type AggregationsModel

type AggregationsModel struct {
	autorest.Response `json:"-"`
	Value             BasicAggregations `json:"value,omitempty"`
}

AggregationsModel ...

func (*AggregationsModel) UnmarshalJSON

func (am *AggregationsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.

type AlertRule

type AlertRule struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsFusionAlertRule

func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind.

const (
	// Fusion ...
	Fusion AlertRuleKind = "Fusion"
	// MicrosoftSecurityIncidentCreation ...
	MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	// Scheduled ...
	Scheduled AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleKind1

type AlertRuleKind1 struct {
	// Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion'
	Kind AlertRuleKind `json:"kind,omitempty"`
}

AlertRuleKind1 describes an Azure resource with kind.

type AlertRuleModel

type AlertRuleModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate

type AlertRuleTemplate struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateDataSource

type AlertRuleTemplateDataSource struct {
	// ConnectorID - The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`
	// DataTypes - The data types used by the alert rule template
	DataTypes *[]string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource alert rule template data sources

type AlertRuleTemplateModel

type AlertRuleTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatePropertiesBase

type AlertRuleTemplatePropertiesBase struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

AlertRuleTemplatePropertiesBase base alert rule template property bag.

func (AlertRuleTemplatePropertiesBase) MarshalJSON

func (artpb AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatePropertiesBase.

type AlertRuleTemplatesClient

type AlertRuleTemplatesClient struct {
	BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRuleTemplatesClient) Get

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList

type AlertRuleTemplatesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rule templates.
	Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRuleTemplatesList) MarshalJSON

func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator

type AlertRuleTemplatesListIterator struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage

type AlertRuleTemplatesListPage struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient

type AlertRulesClient struct {
	BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRulesClient) CreateOrUpdate

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdateAction

func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)

CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (AlertRulesClient) CreateOrUpdateActionPreparer

func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)

CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.

func (AlertRulesClient) CreateOrUpdateActionResponder

func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)

CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateActionSender

func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)

CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) CreateOrUpdatePreparer

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeleteAction

func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) DeleteActionPreparer

func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeleteActionPreparer prepares the DeleteAction request.

func (AlertRulesClient) DeleteActionResponder

func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)

DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteActionSender

func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)

DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) DeletePreparer

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetAction

func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)

GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) GetActionPreparer

func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetActionPreparer prepares the GetAction request.

func (AlertRulesClient) GetActionResponder

func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)

GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.

func (AlertRulesClient) GetActionSender

func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)

GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) GetPreparer

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList

type AlertRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rules.
	Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRulesList) MarshalJSON

func (arl AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRulesList.

func (*AlertRulesList) UnmarshalJSON

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator

type AlertRulesListIterator struct {
	// contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage

type AlertRulesListPage struct {
	// contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage

func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity

type AlertSeverity string

AlertSeverity enumerates the values for alert severity.

const (
	// High High severity
	High AlertSeverity = "High"
	// Informational Informational severity
	Informational AlertSeverity = "Informational"
	// Low Low severity
	Low AlertSeverity = "Low"
	// Medium Medium severity
	Medium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertStatus

type AlertStatus string

AlertStatus enumerates the values for alert status.

const (
	// AlertStatusDismissed Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector

type AlertsDataTypeOfDataConnector struct {
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type AlertsDataTypeOfDataConnectorAlerts

type AlertsDataTypeOfDataConnectorAlerts struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AlertsDataTypeOfDataConnectorAlerts alerts data type connection.

type AttackTactic

type AttackTactic string

AttackTactic enumerates the values for attack tactic.

const (
	// Collection ...
	Collection AttackTactic = "Collection"
	// CommandAndControl ...
	CommandAndControl AttackTactic = "CommandAndControl"
	// CredentialAccess ...
	CredentialAccess AttackTactic = "CredentialAccess"
	// DefenseEvasion ...
	DefenseEvasion AttackTactic = "DefenseEvasion"
	// Discovery ...
	Discovery AttackTactic = "Discovery"
	// Execution ...
	Execution AttackTactic = "Execution"
	// Exfiltration ...
	Exfiltration AttackTactic = "Exfiltration"
	// Impact ...
	Impact AttackTactic = "Impact"
	// InitialAccess ...
	InitialAccess AttackTactic = "InitialAccess"
	// LateralMovement ...
	LateralMovement AttackTactic = "LateralMovement"
	// Persistence ...
	Persistence AttackTactic = "Persistence"
	// PreAttack ...
	PreAttack AttackTactic = "PreAttack"
	// PrivilegeEscalation ...
	PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AwsCloudTrailCheckRequirements

type AwsCloudTrailCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request.

func (AwsCloudTrailCheckRequirements) AsAADCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAATPCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsASCCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMCASCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTICheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements

func (actcr AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) MarshalJSON

func (actcr AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailCheckRequirements.

type AwsCloudTrailDataConnector

type AwsCloudTrailDataConnector struct {
	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeATPDataConnector

func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTiTaxiiDataConnector

func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties

type AwsCloudTrailDataConnectorProperties struct {
	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type AzureResourceEntity

type AzureResourceEntity struct {
	// AzureResourceEntityProperties - AzureResource entity properties
	*AzureResourceEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AzureResourceEntity represents an azure resource entity.

func (AzureResourceEntity) AsAccountEntity

func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsAzureResourceEntity

func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsBasicEntity

func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsCloudApplicationEntity

func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsDNSEntity

func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsEntity

func (are AzureResourceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileEntity

func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileHashEntity

func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHostEntity

func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHuntingBookmark

func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIPEntity

func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIoTDeviceEntity

func (are AzureResourceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMalwareEntity

func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsProcessEntity

func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryKeyEntity

func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryValueEntity

func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityAlert

func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityGroupEntity

func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsURLEntity

func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON

func (are AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON

func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.

type AzureResourceEntityProperties

type AzureResourceEntityProperties struct {
	// ResourceID - READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty"`
	// SubscriptionID - READ-ONLY; The subscription id of the resource
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AzureResourceEntityProperties azureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON

func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntityProperties.

type BaseClient

type BaseClient struct {
	autorest.Client
	BaseURI        string
	SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

type BasicAggregations

type BasicAggregations interface {
	AsCasesAggregation() (*CasesAggregation, bool)
	AsAggregations() (*Aggregations, bool)
}

BasicAggregations the aggregation.

type BasicAlertRule

type BasicAlertRule interface {
	AsFusionAlertRule() (*FusionAlertRule, bool)
	AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
	AsScheduledAlertRule() (*ScheduledAlertRule, bool)
	AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate

type BasicAlertRuleTemplate interface {
	AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
	AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
	AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
	AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicDataConnector

type BasicDataConnector interface {
	AsAADDataConnector() (*AADDataConnector, bool)
	AsAATPDataConnector() (*AATPDataConnector, bool)
	AsASCDataConnector() (*ASCDataConnector, bool)
	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
	AsMCASDataConnector() (*MCASDataConnector, bool)
	AsMDATPDataConnector() (*MDATPDataConnector, bool)
	AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
	AsOfficeDataConnector() (*OfficeDataConnector, bool)
	AsTIDataConnector() (*TIDataConnector, bool)
	AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
	AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector.

type BasicDataConnectorsCheckRequirements

type BasicDataConnectorsCheckRequirements interface {
	AsAADCheckRequirements() (*AADCheckRequirements, bool)
	AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
	AsASCCheckRequirements() (*ASCCheckRequirements, bool)
	AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
	AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
	AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
	AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
	AsTICheckRequirements() (*TICheckRequirements, bool)
	AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
	AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
}

BasicDataConnectorsCheckRequirements data connector requirements properties.

type BasicEntity

type BasicEntity interface {
	AsAccountEntity() (*AccountEntity, bool)
	AsAzureResourceEntity() (*AzureResourceEntity, bool)
	AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
	AsDNSEntity() (*DNSEntity, bool)
	AsFileEntity() (*FileEntity, bool)
	AsFileHashEntity() (*FileHashEntity, bool)
	AsHostEntity() (*HostEntity, bool)
	AsHuntingBookmark() (*HuntingBookmark, bool)
	AsSecurityAlert() (*SecurityAlert, bool)
	AsIPEntity() (*IPEntity, bool)
	AsMalwareEntity() (*MalwareEntity, bool)
	AsProcessEntity() (*ProcessEntity, bool)
	AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
	AsRegistryValueEntity() (*RegistryValueEntity, bool)
	AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
	AsURLEntity() (*URLEntity, bool)
	AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
	AsEntity() (*Entity, bool)
}

BasicEntity specific entity.

type BasicEntityTimelineItem

type BasicEntityTimelineItem interface {
	AsActivityTimelineItem() (*ActivityTimelineItem, bool)
	AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
	AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
	AsEntityTimelineItem() (*EntityTimelineItem, bool)
}

BasicEntityTimelineItem entity timeline Item.

type BasicSettings

type BasicSettings interface {
	AsEyesOn() (*EyesOn, bool)
	AsEntityAnalytics() (*EntityAnalytics, bool)
	AsUeba() (*Ueba, bool)
	AsSettings() (*Settings, bool)
}

BasicSettings the Setting.

type BasicThreatIntelligenceInformation

type BasicThreatIntelligenceInformation interface {
	AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
	AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
}

BasicThreatIntelligenceInformation threat intelligence information object.

type Bookmark

type Bookmark struct {
	autorest.Response `json:"-"`
	// BookmarkProperties - Bookmark properties
	*BookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkClient

type BookmarkClient struct {
	BaseClient
}

BookmarkClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkClient

func NewBookmarkClient(subscriptionID string) BookmarkClient

NewBookmarkClient creates an instance of the BookmarkClient client.

func NewBookmarkClientWithBaseURI

func NewBookmarkClientWithBaseURI(baseURI string, subscriptionID string) BookmarkClient

NewBookmarkClientWithBaseURI creates an instance of the BookmarkClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkClient) Expand

func (client BookmarkClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (result BookmarkExpandResponse, err error)

Expand expand an bookmark Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID parameters - the parameters required to execute an expand operation on the given bookmark.

func (BookmarkClient) ExpandPreparer

func (client BookmarkClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (BookmarkClient) ExpandResponder

func (client BookmarkClient) ExpandResponder(resp *http.Response) (result BookmarkExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (BookmarkClient) ExpandSender

func (client BookmarkClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

type BookmarkExpandParameters

type BookmarkExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

BookmarkExpandParameters the parameters required to execute an expand operation on the given bookmark.

type BookmarkExpandResponse

type BookmarkExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *BookmarkExpandResponseValue `json:"value,omitempty"`
}

BookmarkExpandResponse the entity expansion result operation response.

type BookmarkExpandResponseValue

type BookmarkExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
}

BookmarkExpandResponseValue the expansion result values.

func (*BookmarkExpandResponseValue) UnmarshalJSON

func (ber *BookmarkExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for BookmarkExpandResponseValue struct.

type BookmarkList

type BookmarkList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of bookmarks.
	Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (BookmarkList) MarshalJSON

func (bl BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkList.

type BookmarkListIterator

type BookmarkListIterator struct {
	// contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage

type BookmarkListPage struct {
	// contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage

func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties

type BookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarkRelationsClient

type BookmarkRelationsClient struct {
	BaseClient
}

BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkRelationsClient

func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.

func NewBookmarkRelationsClientWithBaseURI

func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkRelationsClient) CreateOrUpdateRelation

func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdateRelation creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relation - the relation model

func (BookmarkRelationsClient) CreateOrUpdateRelationPreparer

func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (BookmarkRelationsClient) CreateOrUpdateRelationResponder

func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) CreateOrUpdateRelationSender

func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) DeleteRelation

func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) DeleteRelationPreparer

func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (BookmarkRelationsClient) DeleteRelationResponder

func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) DeleteRelationSender

func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) GetRelation

func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result Relation, err error)

GetRelation gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) GetRelationPreparer

func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (BookmarkRelationsClient) GetRelationResponder

func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) GetRelationSender

func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) List

func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (BookmarkRelationsClient) ListComplete

func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarkRelationsClient) ListPreparer

func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarkRelationsClient) ListResponder

func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) ListSender

func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type BookmarkTimelineItem

type BookmarkTimelineItem struct {
	// AzureResourceID - The bookmark azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// DisplayName - The bookmark display name.
	DisplayName *string `json:"displayName,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// EndTimeUtc - The bookmark end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - TThe bookmark start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// EventTime - The bookmark event time.
	EventTime *date.Time `json:"eventTime,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

BookmarkTimelineItem represents bookmark timeline item.

func (BookmarkTimelineItem) AsActivityTimelineItem

func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBasicEntityTimelineItem

func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBookmarkTimelineItem

func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsEntityTimelineItem

func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsSecurityAlertTimelineItem

func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) MarshalJSON

func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkTimelineItem.

type BookmarksClient

type BookmarksClient struct {
	BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarksClient) CreateOrUpdate

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Case

type Case struct {
	autorest.Response `json:"-"`
	// CaseProperties - Case properties
	*CaseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Case represents a case in Azure Security Insights.

func (Case) MarshalJSON

func (c Case) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Case.

func (*Case) UnmarshalJSON

func (c *Case) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Case struct.

type CaseComment

type CaseComment struct {
	autorest.Response `json:"-"`
	// CaseCommentProperties - Case comment properties
	*CaseCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseComment represents a case comment

func (CaseComment) MarshalJSON

func (cc CaseComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseComment.

func (*CaseComment) UnmarshalJSON

func (cc *CaseComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseComment struct.

type CaseCommentList

type CaseCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]CaseComment `json:"value,omitempty"`
}

CaseCommentList list of case comments.

func (CaseCommentList) IsEmpty

func (ccl CaseCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseCommentList) MarshalJSON

func (ccl CaseCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseCommentList.

type CaseCommentListIterator

type CaseCommentListIterator struct {
	// contains filtered or unexported fields
}

CaseCommentListIterator provides access to a complete listing of CaseComment values.

func NewCaseCommentListIterator

func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator

Creates a new instance of the CaseCommentListIterator type.

func (*CaseCommentListIterator) Next

func (iter *CaseCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListIterator) NextWithContext

func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseCommentListIterator) NotDone

func (iter CaseCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseCommentListIterator) Response

func (iter CaseCommentListIterator) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListIterator) Value

func (iter CaseCommentListIterator) Value() CaseComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseCommentListPage

type CaseCommentListPage struct {
	// contains filtered or unexported fields
}

CaseCommentListPage contains a page of CaseComment values.

func NewCaseCommentListPage

func NewCaseCommentListPage(cur CaseCommentList, getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage

Creates a new instance of the CaseCommentListPage type.

func (*CaseCommentListPage) Next

func (page *CaseCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListPage) NextWithContext

func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseCommentListPage) NotDone

func (page CaseCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseCommentListPage) Response

func (page CaseCommentListPage) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListPage) Values

func (page CaseCommentListPage) Values() []CaseComment

Values returns the slice of values for the current page or nil if there are no values.

type CaseCommentProperties

type CaseCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// UserInfo - READ-ONLY; Describes the user that created the comment
	UserInfo *UserInfo `json:"userInfo,omitempty"`
}

CaseCommentProperties case comment property bag.

func (CaseCommentProperties) MarshalJSON

func (ccp CaseCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseCommentProperties.

type CaseCommentsClient

type CaseCommentsClient struct {
	BaseClient
}

CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseCommentsClient

func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient

NewCaseCommentsClient creates an instance of the CaseCommentsClient client.

func NewCaseCommentsClientWithBaseURI

func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient

NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CaseCommentsClient) CreateComment

func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)

CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment

func (CaseCommentsClient) CreateCommentPreparer

func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (CaseCommentsClient) CreateCommentResponder

func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (CaseCommentsClient) CreateCommentSender

func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

type CaseList

type CaseList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of cases.
	Value *[]Case `json:"value,omitempty"`
}

CaseList list all the cases.

func (CaseList) IsEmpty

func (cl CaseList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseList) MarshalJSON

func (cl CaseList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseList.

type CaseListIterator

type CaseListIterator struct {
	// contains filtered or unexported fields
}

CaseListIterator provides access to a complete listing of Case values.

func NewCaseListIterator

func NewCaseListIterator(page CaseListPage) CaseListIterator

Creates a new instance of the CaseListIterator type.

func (*CaseListIterator) Next

func (iter *CaseListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListIterator) NextWithContext

func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseListIterator) NotDone

func (iter CaseListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseListIterator) Response

func (iter CaseListIterator) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListIterator) Value

func (iter CaseListIterator) Value() Case

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseListPage

type CaseListPage struct {
	// contains filtered or unexported fields
}

CaseListPage contains a page of Case values.

func NewCaseListPage

func NewCaseListPage(cur CaseList, getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage

Creates a new instance of the CaseListPage type.

func (*CaseListPage) Next

func (page *CaseListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListPage) NextWithContext

func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseListPage) NotDone

func (page CaseListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseListPage) Response

func (page CaseListPage) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListPage) Values

func (page CaseListPage) Values() []Case

Values returns the slice of values for the current page or nil if there are no values.

type CaseProperties

type CaseProperties struct {
	// CaseNumber - READ-ONLY; a sequential number
	CaseNumber *int32 `json:"caseNumber,omitempty"`
	// CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other'
	CloseReason CloseReason `json:"closeReason,omitempty"`
	// ClosedReasonText - the case close reason details
	ClosedReasonText *string `json:"closedReasonText,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the case was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the case
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - The end time of the case
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Labels - List of labels relevant to this case
	Labels *[]string `json:"labels,omitempty"`
	// LastComment - READ-ONLY; the last comment in the case
	LastComment *string `json:"lastComment,omitempty"`
	// LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated
	LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"`
	// Owner - Describes a user that the case is assigned to
	Owner *UserInfo `json:"owner,omitempty"`
	// RelatedAlertIds - READ-ONLY; List of related alert identifiers
	RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with case
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// StartTimeUtc - The start time of the case
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed'
	Status CaseStatus `json:"status,omitempty"`
	// Title - The title of the case
	Title *string `json:"title,omitempty"`
	// TotalComments - READ-ONLY; the number of total comments in the case
	TotalComments *int32 `json:"totalComments,omitempty"`
}

CaseProperties describes case properties

func (CaseProperties) MarshalJSON

func (cp CaseProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseProperties.

type CaseRelation

type CaseRelation struct {
	autorest.Response `json:"-"`
	// CaseRelationProperties - Case relation properties
	*CaseRelationProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseRelation represents a case relation

func (CaseRelation) MarshalJSON

func (cr CaseRelation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseRelation.

func (*CaseRelation) UnmarshalJSON

func (cr *CaseRelation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseRelation struct.

type CaseRelationList

type CaseRelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]CaseRelation `json:"value,omitempty"`
}

CaseRelationList list of case relations.

func (CaseRelationList) IsEmpty

func (crl CaseRelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseRelationList) MarshalJSON

func (crl CaseRelationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseRelationList.

type CaseRelationListIterator

type CaseRelationListIterator struct {
	// contains filtered or unexported fields
}

CaseRelationListIterator provides access to a complete listing of CaseRelation values.

func NewCaseRelationListIterator

func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator

Creates a new instance of the CaseRelationListIterator type.

func (*CaseRelationListIterator) Next

func (iter *CaseRelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListIterator) NextWithContext

func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseRelationListIterator) NotDone

func (iter CaseRelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseRelationListIterator) Response

Response returns the raw server response from the last page request.

func (CaseRelationListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseRelationListPage

type CaseRelationListPage struct {
	// contains filtered or unexported fields
}

CaseRelationListPage contains a page of CaseRelation values.

func NewCaseRelationListPage

func NewCaseRelationListPage(cur CaseRelationList, getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage

Creates a new instance of the CaseRelationListPage type.

func (*CaseRelationListPage) Next

func (page *CaseRelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListPage) NextWithContext

func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseRelationListPage) NotDone

func (page CaseRelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseRelationListPage) Response

func (page CaseRelationListPage) Response() CaseRelationList

Response returns the raw server response from the last page request.

func (CaseRelationListPage) Values

func (page CaseRelationListPage) Values() []CaseRelation

Values returns the slice of values for the current page or nil if there are no values.

type CaseRelationProperties

type CaseRelationProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// BookmarkID - The case related bookmark id
	BookmarkID *string `json:"bookmarkId,omitempty"`
	// CaseIdentifier - The case identifier
	CaseIdentifier *string `json:"caseIdentifier,omitempty"`
	// BookmarkName - The case related bookmark name
	BookmarkName *string `json:"bookmarkName,omitempty"`
}

CaseRelationProperties case relation properties

type CaseRelationsClient

type CaseRelationsClient struct {
	BaseClient
}

CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseRelationsClient

func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient

NewCaseRelationsClient creates an instance of the CaseRelationsClient client.

func NewCaseRelationsClientWithBaseURI

func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient

NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CaseRelationsClient) CreateOrUpdateRelation

func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error)

CreateOrUpdateRelation creates or updates the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name relationInputModel - the relation input model

func (CaseRelationsClient) CreateOrUpdateRelationPreparer

func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (CaseRelationsClient) CreateOrUpdateRelationResponder

func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) CreateOrUpdateRelationSender

func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) DeleteRelation

func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) DeleteRelationPreparer

func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (CaseRelationsClient) DeleteRelationResponder

func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) DeleteRelationSender

func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) GetRelation

func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error)

GetRelation gets a case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) GetRelationPreparer

func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (CaseRelationsClient) GetRelationResponder

func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) GetRelationSender

func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) List

func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error)

List gets all case relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CaseRelationsClient) ListComplete

func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CaseRelationsClient) ListPreparer

func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CaseRelationsClient) ListResponder

func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CaseRelationsClient) ListSender

func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CaseSeverity

type CaseSeverity string

CaseSeverity enumerates the values for case severity.

const (
	// CaseSeverityCritical Critical severity
	CaseSeverityCritical CaseSeverity = "Critical"
	// CaseSeverityHigh High severity
	CaseSeverityHigh CaseSeverity = "High"
	// CaseSeverityInformational Informational severity
	CaseSeverityInformational CaseSeverity = "Informational"
	// CaseSeverityLow Low severity
	CaseSeverityLow CaseSeverity = "Low"
	// CaseSeverityMedium Medium severity
	CaseSeverityMedium CaseSeverity = "Medium"
)

func PossibleCaseSeverityValues

func PossibleCaseSeverityValues() []CaseSeverity

PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.

type CaseStatus

type CaseStatus string

CaseStatus enumerates the values for case status.

const (
	// CaseStatusClosed A non active case
	CaseStatusClosed CaseStatus = "Closed"
	// CaseStatusDraft Case that wasn't promoted yet to active
	CaseStatusDraft CaseStatus = "Draft"
	// CaseStatusInProgress An active case which is handled
	CaseStatusInProgress CaseStatus = "InProgress"
	// CaseStatusNew An active case which isn't handled currently
	CaseStatusNew CaseStatus = "New"
)

func PossibleCaseStatusValues

func PossibleCaseStatusValues() []CaseStatus

PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.

type CasesAggregation

type CasesAggregation struct {
	// CasesAggregationProperties - Properties of aggregations results of cases.
	*CasesAggregationProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

CasesAggregation represents aggregations results for cases.

func (CasesAggregation) AsAggregations

func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsBasicAggregations

func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsCasesAggregation

func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) MarshalJSON

func (ca CasesAggregation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CasesAggregation.

func (*CasesAggregation) UnmarshalJSON

func (ca *CasesAggregation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.

type CasesAggregationBySeverityProperties

type CasesAggregationBySeverityProperties struct {
	// TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical
	TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"`
	// TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High
	TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"`
	// TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational
	TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"`
	// TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low
	TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"`
	// TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium
	TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"`
}

CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.

type CasesAggregationByStatusProperties

type CasesAggregationByStatusProperties struct {
	// TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed
	TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"`
	// TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress
	TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"`
	// TotalNewStatus - READ-ONLY; Total amount of open cases with status New
	TotalNewStatus *int32 `json:"totalNewStatus,omitempty"`
	// TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved
	TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"`
}

CasesAggregationByStatusProperties aggregative results of cases by status property bag.

type CasesAggregationProperties

type CasesAggregationProperties struct {
	// AggregationBySeverity - Aggregations results by case severity.
	AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"`
	// AggregationByStatus - Aggregations results by case status.
	AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"`
}

CasesAggregationProperties aggregative results of cases property bag.

type CasesAggregationsClient

type CasesAggregationsClient struct {
	BaseClient
}

CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesAggregationsClient

func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.

func NewCasesAggregationsClientWithBaseURI

func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CasesAggregationsClient) Get

func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)

Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases

func (CasesAggregationsClient) GetPreparer

func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesAggregationsClient) GetResponder

func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesAggregationsClient) GetSender

func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type CasesClient

type CasesClient struct {
	BaseClient
}

CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesClient

func NewCasesClient(subscriptionID string) CasesClient

NewCasesClient creates an instance of the CasesClient client.

func NewCasesClientWithBaseURI

func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient

NewCasesClientWithBaseURI creates an instance of the CasesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CasesClient) CreateOrUpdate

func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)

CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case

func (CasesClient) CreateOrUpdatePreparer

func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (CasesClient) CreateOrUpdateResponder

func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (CasesClient) CreateOrUpdateSender

func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Delete

func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)

Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) DeletePreparer

func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (CasesClient) DeleteResponder

func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (CasesClient) DeleteSender

func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Get

func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)

Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) GetComment

func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)

GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID

func (CasesClient) GetCommentPreparer

func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (CasesClient) GetCommentResponder

func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (CasesClient) GetCommentSender

func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (CasesClient) GetPreparer

func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesClient) GetResponder

func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesClient) GetSender

func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (CasesClient) List

func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)

List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CasesClient) ListComplete

func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CasesClient) ListPreparer

func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CasesClient) ListResponder

func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CasesClient) ListSender

func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ClientInfo

type ClientInfo struct {
	// Email - The email of the client.
	Email *string `json:"email,omitempty"`
	// Name - The name of the client.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the client.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo information on the client (user or application) that made some action

type CloseReason

type CloseReason string

CloseReason enumerates the values for close reason.

const (
	// Dismissed Case was dismissed
	Dismissed CloseReason = "Dismissed"
	// FalsePositive Case was false positive
	FalsePositive CloseReason = "FalsePositive"
	// Other Case was closed for another reason
	Other CloseReason = "Other"
	// Resolved Case was resolved
	Resolved CloseReason = "Resolved"
	// TruePositive Case was true positive
	TruePositive CloseReason = "TruePositive"
)

func PossibleCloseReasonValues

func PossibleCloseReasonValues() []CloseReason

PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.

type CloudApplicationEntity

type CloudApplicationEntity struct {
	// CloudApplicationEntityProperties - CloudApplication entity properties
	*CloudApplicationEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

CloudApplicationEntity represents a cloud application entity.

func (CloudApplicationEntity) AsAccountEntity

func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsAzureResourceEntity

func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsBasicEntity

func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsCloudApplicationEntity

func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsDNSEntity

func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsEntity

func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileEntity

func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileHashEntity

func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHostEntity

func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHuntingBookmark

func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIPEntity

func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIoTDeviceEntity

func (cae CloudApplicationEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMalwareEntity

func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsProcessEntity

func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryKeyEntity

func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryValueEntity

func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityAlert

func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityGroupEntity

func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsURLEntity

func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON

func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON

func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.

type CloudApplicationEntityProperties

type CloudApplicationEntityProperties struct {
	// AppID - READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty"`
	// AppName - READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty"`
	// InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

CloudApplicationEntityProperties cloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON

func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.

type CloudError

type CloudError struct {
	// CloudErrorBody - Error data
	*CloudErrorBody `json:"error,omitempty"`
}

CloudError error response structure.

func (CloudError) MarshalJSON

func (ce CloudError) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudError.

func (*CloudError) UnmarshalJSON

func (ce *CloudError) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudError struct.

type CloudErrorBody

type CloudErrorBody struct {
	// Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody error details.

type CommentsClient

type CommentsClient struct {
	BaseClient
}

CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCommentsClient

func NewCommentsClient(subscriptionID string) CommentsClient

NewCommentsClient creates an instance of the CommentsClient client.

func NewCommentsClientWithBaseURI

func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient

NewCommentsClientWithBaseURI creates an instance of the CommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CommentsClient) ListByCase

func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)

ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CommentsClient) ListByCaseComplete

func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)

ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.

func (CommentsClient) ListByCasePreparer

func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByCasePreparer prepares the ListByCase request.

func (CommentsClient) ListByCaseResponder

func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)

ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.

func (CommentsClient) ListByCaseSender

func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)

ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.

type ConfidenceLevel

type ConfidenceLevel string

ConfidenceLevel enumerates the values for confidence level.

const (
	// ConfidenceLevelHigh High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
	// attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus

type ConfidenceScoreStatus string

ConfidenceScoreStatus enumerates the values for confidence score status.

const (
	// Final Final score was calculated and available
	Final ConfidenceScoreStatus = "Final"
	// InProcess No score was set yet and calculation is in progress
	InProcess ConfidenceScoreStatus = "InProcess"
	// NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst
	NotApplicable ConfidenceScoreStatus = "NotApplicable"
	// NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time
	// following the processing of additional data
	NotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.

type DNSEntity

type DNSEntity struct {
	// DNSEntityProperties - Dns entity properties
	*DNSEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

DNSEntity represents a dns entity.

func (DNSEntity) AsAccountEntity

func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsAzureResourceEntity

func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsBasicEntity

func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsCloudApplicationEntity

func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsDNSEntity

func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsEntity

func (de DNSEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileEntity

func (de DNSEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileHashEntity

func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHostEntity

func (de DNSEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHuntingBookmark

func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIPEntity

func (de DNSEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIoTDeviceEntity

func (de DNSEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMalwareEntity

func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsProcessEntity

func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryKeyEntity

func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryValueEntity

func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityAlert

func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityGroupEntity

func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsURLEntity

func (de DNSEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) MarshalJSON

func (de DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntity.

func (*DNSEntity) UnmarshalJSON

func (de *DNSEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DNSEntity struct.

type DNSEntityProperties

type DNSEntityProperties struct {
	// DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"`
	// DomainName - READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty"`
	// HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"`
	// IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

DNSEntityProperties dns entity property bag.

func (DNSEntityProperties) MarshalJSON

func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntityProperties.

type DataConnector

type DataConnector struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

DataConnector data connector.

func (DataConnector) AsAADDataConnector

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeATPDataConnector

func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTiTaxiiDataConnector

func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorAuthorizationState

type DataConnectorAuthorizationState string

DataConnectorAuthorizationState enumerates the values for data connector authorization state.

const (
	// Invalid ...
	Invalid DataConnectorAuthorizationState = "Invalid"
	// Valid ...
	Valid DataConnectorAuthorizationState = "Valid"
)

func PossibleDataConnectorAuthorizationStateValues

func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState

PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.

type DataConnectorDataTypeCommon

type DataConnectorDataTypeCommon struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind.

const (
	// DataConnectorKindAmazonWebServicesCloudTrail ...
	DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
	// DataConnectorKindAzureActiveDirectory ...
	DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
	// DataConnectorKindAzureAdvancedThreatProtection ...
	DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
	// DataConnectorKindAzureSecurityCenter ...
	DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
	// DataConnectorKindMicrosoftCloudAppSecurity ...
	DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
	// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	// DataConnectorKindOffice365 ...
	DataConnectorKindOffice365 DataConnectorKind = "Office365"
	// DataConnectorKindOfficeATP ...
	DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP"
	// DataConnectorKindThreatIntelligence ...
	DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
	// DataConnectorKindThreatIntelligenceTaxii ...
	DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii"
)

func PossibleDataConnectorKindValues

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorKind1

type DataConnectorKind1 struct {
	// Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection'
	Kind DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorKind1 describes an Azure resource with kind.

type DataConnectorLicenseState

type DataConnectorLicenseState string

DataConnectorLicenseState enumerates the values for data connector license state.

const (
	// DataConnectorLicenseStateInvalid ...
	DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
	// DataConnectorLicenseStateUnknown ...
	DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
	// DataConnectorLicenseStateValid ...
	DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid"
)

func PossibleDataConnectorLicenseStateValues

func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState

PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.

type DataConnectorList

type DataConnectorList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of data connectors.
	Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (DataConnectorList) MarshalJSON

func (dcl DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorList.

func (*DataConnectorList) UnmarshalJSON

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator

type DataConnectorListIterator struct {
	// contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage

type DataConnectorListPage struct {
	// contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage

func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel

type DataConnectorModel struct {
	autorest.Response `json:"-"`
	Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorRequirementsState

type DataConnectorRequirementsState struct {
	autorest.Response `json:"-"`
	// AuthorizationState - Authorization state for this connector. Possible values include: 'Valid', 'Invalid'
	AuthorizationState DataConnectorAuthorizationState `json:"authorizationState,omitempty"`
	// LicenseState - License state for this connector. Possible values include: 'DataConnectorLicenseStateValid', 'DataConnectorLicenseStateInvalid', 'DataConnectorLicenseStateUnknown'
	LicenseState DataConnectorLicenseState `json:"licenseState,omitempty"`
}

DataConnectorRequirementsState data connector requirements status.

type DataConnectorTenantID

type DataConnectorTenantID struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties

type DataConnectorWithAlertsProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsCheckRequirements

type DataConnectorsCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

DataConnectorsCheckRequirements data connector requirements properties.

func (DataConnectorsCheckRequirements) AsAADCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAATPCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsASCCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMCASCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMDATPCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTICheckRequirements

func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements

func (dccr DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) MarshalJSON

func (dccr DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorsCheckRequirements.

type DataConnectorsCheckRequirementsClient

type DataConnectorsCheckRequirementsClient struct {
	BaseClient
}

DataConnectorsCheckRequirementsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsCheckRequirementsClient

func NewDataConnectorsCheckRequirementsClient(subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClient creates an instance of the DataConnectorsCheckRequirementsClient client.

func NewDataConnectorsCheckRequirementsClientWithBaseURI

func NewDataConnectorsCheckRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClientWithBaseURI creates an instance of the DataConnectorsCheckRequirementsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsCheckRequirementsClient) Post

func (client DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (result DataConnectorRequirementsState, err error)

Post get requirements state for a data connector type. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. dataConnectorsCheckRequirements - the parameters for requirements check message

func (DataConnectorsCheckRequirementsClient) PostPreparer

func (client DataConnectorsCheckRequirementsClient) PostPreparer(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (*http.Request, error)

PostPreparer prepares the Post request.

func (DataConnectorsCheckRequirementsClient) PostResponder

PostResponder handles the response to the Post request. The method always closes the http.Response Body.

func (DataConnectorsCheckRequirementsClient) PostSender

PostSender sends the Post request. The method will close the http.Response Body if it receives an error.

type DataConnectorsClient

type DataConnectorsClient struct {
	BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsClient) CreateOrUpdate

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeState

type DataTypeState string

DataTypeState enumerates the values for data type state.

const (
	// Disabled ...
	Disabled DataTypeState = "Disabled"
	// Enabled ...
	Enabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type ElevationToken

type ElevationToken string

ElevationToken enumerates the values for elevation token.

const (
	// Default Default elevation token
	Default ElevationToken = "Default"
	// Full Full elevation token
	Full ElevationToken = "Full"
	// Limited Limited elevation token
	Limited ElevationToken = "Limited"
)

func PossibleElevationTokenValues

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.

type EntitiesClient

type EntitiesClient struct {
	BaseClient
}

EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesClient

func NewEntitiesClient(subscriptionID string) EntitiesClient

NewEntitiesClient creates an instance of the EntitiesClient client.

func NewEntitiesClientWithBaseURI

func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient

NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesClient) Expand

func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)

Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.

func (EntitiesClient) ExpandPreparer

func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (EntitiesClient) ExpandResponder

func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (EntitiesClient) ExpandSender

func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Get

func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)

Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) GetPreparer

func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntitiesClient) GetResponder

func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntitiesClient) GetSender

func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) List

func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)

List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntitiesClient) ListComplete

func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesClient) ListPreparer

func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesClient) ListResponder

func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesClient) ListSender

func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntitiesGetTimelineClient

type EntitiesGetTimelineClient struct {
	BaseClient
}

EntitiesGetTimelineClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesGetTimelineClient

func NewEntitiesGetTimelineClient(subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClient creates an instance of the EntitiesGetTimelineClient client.

func NewEntitiesGetTimelineClientWithBaseURI

func NewEntitiesGetTimelineClientWithBaseURI(baseURI string, subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClientWithBaseURI creates an instance of the EntitiesGetTimelineClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesGetTimelineClient) List

func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (result EntityTimelineResponse, err error)

List timeline for an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an timeline operation on the given entity.

func (EntitiesGetTimelineClient) ListPreparer

func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesGetTimelineClient) ListResponder

func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesGetTimelineClient) ListSender

func (client EntitiesGetTimelineClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntitiesMatchingMethod

type EntitiesMatchingMethod string

EntitiesMatchingMethod enumerates the values for entities matching method.

const (
	// All Grouping alerts into a single incident if all the entities match
	All EntitiesMatchingMethod = "All"
	// Custom Grouping alerts into a single incident if the selected entities match
	Custom EntitiesMatchingMethod = "Custom"
	// None Grouping all alerts triggered by this rule into a single incident
	None EntitiesMatchingMethod = "None"
)

func PossibleEntitiesMatchingMethodValues

func PossibleEntitiesMatchingMethodValues() []EntitiesMatchingMethod

PossibleEntitiesMatchingMethodValues returns an array of possible values for the EntitiesMatchingMethod const type.

type EntitiesRelationsClient

type EntitiesRelationsClient struct {
	BaseClient
}

EntitiesRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesRelationsClient

func NewEntitiesRelationsClient(subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClient creates an instance of the EntitiesRelationsClient client.

func NewEntitiesRelationsClientWithBaseURI

func NewEntitiesRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClientWithBaseURI creates an instance of the EntitiesRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesRelationsClient) List

func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all relations of an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (EntitiesRelationsClient) ListComplete

func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesRelationsClient) ListPreparer

func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesRelationsClient) ListResponder

func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesRelationsClient) ListSender

func (client EntitiesRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Entity

type Entity struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

Entity specific entity.

func (Entity) AsAccountEntity

func (e Entity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for Entity.

func (Entity) AsAzureResourceEntity

func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for Entity.

func (Entity) AsBasicEntity

func (e Entity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for Entity.

func (Entity) AsCloudApplicationEntity

func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for Entity.

func (Entity) AsDNSEntity

func (e Entity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for Entity.

func (Entity) AsEntity

func (e Entity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileEntity

func (e Entity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileHashEntity

func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for Entity.

func (Entity) AsHostEntity

func (e Entity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for Entity.

func (Entity) AsHuntingBookmark

func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for Entity.

func (Entity) AsIPEntity

func (e Entity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for Entity.

func (Entity) AsIoTDeviceEntity

func (e Entity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for Entity.

func (Entity) AsMalwareEntity

func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for Entity.

func (Entity) AsProcessEntity

func (e Entity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryKeyEntity

func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryValueEntity

func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for Entity.

func (Entity) AsSecurityAlert

func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for Entity.

func (Entity) AsSecurityGroupEntity

func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for Entity.

func (Entity) AsURLEntity

func (e Entity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for Entity.

func (Entity) MarshalJSON

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Entity.

type EntityAnalytics

type EntityAnalytics struct {
	// EntityAnalyticsProperties - EntityAnalytics properties
	*EntityAnalyticsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

EntityAnalytics settings with single toggle.

func (EntityAnalytics) AsBasicSettings

func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEntityAnalytics

func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEyesOn

func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsSettings

func (ea EntityAnalytics) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsUeba

func (ea EntityAnalytics) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) MarshalJSON

func (ea EntityAnalytics) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityAnalytics.

func (*EntityAnalytics) UnmarshalJSON

func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct.

type EntityAnalyticsProperties

type EntityAnalyticsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EntityAnalyticsProperties entityAnalytics property bag.

type EntityCommonProperties

type EntityCommonProperties struct {
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

EntityCommonProperties entity common property bag.

func (EntityCommonProperties) MarshalJSON

func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityCommonProperties.

type EntityExpandParameters

type EntityExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

EntityExpandParameters the parameters required to execute an expand operation on the given entity.

type EntityExpandResponse

type EntityExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse the entity expansion result operation response.

type EntityExpandResponseValue

type EntityExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
}

EntityExpandResponseValue the expansion result values.

func (*EntityExpandResponseValue) UnmarshalJSON

func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.

type EntityKind

type EntityKind string

EntityKind enumerates the values for entity kind.

const (
	// EntityKindAccount Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIoTDevice Entity represents IoT device in the system.
	EntityKindIoTDevice EntityKind = "IoTDevice"
	// EntityKindIP Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindMalware Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindProcess Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindURL Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns an array of possible values for the EntityKind const type.

type EntityKind1

type EntityKind1 struct {
	// Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	Kind EntityKind `json:"kind,omitempty"`
}

EntityKind1 describes an entity with kind.

type EntityList

type EntityList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entities.
	Value *[]BasicEntity `json:"value,omitempty"`
}

EntityList list of all the entities.

func (EntityList) IsEmpty

func (el EntityList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityList) MarshalJSON

func (el EntityList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityList.

func (*EntityList) UnmarshalJSON

func (el *EntityList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityList struct.

type EntityListIterator

type EntityListIterator struct {
	// contains filtered or unexported fields
}

EntityListIterator provides access to a complete listing of Entity values.

func NewEntityListIterator

func NewEntityListIterator(page EntityListPage) EntityListIterator

Creates a new instance of the EntityListIterator type.

func (*EntityListIterator) Next

func (iter *EntityListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListIterator) NextWithContext

func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityListIterator) NotDone

func (iter EntityListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityListIterator) Response

func (iter EntityListIterator) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListIterator) Value

func (iter EntityListIterator) Value() BasicEntity

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityListPage

type EntityListPage struct {
	// contains filtered or unexported fields
}

EntityListPage contains a page of BasicEntity values.

func NewEntityListPage

func NewEntityListPage(cur EntityList, getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage

Creates a new instance of the EntityListPage type.

func (*EntityListPage) Next

func (page *EntityListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListPage) NextWithContext

func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityListPage) NotDone

func (page EntityListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityListPage) Response

func (page EntityListPage) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListPage) Values

func (page EntityListPage) Values() []BasicEntity

Values returns the slice of values for the current page or nil if there are no values.

type EntityModel

type EntityModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntity `json:"value,omitempty"`
}

EntityModel ...

func (*EntityModel) UnmarshalJSON

func (em *EntityModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityModel struct.

type EntityQueriesClient

type EntityQueriesClient struct {
	BaseClient
}

EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueriesClient

func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient

NewEntityQueriesClient creates an instance of the EntityQueriesClient client.

func NewEntityQueriesClientWithBaseURI

func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient

NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityQueriesClient) Get

func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) GetPreparer

func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueriesClient) GetResponder

func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueriesClient) GetSender

func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) List

func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)

List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntityQueriesClient) ListComplete

func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueriesClient) ListPreparer

func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueriesClient) ListResponder

func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueriesClient) ListSender

func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityQuery

type EntityQuery struct {
	autorest.Response `json:"-"`
	// EntityQueryProperties - Entity query properties
	*EntityQueryProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

EntityQuery specific entity query.

func (EntityQuery) MarshalJSON

func (eq EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQuery.

func (*EntityQuery) UnmarshalJSON

func (eq *EntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQuery struct.

type EntityQueryList

type EntityQueryList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entity queries.
	Value *[]EntityQuery `json:"value,omitempty"`
}

EntityQueryList list of all the entity queries.

func (EntityQueryList) IsEmpty

func (eql EntityQueryList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityQueryList) MarshalJSON

func (eql EntityQueryList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryList.

type EntityQueryListIterator

type EntityQueryListIterator struct {
	// contains filtered or unexported fields
}

EntityQueryListIterator provides access to a complete listing of EntityQuery values.

func NewEntityQueryListIterator

func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator

Creates a new instance of the EntityQueryListIterator type.

func (*EntityQueryListIterator) Next

func (iter *EntityQueryListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListIterator) NextWithContext

func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryListIterator) NotDone

func (iter EntityQueryListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryListIterator) Response

func (iter EntityQueryListIterator) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListIterator) Value

func (iter EntityQueryListIterator) Value() EntityQuery

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryListPage

type EntityQueryListPage struct {
	// contains filtered or unexported fields
}

EntityQueryListPage contains a page of EntityQuery values.

func NewEntityQueryListPage

func NewEntityQueryListPage(cur EntityQueryList, getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage

Creates a new instance of the EntityQueryListPage type.

func (*EntityQueryListPage) Next

func (page *EntityQueryListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListPage) NextWithContext

func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryListPage) NotDone

func (page EntityQueryListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryListPage) Response

func (page EntityQueryListPage) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListPage) Values

func (page EntityQueryListPage) Values() []EntityQuery

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryProperties

type EntityQueryProperties struct {
	// DataSources - List of the data sources that are required to run the query
	DataSources *[]string `json:"dataSources,omitempty"`
	// DisplayName - The query display name
	DisplayName *string `json:"displayName,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// InputFields - List of the fields of the source entity that are required to run the query
	InputFields *[]string `json:"inputFields,omitempty"`
	// OutputEntityTypes - List of the desired output types to be constructed from the result
	OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"`
	// QueryTemplate - The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

EntityQueryProperties describes entity query properties

type EntityRelationsClient

type EntityRelationsClient struct {
	BaseClient
}

EntityRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityRelationsClient

func NewEntityRelationsClient(subscriptionID string) EntityRelationsClient

NewEntityRelationsClient creates an instance of the EntityRelationsClient client.

func NewEntityRelationsClientWithBaseURI

func NewEntityRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntityRelationsClient

NewEntityRelationsClientWithBaseURI creates an instance of the EntityRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityRelationsClient) GetRelation

func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (result Relation, err error)

GetRelation gets an entity relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID relationName - relation Name

func (EntityRelationsClient) GetRelationPreparer

func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (EntityRelationsClient) GetRelationResponder

func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (EntityRelationsClient) GetRelationSender

func (client EntityRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

type EntityTimelineItem

type EntityTimelineItem struct {
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

EntityTimelineItem entity timeline Item.

func (EntityTimelineItem) AsActivityTimelineItem

func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBasicEntityTimelineItem

func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBookmarkTimelineItem

func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsEntityTimelineItem

func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsSecurityAlertTimelineItem

func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) MarshalJSON

func (eti EntityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityTimelineItem.

type EntityTimelineKind

type EntityTimelineKind string

EntityTimelineKind enumerates the values for entity timeline kind.

const (
	// EntityTimelineKindActivity activity
	EntityTimelineKindActivity EntityTimelineKind = "Activity"
	// EntityTimelineKindBookmark bookmarks
	EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
	// EntityTimelineKindSecurityAlert security alerts
	EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)

func PossibleEntityTimelineKindValues

func PossibleEntityTimelineKindValues() []EntityTimelineKind

PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.

type EntityTimelineParameters

type EntityTimelineParameters struct {
	// Kinds - Array of timeline Item kinds.
	Kinds *[]EntityTimelineKind `json:"kinds,omitempty"`
	// StartTime - The start timeline date, so the results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
	// EndTime - The end timeline date, so the results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// NumberOfBucket - The number of bucket for timeline queries aggregation.
	NumberOfBucket *int32 `json:"numberOfBucket,omitempty"`
}

EntityTimelineParameters the parameters required to execute s timeline operation on the given entity.

type EntityTimelineResponse

type EntityTimelineResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the timeline operation results.
	MetaData *TimelineResultsMetadata `json:"metaData,omitempty"`
	// Value - The timeline result values.
	Value *[]BasicEntityTimelineItem `json:"value,omitempty"`
}

EntityTimelineResponse the entity timeline result operation response.

func (*EntityTimelineResponse) UnmarshalJSON

func (etr *EntityTimelineResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityTimelineResponse struct.

type EntityType

type EntityType string

EntityType enumerates the values for entity type.

const (
	// EntityTypeAccount Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIoTDevice Entity represents IoT device in the system.
	EntityTypeIoTDevice EntityType = "IoTDevice"
	// EntityTypeIP Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeMalware Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeProcess Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeURL Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns an array of possible values for the EntityType const type.

type EventGroupingAggregationKind

type EventGroupingAggregationKind string

EventGroupingAggregationKind enumerates the values for event grouping aggregation kind.

const (
	// AlertPerResult ...
	AlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	// SingleAlert ...
	SingleAlert EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.

type EventGroupingSettings

type EventGroupingSettings struct {
	// AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult'
	AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}

EventGroupingSettings event grouping settings property bag.

type ExpansionResultAggregation

type ExpansionResultAggregation struct {
	// AggregationType - The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`
	// Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`
	// DisplayName - The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

ExpansionResultAggregation information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata

type ExpansionResultsMetadata struct {
	// Aggregations - Information of the aggregated nodes in the expansion result.
	Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata expansion result metadata.

type EyesOn

type EyesOn struct {
	// EyesOnSettingsProperties - EyesOn properties
	*EyesOnSettingsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

EyesOn settings with single toggle.

func (EyesOn) AsBasicSettings

func (eo EyesOn) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEntityAnalytics

func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEyesOn

func (eo EyesOn) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EyesOn.

func (EyesOn) AsSettings

func (eo EyesOn) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsUeba

func (eo EyesOn) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EyesOn.

func (EyesOn) MarshalJSON

func (eo EyesOn) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EyesOn.

func (*EyesOn) UnmarshalJSON

func (eo *EyesOn) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EyesOn struct.

type EyesOnSettingsProperties

type EyesOnSettingsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EyesOnSettingsProperties eyesOn property bag.

type FileEntity

type FileEntity struct {
	// FileEntityProperties - File entity properties
	*FileEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileEntity represents a file entity.

func (FileEntity) AsAccountEntity

func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsAzureResourceEntity

func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsBasicEntity

func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsCloudApplicationEntity

func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsDNSEntity

func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsEntity

func (fe FileEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileEntity

func (fe FileEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileHashEntity

func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHostEntity

func (fe FileEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHuntingBookmark

func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIPEntity

func (fe FileEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIoTDeviceEntity

func (fe FileEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMalwareEntity

func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsProcessEntity

func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryKeyEntity

func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryValueEntity

func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityAlert

func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityGroupEntity

func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsURLEntity

func (fe FileEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) MarshalJSON

func (fe FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntity.

func (*FileEntity) UnmarshalJSON

func (fe *FileEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileEntity struct.

type FileEntityProperties

type FileEntityProperties struct {
	// Directory - READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty"`
	// FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"`
	// FileName - READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileEntityProperties file entity property bag.

func (FileEntityProperties) MarshalJSON

func (fep FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntityProperties.

type FileHashAlgorithm

type FileHashAlgorithm string

FileHashAlgorithm enumerates the values for file hash algorithm.

const (
	// MD5 MD5 hash type
	MD5 FileHashAlgorithm = "MD5"
	// SHA1 SHA1 hash type
	SHA1 FileHashAlgorithm = "SHA1"
	// SHA256 SHA256 hash type
	SHA256 FileHashAlgorithm = "SHA256"
	// SHA256AC SHA256 Authenticode hash type
	SHA256AC FileHashAlgorithm = "SHA256AC"
	// Unknown Unknown hash algorithm
	Unknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.

type FileHashEntity

type FileHashEntity struct {
	// FileHashEntityProperties - FileHash entity properties
	*FileHashEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileHashEntity represents a file hash entity.

func (FileHashEntity) AsAccountEntity

func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsAzureResourceEntity

func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsBasicEntity

func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsCloudApplicationEntity

func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsDNSEntity

func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsEntity

func (fhe FileHashEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileEntity

func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileHashEntity

func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHostEntity

func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHuntingBookmark

func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIPEntity

func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIoTDeviceEntity

func (fhe FileHashEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMalwareEntity

func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsProcessEntity

func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryKeyEntity

func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryValueEntity

func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityAlert

func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityGroupEntity

func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsURLEntity

func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) MarshalJSON

func (fhe FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntity.

func (*FileHashEntity) UnmarshalJSON

func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.

type FileHashEntityProperties

type FileHashEntityProperties struct {
	// Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC'
	Algorithm FileHashAlgorithm `json:"algorithm,omitempty"`
	// HashValue - READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileHashEntityProperties fileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON

func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntityProperties.

type FusionAlertRule

type FusionAlertRule struct {
	// FusionAlertRuleProperties - Fusion alert rule properties
	*FusionAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

FusionAlertRule represents Fusion alert rule.

func (FusionAlertRule) AsAlertRule

func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsBasicAlertRule

func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsFusionAlertRule

func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsScheduledAlertRule

func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) MarshalJSON

func (far FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON

func (far *FusionAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.

type FusionAlertRuleProperties

type FusionAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleProperties fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON

func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleProperties.

type FusionAlertRuleTemplate

type FusionAlertRuleTemplate struct {
	// FusionAlertRuleTemplateProperties - Fusion alert rule template properties
	*FusionAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

FusionAlertRuleTemplate represents Fusion alert rule template.

func (FusionAlertRuleTemplate) AsAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON

func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON

func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.

type FusionAlertRuleTemplateProperties

type FusionAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

FusionAlertRuleTemplateProperties fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON

func (fart FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties.

type GeoLocation

type GeoLocation struct {
	// Asn - READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty"`
	// City - READ-ONLY; City name
	City *string `json:"city,omitempty"`
	// CountryCode - READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty"`
	// CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty"`
	// Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty"`
	// Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty"`
	// State - READ-ONLY; State name
	State *string `json:"state,omitempty"`
}

GeoLocation the geo-location context attached to the ip entity

type GroupingConfiguration

type GroupingConfiguration struct {
	// Enabled - Grouping enabled
	Enabled *bool `json:"enabled,omitempty"`
	// ReopenClosedIncident - Re-open closed matching incidents
	ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"`
	// LookbackDuration - Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string `json:"lookbackDuration,omitempty"`
	// EntitiesMatchingMethod - Grouping matching method. Possible values include: 'All', 'None', 'Custom'
	EntitiesMatchingMethod EntitiesMatchingMethod `json:"entitiesMatchingMethod,omitempty"`
	// GroupByEntities - A list of entity types to group by (when entitiesMatchingMethod is Custom)
	GroupByEntities *[]GroupingEntityType `json:"groupByEntities,omitempty"`
}

GroupingConfiguration grouping configuration property bag.

type GroupingEntityType

type GroupingEntityType string

GroupingEntityType enumerates the values for grouping entity type.

const (
	// Account Account entity
	Account GroupingEntityType = "Account"
	// Host Host entity
	Host GroupingEntityType = "Host"
	// IP Ip entity
	IP GroupingEntityType = "Ip"
	// URL Url entity
	URL GroupingEntityType = "Url"
)

func PossibleGroupingEntityTypeValues

func PossibleGroupingEntityTypeValues() []GroupingEntityType

PossibleGroupingEntityTypeValues returns an array of possible values for the GroupingEntityType const type.

type HostEntity

type HostEntity struct {
	// HostEntityProperties - Host entity properties
	*HostEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

HostEntity represents a host entity.

func (HostEntity) AsAccountEntity

func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsAzureResourceEntity

func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsBasicEntity

func (he HostEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsCloudApplicationEntity

func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsDNSEntity

func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsEntity

func (he HostEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileEntity

func (he HostEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileHashEntity

func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHostEntity

func (he HostEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHuntingBookmark

func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIPEntity

func (he HostEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIoTDeviceEntity

func (he HostEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMalwareEntity

func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsProcessEntity

func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryKeyEntity

func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryValueEntity

func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityAlert

func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityGroupEntity

func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsURLEntity

func (he HostEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) MarshalJSON

func (he HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntity.

func (*HostEntity) UnmarshalJSON

func (he *HostEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HostEntity struct.

type HostEntityProperties

type HostEntityProperties struct {
	// AzureID - READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty"`
	// DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// HostName - READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NetBiosName - READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty"`
	// NtDomain - READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty"`
	// OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty"`
	// OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS'
	OsFamily OSFamily `json:"osFamily,omitempty"`
	// OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
	OsVersion *string `json:"osVersion,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HostEntityProperties host entity property bag.

func (HostEntityProperties) MarshalJSON

func (hep HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntityProperties.

type HuntingBookmark

type HuntingBookmark struct {
	// HuntingBookmarkProperties - HuntingBookmark entity properties
	*HuntingBookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

HuntingBookmark represents a Hunting bookmark entity.

func (HuntingBookmark) AsAccountEntity

func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsAzureResourceEntity

func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsBasicEntity

func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsCloudApplicationEntity

func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsDNSEntity

func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsEntity

func (hb HuntingBookmark) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileEntity

func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileHashEntity

func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHostEntity

func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHuntingBookmark

func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIPEntity

func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIoTDeviceEntity

func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMalwareEntity

func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsProcessEntity

func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryKeyEntity

func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryValueEntity

func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityAlert

func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityGroupEntity

func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsURLEntity

func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) MarshalJSON

func (hb HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON

func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct.

type HuntingBookmarkProperties

type HuntingBookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// EventTime - The time of the event
	EventTime *date.Time `json:"eventTime,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HuntingBookmarkProperties describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON

func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmarkProperties.

type IPEntity

type IPEntity struct {
	// IPEntityProperties - Ip entity properties
	*IPEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

IPEntity represents an ip entity.

func (IPEntity) AsAccountEntity

func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsAzureResourceEntity

func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsBasicEntity

func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsCloudApplicationEntity

func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsDNSEntity

func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsEntity

func (ie IPEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileEntity

func (ie IPEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileHashEntity

func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHostEntity

func (ie IPEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHuntingBookmark

func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIPEntity

func (ie IPEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIoTDeviceEntity

func (ie IPEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMalwareEntity

func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsProcessEntity

func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryKeyEntity

func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryValueEntity

func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityAlert

func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityGroupEntity

func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsURLEntity

func (ie IPEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) MarshalJSON

func (ie IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntity.

func (*IPEntity) UnmarshalJSON

func (ie *IPEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IPEntity struct.

type IPEntityProperties

type IPEntityProperties struct {
	// Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty"`
	// Location - The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IPEntityProperties ip entity property bag.

func (IPEntityProperties) MarshalJSON

func (iep IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntityProperties.

type Incident

type Incident struct {
	autorest.Response `json:"-"`
	// IncidentProperties - Incident properties
	*IncidentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Incident represents an incident in Azure Security Insights.

func (Incident) MarshalJSON

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Incident.

func (*Incident) UnmarshalJSON

func (i *Incident) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Incident struct.

type IncidentAdditionalData

type IncidentAdditionalData struct {
	// AlertsCount - READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty"`
	// BookmarksCount - READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty"`
	// CommentsCount - READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty"`
	// AlertProductNames - READ-ONLY; List of product names of alerts in the incident
	AlertProductNames *[]string `json:"alertProductNames,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with incident
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

IncidentAdditionalData incident additional data property bag.

type IncidentAlertList

type IncidentAlertList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident alerts.
	Value *[]SecurityAlert `json:"value,omitempty"`
}

IncidentAlertList list of incident alerts.

type IncidentBookmarkList

type IncidentBookmarkList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident bookmarks.
	Value *[]HuntingBookmark `json:"value,omitempty"`
}

IncidentBookmarkList list of incident bookmarks.

type IncidentClassification

type IncidentClassification string

IncidentClassification enumerates the values for incident classification.

const (
	// IncidentClassificationBenignPositive Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.

type IncidentClassificationReason

type IncidentClassificationReason string

IncidentClassificationReason enumerates the values for incident classification reason.

const (
	// InaccurateData Classification reason was inaccurate data
	InaccurateData IncidentClassificationReason = "InaccurateData"
	// IncorrectAlertLogic Classification reason was incorrect alert logic
	IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// SuspiciousActivity Classification reason was suspicious activity
	SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// SuspiciousButExpected Classification reason was suspicious but expected
	SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.

type IncidentComment

type IncidentComment struct {
	autorest.Response `json:"-"`
	// IncidentCommentProperties - Incident comment properties
	*IncidentCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

IncidentComment represents an incident comment

func (IncidentComment) MarshalJSON

func (ic IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentComment.

func (*IncidentComment) UnmarshalJSON

func (ic *IncidentComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentComment struct.

type IncidentCommentList

type IncidentCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]IncidentComment `json:"value,omitempty"`
}

IncidentCommentList list of incident comments.

func (IncidentCommentList) IsEmpty

func (icl IncidentCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentCommentList) MarshalJSON

func (icl IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentList.

type IncidentCommentListIterator

type IncidentCommentListIterator struct {
	// contains filtered or unexported fields
}

IncidentCommentListIterator provides access to a complete listing of IncidentComment values.

func NewIncidentCommentListIterator

func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator

Creates a new instance of the IncidentCommentListIterator type.

func (*IncidentCommentListIterator) Next

func (iter *IncidentCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListIterator) NextWithContext

func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentCommentListIterator) NotDone

func (iter IncidentCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentCommentListIterator) Response

Response returns the raw server response from the last page request.

func (IncidentCommentListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentCommentListPage

type IncidentCommentListPage struct {
	// contains filtered or unexported fields
}

IncidentCommentListPage contains a page of IncidentComment values.

func NewIncidentCommentListPage

func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage

Creates a new instance of the IncidentCommentListPage type.

func (*IncidentCommentListPage) Next

func (page *IncidentCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListPage) NextWithContext

func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentCommentListPage) NotDone

func (page IncidentCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentCommentListPage) Response

Response returns the raw server response from the last page request.

func (IncidentCommentListPage) Values

func (page IncidentCommentListPage) Values() []IncidentComment

Values returns the slice of values for the current page or nil if there are no values.

type IncidentCommentProperties

type IncidentCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The time the comment was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// Author - READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty"`
}

IncidentCommentProperties incident comment property bag.

func (IncidentCommentProperties) MarshalJSON

func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentProperties.

type IncidentCommentsClient

type IncidentCommentsClient struct {
	BaseClient
}

IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentCommentsClient

func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client.

func NewIncidentCommentsClientWithBaseURI

func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentCommentsClient) CreateComment

func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error)

CreateComment creates or updates the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID incidentComment - the incident comment

func (IncidentCommentsClient) CreateCommentPreparer

func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (IncidentCommentsClient) CreateCommentResponder

func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) CreateCommentSender

func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) DeleteComment

func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error)

DeleteComment delete the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) DeleteCommentPreparer

func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

DeleteCommentPreparer prepares the DeleteComment request.

func (IncidentCommentsClient) DeleteCommentResponder

func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error)

DeleteCommentResponder handles the response to the DeleteComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) DeleteCommentSender

func (client IncidentCommentsClient) DeleteCommentSender(req *http.Request) (*http.Response, error)

DeleteCommentSender sends the DeleteComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) GetComment

func (client IncidentCommentsClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error)

GetComment gets an incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) GetCommentPreparer

func (client IncidentCommentsClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (IncidentCommentsClient) GetCommentResponder

func (client IncidentCommentsClient) GetCommentResponder(resp *http.Response) (result IncidentComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) GetCommentSender

func (client IncidentCommentsClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) ListByIncident

func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error)

ListByIncident gets all incident comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentCommentsClient) ListByIncidentComplete

func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error)

ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentCommentsClient) ListByIncidentPreparer

func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByIncidentPreparer prepares the ListByIncident request.

func (IncidentCommentsClient) ListByIncidentResponder

func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error)

ListByIncidentResponder handles the response to the ListByIncident request. The method always closes the http.Response Body.

func (IncidentCommentsClient) ListByIncidentSender

func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error)

ListByIncidentSender sends the ListByIncident request. The method will close the http.Response Body if it receives an error.

type IncidentConfiguration

type IncidentConfiguration struct {
	// CreateIncident - Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool `json:"createIncident,omitempty"`
	// GroupingConfiguration - Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}

IncidentConfiguration incident Configuration property bag.

type IncidentEntitiesResponse

type IncidentEntitiesResponse struct {
	autorest.Response `json:"-"`
	// Entities - Array of the incident related entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
	// MetaData - The metadata from the incident related entities results.
	MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"`
}

IncidentEntitiesResponse the incident related entities response.

func (*IncidentEntitiesResponse) UnmarshalJSON

func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct.

type IncidentEntitiesResultsMetadata

type IncidentEntitiesResultsMetadata struct {
	// Count - Total number of aggregations of the given kind in the incident related entities result.
	Count *int32 `json:"count,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities result.

type IncidentInfo

type IncidentInfo struct {
	// IncidentID - Incident Id
	IncidentID *string `json:"incidentId,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
	// RelationName - Relation Name
	RelationName *string `json:"relationName,omitempty"`
}

IncidentInfo describes related incident information for the bookmark

type IncidentLabel

type IncidentLabel struct {
	// LabelName - The name of the label
	LabelName *string `json:"labelName,omitempty"`
	// LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System'
	LabelType IncidentLabelType `json:"labelType,omitempty"`
}

IncidentLabel represents an incident label

func (IncidentLabel) MarshalJSON

func (il IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentLabel.

type IncidentLabelType

type IncidentLabelType string

IncidentLabelType enumerates the values for incident label type.

const (
	// System Label automatically created by the system
	System IncidentLabelType = "System"
	// User Label manually created by a user
	User IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.

type IncidentList

type IncidentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of incidents.
	Value *[]Incident `json:"value,omitempty"`
}

IncidentList list all the incidents.

func (IncidentList) IsEmpty

func (il IncidentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentList) MarshalJSON

func (il IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentList.

type IncidentListIterator

type IncidentListIterator struct {
	// contains filtered or unexported fields
}

IncidentListIterator provides access to a complete listing of Incident values.

func NewIncidentListIterator

func NewIncidentListIterator(page IncidentListPage) IncidentListIterator

Creates a new instance of the IncidentListIterator type.

func (*IncidentListIterator) Next

func (iter *IncidentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListIterator) NextWithContext

func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentListIterator) NotDone

func (iter IncidentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentListIterator) Response

func (iter IncidentListIterator) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListIterator) Value

func (iter IncidentListIterator) Value() Incident

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentListPage

type IncidentListPage struct {
	// contains filtered or unexported fields
}

IncidentListPage contains a page of Incident values.

func NewIncidentListPage

func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage

Creates a new instance of the IncidentListPage type.

func (*IncidentListPage) Next

func (page *IncidentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListPage) NextWithContext

func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentListPage) NotDone

func (page IncidentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentListPage) Response

func (page IncidentListPage) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListPage) Values

func (page IncidentListPage) Values() []Incident

Values returns the slice of values for the current page or nil if there are no values.

type IncidentOwnerInfo

type IncidentOwnerInfo struct {
	// Email - The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`
	// AssignedTo - The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`
	// ObjectID - The object id of the user the incident is assigned to.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

IncidentOwnerInfo information on the user an incident is assigned to

type IncidentProperties

type IncidentProperties struct {
	// AdditionalData - READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"`
	// Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUndetermined', 'IncidentClassificationTruePositive', 'IncidentClassificationBenignPositive', 'IncidentClassificationFalsePositive'
	Classification IncidentClassification `json:"classification,omitempty"`
	// ClassificationComment - Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`
	// ClassificationReason - The classification reason the incident was closed with. Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData'
	ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the incident was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the incident
	Description *string `json:"description,omitempty"`
	// FirstActivityTimeUtc - The time of the first activity in the incident
	FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"`
	// IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty"`
	// IncidentNumber - READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty"`
	// Labels - List of labels relevant to this incident
	Labels *[]IncidentLabel `json:"labels,omitempty"`
	// LastActivityTimeUtc - The time of the last activity in the incident
	LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Owner - Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`
	// RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed'
	Status IncidentStatus `json:"status,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentProperties describes incident properties

func (IncidentProperties) MarshalJSON

func (IP IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentProperties.

type IncidentRelationsClient

type IncidentRelationsClient struct {
	BaseClient
}

IncidentRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentRelationsClient

func NewIncidentRelationsClient(subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClient creates an instance of the IncidentRelationsClient client.

func NewIncidentRelationsClientWithBaseURI

func NewIncidentRelationsClientWithBaseURI(baseURI string, subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClientWithBaseURI creates an instance of the IncidentRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentRelationsClient) CreateOrUpdateRelation

func (client IncidentRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdateRelation creates or updates the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name relation - the relation model

func (IncidentRelationsClient) CreateOrUpdateRelationPreparer

func (client IncidentRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (IncidentRelationsClient) CreateOrUpdateRelationResponder

func (client IncidentRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) CreateOrUpdateRelationSender

func (client IncidentRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) DeleteRelation

func (client IncidentRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) DeleteRelationPreparer

func (client IncidentRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (IncidentRelationsClient) DeleteRelationResponder

func (client IncidentRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) DeleteRelationSender

func (client IncidentRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) GetRelation

func (client IncidentRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result Relation, err error)

GetRelation gets an incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) GetRelationPreparer

func (client IncidentRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (IncidentRelationsClient) GetRelationResponder

func (client IncidentRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) GetRelationSender

func (client IncidentRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) List

func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all incident relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentRelationsClient) ListComplete

func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentRelationsClient) ListPreparer

func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentRelationsClient) ListResponder

func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentRelationsClient) ListSender

func (client IncidentRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IncidentSeverity

type IncidentSeverity string

IncidentSeverity enumerates the values for incident severity.

const (
	// IncidentSeverityHigh High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.

type IncidentStatus

type IncidentStatus string

IncidentStatus enumerates the values for incident status.

const (
	// IncidentStatusActive An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.

type IncidentsClient

type IncidentsClient struct {
	BaseClient
}

IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentsClient

func NewIncidentsClient(subscriptionID string) IncidentsClient

NewIncidentsClient creates an instance of the IncidentsClient client.

func NewIncidentsClientWithBaseURI

func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient

NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentsClient) CreateOrUpdate

func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (result Incident, err error)

CreateOrUpdate creates or updates the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incident - the incident

func (IncidentsClient) CreateOrUpdatePreparer

func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentsClient) CreateOrUpdateResponder

func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentsClient) CreateOrUpdateSender

func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Delete

func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result autorest.Response, err error)

Delete delete the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) DeletePreparer

func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentsClient) DeleteResponder

func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentsClient) DeleteSender

func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Get

func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result Incident, err error)

Get gets an incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) GetPreparer

func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentsClient) GetResponder

func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentsClient) GetSender

func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) List

func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error)

List gets all incidents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentsClient) ListComplete

func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentsClient) ListOfAlerts

func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentAlertList, err error)

ListOfAlerts gets all incident alerts. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfAlertsPreparer

func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfAlertsPreparer prepares the ListOfAlerts request.

func (IncidentsClient) ListOfAlertsResponder

func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error)

ListOfAlertsResponder handles the response to the ListOfAlerts request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfAlertsSender

func (client IncidentsClient) ListOfAlertsSender(req *http.Request) (*http.Response, error)

ListOfAlertsSender sends the ListOfAlerts request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListOfBookmarks

func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error)

ListOfBookmarks gets all incident bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfBookmarksPreparer

func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfBookmarksPreparer prepares the ListOfBookmarks request.

func (IncidentsClient) ListOfBookmarksResponder

func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error)

ListOfBookmarksResponder handles the response to the ListOfBookmarks request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfBookmarksSender

func (client IncidentsClient) ListOfBookmarksSender(req *http.Request) (*http.Response, error)

ListOfBookmarksSender sends the ListOfBookmarks request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListOfEntities

func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error)

ListOfEntities gets all incident related entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfEntitiesPreparer

func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfEntitiesPreparer prepares the ListOfEntities request.

func (IncidentsClient) ListOfEntitiesResponder

func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error)

ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfEntitiesSender

func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error)

ListOfEntitiesSender sends the ListOfEntities request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListPreparer

func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentsClient) ListResponder

func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentsClient) ListSender

func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IoTDeviceEntity

type IoTDeviceEntity struct {
	// IoTDeviceEntityProperties - IoTDevice entity properties
	*IoTDeviceEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

IoTDeviceEntity represents an IoT device entity.

func (IoTDeviceEntity) AsAccountEntity

func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsAzureResourceEntity

func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsBasicEntity

func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsCloudApplicationEntity

func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsDNSEntity

func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsEntity

func (itde IoTDeviceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileEntity

func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileHashEntity

func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHostEntity

func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHuntingBookmark

func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIPEntity

func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIoTDeviceEntity

func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMalwareEntity

func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsProcessEntity

func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryKeyEntity

func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryValueEntity

func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityAlert

func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityGroupEntity

func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsURLEntity

func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON

func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON

func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct.

type IoTDeviceEntityProperties

type IoTDeviceEntityProperties struct {
	// DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string `json:"deviceId,omitempty"`
	// IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"`
	// DeviceType - READ-ONLY; The type of the device
	DeviceType *string `json:"deviceType,omitempty"`
	// Vendor - READ-ONLY; The vendor of the device
	Vendor *string `json:"vendor,omitempty"`
	// EdgeID - READ-ONLY; The ID of the edge device
	EdgeID *string `json:"edgeId,omitempty"`
	// IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string `json:"iotHubEntityId,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id of this device
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IoTDeviceEntityProperties ioTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON

func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntityProperties.

type KillChainIntent

type KillChainIntent string

KillChainIntent enumerates the values for kill chain intent.

const (
	// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
	// such as sensitive files, from a target network prior to exfiltration. This category also covers
	// locations on a system or network where the adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
	// with systems under their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
	// control over system, domain, or service credentials that are used within an enterprise environment.
	// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
	// (local system administrator or domain users with administrator access) to use within the network. With
	// sufficient access within a network, an adversary can create accounts for later use within the
	// environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
	// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
	// in other categories that have the added benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
	// about the system and internal network. When adversaries gain access to a new system, they must orient
	// themselves to what they now have control of and what benefits operating from that system give to their
	// current objective or overall goals during the intrusion. The operating system provides many native tools
	// that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution The execution tactic represents techniques that result in execution of
	// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
	// lateral movement to expand access to remote systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
	// adversary removing files and information from a target network. This category also covers locations on a
	// system or network where the adversary may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
	// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
	// user accounts, certificates etc. Adversaries will often be able to control the resource after this
	// stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
	// integrity of a system, service, or network; including manipulation of data to impact a business or
	// operational process. This would often refer to techniques such as ransom-ware, defacement, data
	// manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
	// access and control remote systems on a network and could, but does not necessarily, include execution of
	// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
	// from a system without needing additional tools, such as a remote access tool. An adversary can use
	// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
	// access to specific information or files, access to additional credentials, or to cause an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
	// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
	// to systems through interruptions such as system restarts, loss of credentials, or other failures that
	// would require a remote access tool to restart or alternate backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
	// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
	// higher level of privilege to work and are likely necessary at many points throughout an operation. User
	// accounts with permissions to access specific systems or perform specific functions necessary for
	// adversaries to achieve their objective may also be considered an escalation of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
	// malicious intent or a failed attempt to gain access to a target system to gather information prior to
	// exploitation. This step is usually detected as an attempt originating from outside the network in
	// attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.

type Kind

type Kind string

Kind enumerates the values for kind.

const (
	// KindAggregations ...
	KindAggregations Kind = "Aggregations"
	// KindCasesAggregation ...
	KindCasesAggregation Kind = "CasesAggregation"
)

func PossibleKindValues

func PossibleKindValues() []Kind

PossibleKindValues returns an array of possible values for the Kind const type.

type KindBasicAlertRule

type KindBasicAlertRule string

KindBasicAlertRule enumerates the values for kind basic alert rule.

const (
	// KindAlertRule ...
	KindAlertRule KindBasicAlertRule = "AlertRule"
	// KindFusion ...
	KindFusion KindBasicAlertRule = "Fusion"
	// KindMicrosoftSecurityIncidentCreation ...
	KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation"
	// KindScheduled ...
	KindScheduled KindBasicAlertRule = "Scheduled"
)

func PossibleKindBasicAlertRuleValues

func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule

PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.

type KindBasicAlertRuleTemplate

type KindBasicAlertRuleTemplate string

KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template.

const (
	// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
	KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
	// KindBasicAlertRuleTemplateKindFusion ...
	KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
	// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleTemplateKindScheduled ...
	KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
)

func PossibleKindBasicAlertRuleTemplateValues

func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate

PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.

type KindBasicDataConnector

type KindBasicDataConnector string

KindBasicDataConnector enumerates the values for kind basic data connector.

const (
	// KindAmazonWebServicesCloudTrail ...
	KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
	// KindAzureActiveDirectory ...
	KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
	// KindAzureAdvancedThreatProtection ...
	KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
	// KindAzureSecurityCenter ...
	KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
	// KindDataConnector ...
	KindDataConnector KindBasicDataConnector = "DataConnector"
	// KindMicrosoftCloudAppSecurity ...
	KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
	// KindMicrosoftDefenderAdvancedThreatProtection ...
	KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
	// KindOffice365 ...
	KindOffice365 KindBasicDataConnector = "Office365"
	// KindOfficeATP ...
	KindOfficeATP KindBasicDataConnector = "OfficeATP"
	// KindThreatIntelligence ...
	KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
	// KindThreatIntelligenceTaxii ...
	KindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorValues

func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector

PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.

type KindBasicDataConnectorsCheckRequirements

type KindBasicDataConnectorsCheckRequirements string

KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check requirements.

const (
	// KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ...
	KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail"
	// KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ...
	KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory"
	// KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ...
	KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter"
	// KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ...
	KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindOfficeATP ...
	KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorsCheckRequirementsValues

func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements

PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type.

type KindBasicEntity

type KindBasicEntity string

KindBasicEntity enumerates the values for kind basic entity.

const (
	// KindAccount ...
	KindAccount KindBasicEntity = "Account"
	// KindAzureResource ...
	KindAzureResource KindBasicEntity = "AzureResource"
	// KindBookmark ...
	KindBookmark KindBasicEntity = "Bookmark"
	// KindCloudApplication ...
	KindCloudApplication KindBasicEntity = "CloudApplication"
	// KindDNSResolution ...
	KindDNSResolution KindBasicEntity = "DnsResolution"
	// KindEntity ...
	KindEntity KindBasicEntity = "Entity"
	// KindFile ...
	KindFile KindBasicEntity = "File"
	// KindFileHash ...
	KindFileHash KindBasicEntity = "FileHash"
	// KindHost ...
	KindHost KindBasicEntity = "Host"
	// KindIoTDevice ...
	KindIoTDevice KindBasicEntity = "IoTDevice"
	// KindIP ...
	KindIP KindBasicEntity = "Ip"
	// KindMalware ...
	KindMalware KindBasicEntity = "Malware"
	// KindProcess ...
	KindProcess KindBasicEntity = "Process"
	// KindRegistryKey ...
	KindRegistryKey KindBasicEntity = "RegistryKey"
	// KindRegistryValue ...
	KindRegistryValue KindBasicEntity = "RegistryValue"
	// KindSecurityAlert ...
	KindSecurityAlert KindBasicEntity = "SecurityAlert"
	// KindSecurityGroup ...
	KindSecurityGroup KindBasicEntity = "SecurityGroup"
	// KindURL ...
	KindURL KindBasicEntity = "Url"
)

func PossibleKindBasicEntityValues

func PossibleKindBasicEntityValues() []KindBasicEntity

PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.

type KindBasicEntityTimelineItem

type KindBasicEntityTimelineItem string

KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item.

const (
	// KindBasicEntityTimelineItemKindActivity ...
	KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity"
	// KindBasicEntityTimelineItemKindBookmark ...
	KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark"
	// KindBasicEntityTimelineItemKindEntityTimelineItem ...
	KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem"
	// KindBasicEntityTimelineItemKindSecurityAlert ...
	KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert"
)

func PossibleKindBasicEntityTimelineItemValues

func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem

PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type.

type KindBasicSettings

type KindBasicSettings string

KindBasicSettings enumerates the values for kind basic settings.

const (
	// KindEntityAnalytics ...
	KindEntityAnalytics KindBasicSettings = "EntityAnalytics"
	// KindEyesOn ...
	KindEyesOn KindBasicSettings = "EyesOn"
	// KindSettings ...
	KindSettings KindBasicSettings = "Settings"
	// KindUeba ...
	KindUeba KindBasicSettings = "Ueba"
)

func PossibleKindBasicSettingsValues

func PossibleKindBasicSettingsValues() []KindBasicSettings

PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.

type KindBasicThreatIntelligenceInformation

type KindBasicThreatIntelligenceInformation string

KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information.

const (
	// KindIndicator ...
	KindIndicator KindBasicThreatIntelligenceInformation = "indicator"
	// KindThreatIntelligenceInformation ...
	KindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation"
)

func PossibleKindBasicThreatIntelligenceInformationValues

func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation

PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type.

type MCASCheckRequirements

type MCASCheckRequirements struct {
	// MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.
	*MCASCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MCASCheckRequirements represents MCAS (Microsoft Cloud App Security) requirements check request.

func (MCASCheckRequirements) AsAADCheckRequirements

func (mcr MCASCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAATPCheckRequirements

func (mcr MCASCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsASCCheckRequirements

func (mcr MCASCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAwsCloudTrailCheckRequirements

func (mcr MCASCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (mcr MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsDataConnectorsCheckRequirements

func (mcr MCASCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMCASCheckRequirements

func (mcr MCASCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMDATPCheckRequirements

func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsOfficeATPCheckRequirements

func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTICheckRequirements

func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTiTaxiiCheckRequirements

func (mcr MCASCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) MarshalJSON

func (mcr MCASCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASCheckRequirements.

func (*MCASCheckRequirements) UnmarshalJSON

func (mcr *MCASCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASCheckRequirements struct.

type MCASCheckRequirementsProperties

type MCASCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASCheckRequirementsProperties MCAS (Microsoft Cloud App Security) requirements check properties.

type MCASDataConnector

type MCASDataConnector struct {
	// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
	*MCASDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnector) AsAADDataConnector

func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAATPDataConnector

func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsASCDataConnector

func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsCloudTrailDataConnector

func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsBasicDataConnector

func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDataConnector

func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMCASDataConnector

func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMDATPDataConnector

func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeATPDataConnector

func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeDataConnector

func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTIDataConnector

func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTiTaxiiDataConnector

func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) MarshalJSON

func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON

func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.

type MCASDataConnectorDataTypes

type MCASDataConnectorDataTypes struct {
	// DiscoveryLogs - Discovery log data type connection.
	DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"`
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorDataTypesDiscoveryLogs

type MCASDataConnectorDataTypesDiscoveryLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection.

type MCASDataConnectorProperties

type MCASDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPCheckRequirements

type MDATPCheckRequirements struct {
	// MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
	*MDATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.

func (MDATPCheckRequirements) AsAADCheckRequirements

func (mcr MDATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAATPCheckRequirements

func (mcr MDATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsASCCheckRequirements

func (mcr MDATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements

func (mcr MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (mcr MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsDataConnectorsCheckRequirements

func (mcr MDATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMCASCheckRequirements

func (mcr MDATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMDATPCheckRequirements

func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsOfficeATPCheckRequirements

func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTICheckRequirements

func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTiTaxiiCheckRequirements

func (mcr MDATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) MarshalJSON

func (mcr MDATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPCheckRequirements.

func (*MDATPCheckRequirements) UnmarshalJSON

func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPCheckRequirements struct.

type MDATPCheckRequirementsProperties

type MDATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.

type MDATPDataConnector

type MDATPDataConnector struct {
	// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	*MDATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (MDATPDataConnector) AsAADDataConnector

func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAATPDataConnector

func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsASCDataConnector

func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsCloudTrailDataConnector

func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsBasicDataConnector

func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDataConnector

func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMCASDataConnector

func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMDATPDataConnector

func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeATPDataConnector

func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeDataConnector

func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTIDataConnector

func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTiTaxiiDataConnector

func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON

func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON

func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.

type MDATPDataConnectorProperties

type MDATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MalwareEntity

type MalwareEntity struct {
	// MalwareEntityProperties - File entity properties
	*MalwareEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

MalwareEntity represents a malware entity.

func (MalwareEntity) AsAccountEntity

func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsAzureResourceEntity

func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsBasicEntity

func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsCloudApplicationEntity

func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsDNSEntity

func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsEntity

func (me MalwareEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileEntity

func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileHashEntity

func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHostEntity

func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHuntingBookmark

func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIPEntity

func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIoTDeviceEntity

func (me MalwareEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMalwareEntity

func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsProcessEntity

func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryKeyEntity

func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryValueEntity

func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityAlert

func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityGroupEntity

func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsURLEntity

func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) MarshalJSON

func (me MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntity.

func (*MalwareEntity) UnmarshalJSON

func (me *MalwareEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.

type MalwareEntityProperties

type MalwareEntityProperties struct {
	// Category - READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty"`
	// FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIds *[]string `json:"fileEntityIds,omitempty"`
	// MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty"`
	// ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIds *[]string `json:"processEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MalwareEntityProperties malware entity property bag.

func (MalwareEntityProperties) MarshalJSON

func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntityProperties.

type MicrosoftSecurityIncidentCreationAlertRule

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties
	*MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule

AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON

func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON

func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.

type MicrosoftSecurityIncidentCreationAlertRuleProperties

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
	*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON

func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName enumerates the values for microsoft security product name.

const (
	// AzureActiveDirectoryIdentityProtection ...
	AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	// AzureAdvancedThreatProtection ...
	AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	// AzureSecurityCenter ...
	AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
	// AzureSecurityCenterforIoT ...
	AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT"
	// MicrosoftCloudAppSecurity ...
	MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
	// MicrosoftDefenderAdvancedThreatProtection ...
	MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
	// Office365AdvancedThreatProtection ...
	Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)

func PossibleMicrosoftSecurityProductNameValues

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.

type OSFamily

type OSFamily string

OSFamily enumerates the values for os family.

const (
	// Android Host with Android operating system.
	Android OSFamily = "Android"
	// IOS Host with IOS operating system.
	IOS OSFamily = "IOS"
	// Linux Host with Linux operating system.
	Linux OSFamily = "Linux"
	// Windows Host with Windows operating system.
	Windows OSFamily = "Windows"
)

func PossibleOSFamilyValues

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.

type OfficeATPCheckRequirements

type OfficeATPCheckRequirements struct {
	// OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
	*OfficeATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.

func (OfficeATPCheckRequirements) AsAADCheckRequirements

func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAATPCheckRequirements

func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsASCCheckRequirements

func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements

func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements

func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMCASCheckRequirements

func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMDATPCheckRequirements

func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsOfficeATPCheckRequirements

func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTICheckRequirements

func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements

func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) MarshalJSON

func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPCheckRequirements.

func (*OfficeATPCheckRequirements) UnmarshalJSON

func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct.

type OfficeATPCheckRequirementsProperties

type OfficeATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check properties.

type OfficeATPDataConnector

type OfficeATPDataConnector struct {
	// OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
	*OfficeATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector.

func (OfficeATPDataConnector) AsAADDataConnector

func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAATPDataConnector

func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsASCDataConnector

func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAwsCloudTrailDataConnector

func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsBasicDataConnector

func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsDataConnector

func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMCASDataConnector

func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMDATPDataConnector

func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeATPDataConnector

func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeDataConnector

func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTIDataConnector

func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTiTaxiiDataConnector

func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) MarshalJSON

func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPDataConnector.

func (*OfficeATPDataConnector) UnmarshalJSON

func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct.

type OfficeATPDataConnectorProperties

type OfficeATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector properties.

type OfficeConsent

type OfficeConsent struct {
	autorest.Response `json:"-"`
	// OfficeConsentProperties - Office consent properties
	*OfficeConsentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

OfficeConsent consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON

func (oc OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsent.

func (*OfficeConsent) UnmarshalJSON

func (oc *OfficeConsent) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.

type OfficeConsentList

type OfficeConsentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of the consents.
	Value *[]OfficeConsent `json:"value,omitempty"`
}

OfficeConsentList list of all the office365 consents.

func (OfficeConsentList) IsEmpty

func (ocl OfficeConsentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (OfficeConsentList) MarshalJSON

func (ocl OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentList.

type OfficeConsentListIterator

type OfficeConsentListIterator struct {
	// contains filtered or unexported fields
}

OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.

func NewOfficeConsentListIterator

func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator

Creates a new instance of the OfficeConsentListIterator type.

func (*OfficeConsentListIterator) Next

func (iter *OfficeConsentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListIterator) NextWithContext

func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OfficeConsentListIterator) NotDone

func (iter OfficeConsentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OfficeConsentListIterator) Response

Response returns the raw server response from the last page request.

func (OfficeConsentListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OfficeConsentListPage

type OfficeConsentListPage struct {
	// contains filtered or unexported fields
}

OfficeConsentListPage contains a page of OfficeConsent values.

func NewOfficeConsentListPage

func NewOfficeConsentListPage(cur OfficeConsentList, getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage

Creates a new instance of the OfficeConsentListPage type.

func (*OfficeConsentListPage) Next

func (page *OfficeConsentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListPage) NextWithContext

func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OfficeConsentListPage) NotDone

func (page OfficeConsentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OfficeConsentListPage) Response

func (page OfficeConsentListPage) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListPage) Values

func (page OfficeConsentListPage) Values() []OfficeConsent

Values returns the slice of values for the current page or nil if there are no values.

type OfficeConsentProperties

type OfficeConsentProperties struct {
	// TenantID - The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
	// TenantName - READ-ONLY; The tenant name of the Office365 with the consent.
	TenantName *string `json:"tenantName,omitempty"`
}

OfficeConsentProperties consent property bag.

func (OfficeConsentProperties) MarshalJSON

func (ocp OfficeConsentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentProperties.

type OfficeConsentsClient

type OfficeConsentsClient struct {
	BaseClient
}

OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOfficeConsentsClient

func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.

func NewOfficeConsentsClientWithBaseURI

func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OfficeConsentsClient) Delete

func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error)

Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) DeletePreparer

func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (OfficeConsentsClient) DeleteResponder

func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (OfficeConsentsClient) DeleteSender

func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) Get

func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result OfficeConsent, err error)

Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) GetPreparer

func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (OfficeConsentsClient) GetResponder

func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (OfficeConsentsClient) GetSender

func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) List

func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListPage, err error)

List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (OfficeConsentsClient) ListComplete

func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OfficeConsentsClient) ListPreparer

func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (OfficeConsentsClient) ListResponder

func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OfficeConsentsClient) ListSender

func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OfficeDataConnector

type OfficeDataConnector struct {
	// OfficeDataConnectorProperties - Office data connector properties.
	*OfficeDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

OfficeDataConnector represents office data connector.

func (OfficeDataConnector) AsAADDataConnector

func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAATPDataConnector

func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsASCDataConnector

func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsCloudTrailDataConnector

func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsBasicDataConnector

func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDataConnector

func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMCASDataConnector

func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMDATPDataConnector

func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeATPDataConnector

func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeDataConnector

func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTIDataConnector

func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTiTaxiiDataConnector

func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON

func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON

func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.

type OfficeDataConnectorDataTypes

type OfficeDataConnectorDataTypes struct {
	// Exchange - Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`
	// SharePoint - SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`
	// Teams - Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"`
}

OfficeDataConnectorDataTypes the available data types for office data connector.

type OfficeDataConnectorDataTypesExchange

type OfficeDataConnectorDataTypesExchange struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint

type OfficeDataConnectorDataTypesSharePoint struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.

type OfficeDataConnectorDataTypesTeams

type OfficeDataConnectorDataTypesTeams struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesTeams teams data type connection.

type OfficeDataConnectorProperties

type OfficeDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties office data connector properties.

type Operation

type Operation struct {
	// Display - Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`
	// Name - Name of the operation
	Name *string `json:"name,omitempty"`
}

Operation operation provided by provider

type OperationDisplay

type OperationDisplay struct {
	// Description - Description of the operation
	Description *string `json:"description,omitempty"`
	// Operation - Operation name
	Operation *string `json:"operation,omitempty"`
	// Provider - Provider name
	Provider *string `json:"provider,omitempty"`
	// Resource - Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay properties of the operation

type OperationsClient

type OperationsClient struct {
	BaseClient
}

OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOperationsClient

func NewOperationsClient(subscriptionID string) OperationsClient

NewOperationsClient creates an instance of the OperationsClient client.

func NewOperationsClientWithBaseURI

func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient

NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OperationsClient) List

func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)

List lists all operations available Azure Security Insights Resource Provider.

func (OperationsClient) ListComplete

func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OperationsClient) ListPreparer

func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)

ListPreparer prepares the List request.

func (OperationsClient) ListResponder

func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OperationsClient) ListSender

func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OperationsList

type OperationsList struct {
	autorest.Response `json:"-"`
	// NextLink - URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of operations
	Value *[]Operation `json:"value,omitempty"`
}

OperationsList lists the operations available in the SecurityInsights RP.

func (OperationsList) IsEmpty

func (ol OperationsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type OperationsListIterator

type OperationsListIterator struct {
	// contains filtered or unexported fields
}

OperationsListIterator provides access to a complete listing of Operation values.

func NewOperationsListIterator

func NewOperationsListIterator(page OperationsListPage) OperationsListIterator

Creates a new instance of the OperationsListIterator type.

func (*OperationsListIterator) Next

func (iter *OperationsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListIterator) NextWithContext

func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OperationsListIterator) NotDone

func (iter OperationsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OperationsListIterator) Response

func (iter OperationsListIterator) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListIterator) Value

func (iter OperationsListIterator) Value() Operation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OperationsListPage

type OperationsListPage struct {
	// contains filtered or unexported fields
}

OperationsListPage contains a page of Operation values.

func NewOperationsListPage

func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage

Creates a new instance of the OperationsListPage type.

func (*OperationsListPage) Next

func (page *OperationsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListPage) NextWithContext

func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OperationsListPage) NotDone

func (page OperationsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OperationsListPage) Response

func (page OperationsListPage) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListPage) Values

func (page OperationsListPage) Values() []Operation

Values returns the slice of values for the current page or nil if there are no values.

type ProcessEntity

type ProcessEntity struct {
	// ProcessEntityProperties - Process entity properties
	*ProcessEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

ProcessEntity represents a process entity.

func (ProcessEntity) AsAccountEntity

func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsAzureResourceEntity

func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsBasicEntity

func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsCloudApplicationEntity

func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsDNSEntity

func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsEntity

func (peVar ProcessEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileEntity

func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileHashEntity

func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHostEntity

func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHuntingBookmark

func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIPEntity

func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIoTDeviceEntity

func (peVar ProcessEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMalwareEntity

func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsProcessEntity

func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryKeyEntity

func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryValueEntity

func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityAlert

func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityGroupEntity

func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsURLEntity

func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) MarshalJSON

func (peVar ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntity.

func (*ProcessEntity) UnmarshalJSON

func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.

type ProcessEntityProperties

type ProcessEntityProperties struct {
	// AccountEntityID - READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty"`
	// CommandLine - READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty"`
	// CreationTimeUtc - READ-ONLY; The time when the process started to run
	CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"`
	// ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited'
	ElevationToken ElevationToken `json:"elevationToken,omitempty"`
	// HostEntityID - READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"`
	// ImageFileEntityID - READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty"`
	// ParentProcessEntityID - READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"`
	// ProcessID - READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ProcessEntityProperties process entity property bag.

func (ProcessEntityProperties) MarshalJSON

func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntityProperties.

type ProductSettingsClient

type ProductSettingsClient struct {
	BaseClient
}

ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewProductSettingsClient

func NewProductSettingsClient(subscriptionID string) ProductSettingsClient

NewProductSettingsClient creates an instance of the ProductSettingsClient client.

func NewProductSettingsClientWithBaseURI

func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient

NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ProductSettingsClient) Delete

func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error)

Delete delete setting of the product. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) DeletePreparer

func (client ProductSettingsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ProductSettingsClient) DeleteResponder

func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ProductSettingsClient) DeleteSender

func (client ProductSettingsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Get

func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error)

Get gets a setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) GetAll

func (client ProductSettingsClient) GetAll(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result SettingList, err error)

GetAll list of all the settings Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (ProductSettingsClient) GetAllPreparer

func (client ProductSettingsClient) GetAllPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

GetAllPreparer prepares the GetAll request.

func (ProductSettingsClient) GetAllResponder

func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result SettingList, err error)

GetAllResponder handles the response to the GetAll request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetAllSender

func (client ProductSettingsClient) GetAllSender(req *http.Request) (*http.Response, error)

GetAllSender sends the GetAll request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) GetPreparer

func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ProductSettingsClient) GetResponder

func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetSender

func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Update

func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)

Update updates setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba settings - the setting

func (ProductSettingsClient) UpdatePreparer

func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)

UpdatePreparer prepares the Update request.

func (ProductSettingsClient) UpdateResponder

func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)

UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.

func (ProductSettingsClient) UpdateSender

func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)

UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.

type RegistryHive

type RegistryHive string

RegistryHive enumerates the values for registry hive.

const (
	// HKEYA HKEY_A
	HKEYA RegistryHive = "HKEY_A"
	// HKEYCLASSESROOT HKEY_CLASSES_ROOT
	HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG
	HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// HKEYCURRENTUSER HKEY_CURRENT_USER
	HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS
	HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// HKEYLOCALMACHINE HKEY_LOCAL_MACHINE
	HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA
	HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT
	HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT
	HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// HKEYUSERS HKEY_USERS
	HKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.

type RegistryKeyEntity

type RegistryKeyEntity struct {
	// RegistryKeyEntityProperties - RegistryKey entity properties
	*RegistryKeyEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryKeyEntity represents a registry key entity.

func (RegistryKeyEntity) AsAccountEntity

func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsAzureResourceEntity

func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsBasicEntity

func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsCloudApplicationEntity

func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsDNSEntity

func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsEntity

func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileEntity

func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileHashEntity

func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHostEntity

func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHuntingBookmark

func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIPEntity

func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIoTDeviceEntity

func (rke RegistryKeyEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMalwareEntity

func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsProcessEntity

func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryKeyEntity

func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryValueEntity

func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityAlert

func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityGroupEntity

func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsURLEntity

func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON

func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON

func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.

type RegistryKeyEntityProperties

type RegistryKeyEntityProperties struct {
	// Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER'
	Hive RegistryHive `json:"hive,omitempty"`
	// Key - READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryKeyEntityProperties registryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON

func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.

type RegistryValueEntity

type RegistryValueEntity struct {
	// RegistryValueEntityProperties - RegistryKey entity properties
	*RegistryValueEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryValueEntity represents a registry value entity.

func (RegistryValueEntity) AsAccountEntity

func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsAzureResourceEntity

func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsBasicEntity

func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsCloudApplicationEntity

func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsDNSEntity

func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsEntity

func (rve RegistryValueEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileEntity

func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileHashEntity

func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHostEntity

func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHuntingBookmark

func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIPEntity

func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIoTDeviceEntity

func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMalwareEntity

func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsProcessEntity

func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryKeyEntity

func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryValueEntity

func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityAlert

func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityGroupEntity

func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsURLEntity

func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON

func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON

func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.

type RegistryValueEntityProperties

type RegistryValueEntityProperties struct {
	// KeyEntityID - READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty"`
	// ValueData - READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty"`
	// ValueName - READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty"`
	// ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord'
	ValueType RegistryValueKind `json:"valueType,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryValueEntityProperties registryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON

func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntityProperties.

type RegistryValueKind

type RegistryValueKind string

RegistryValueKind enumerates the values for registry value kind.

const (
	// RegistryValueKindBinary Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.

type Relation

type Relation struct {
	autorest.Response `json:"-"`
	// RelationProperties - Relation properties
	*RelationProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Relation represents a relation between two resources

func (Relation) MarshalJSON

func (r Relation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Relation.

func (*Relation) UnmarshalJSON

func (r *Relation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Relation struct.

type RelationBase

type RelationBase struct {
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationBase represents a relation

func (RelationBase) MarshalJSON

func (rb RelationBase) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationBase.

type RelationList

type RelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]Relation `json:"value,omitempty"`
}

RelationList list of relations.

func (RelationList) IsEmpty

func (rl RelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (RelationList) MarshalJSON

func (rl RelationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationList.

type RelationListIterator

type RelationListIterator struct {
	// contains filtered or unexported fields
}

RelationListIterator provides access to a complete listing of Relation values.

func NewRelationListIterator

func NewRelationListIterator(page RelationListPage) RelationListIterator

Creates a new instance of the RelationListIterator type.

func (*RelationListIterator) Next

func (iter *RelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListIterator) NextWithContext

func (iter *RelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (RelationListIterator) NotDone

func (iter RelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (RelationListIterator) Response

func (iter RelationListIterator) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListIterator) Value

func (iter RelationListIterator) Value() Relation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type RelationListPage

type RelationListPage struct {
	// contains filtered or unexported fields
}

RelationListPage contains a page of Relation values.

func NewRelationListPage

func NewRelationListPage(cur RelationList, getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage

Creates a new instance of the RelationListPage type.

func (*RelationListPage) Next

func (page *RelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListPage) NextWithContext

func (page *RelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (RelationListPage) NotDone

func (page RelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (RelationListPage) Response

func (page RelationListPage) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListPage) Values

func (page RelationListPage) Values() []Relation

Values returns the slice of values for the current page or nil if there are no values.

type RelationNode

type RelationNode struct {
	// RelationNodeID - Relation Node Id
	RelationNodeID *string `json:"relationNodeId,omitempty"`
	// RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark'
	RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"`
	// Etag - Etag for relation node
	Etag *string `json:"etag,omitempty"`
	// RelationAdditionalProperties - Additional set of properties
	RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"`
}

RelationNode relation node

func (RelationNode) MarshalJSON

func (rn RelationNode) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationNode.

type RelationNodeKind

type RelationNodeKind string

RelationNodeKind enumerates the values for relation node kind.

const (
	// RelationNodeKindBookmark Bookmark node part of the relation
	RelationNodeKindBookmark RelationNodeKind = "Bookmark"
	// RelationNodeKindCase Case node part of the relation
	RelationNodeKindCase RelationNodeKind = "Case"
)

func PossibleRelationNodeKindValues

func PossibleRelationNodeKindValues() []RelationNodeKind

PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.

type RelationProperties

type RelationProperties struct {
	// RelatedResourceID - The resource ID of the related resource
	RelatedResourceID *string `json:"relatedResourceId,omitempty"`
	// RelatedResourceName - READ-ONLY; The name of the related resource
	RelatedResourceName *string `json:"relatedResourceName,omitempty"`
	// RelatedResourceType - READ-ONLY; The resource type of the related resource
	RelatedResourceType *string `json:"relatedResourceType,omitempty"`
	// RelatedResourceKind - READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string `json:"relatedResourceKind,omitempty"`
}

RelationProperties relation property bag.

func (RelationProperties) MarshalJSON

func (rp RelationProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationProperties.

type RelationTypes

type RelationTypes string

RelationTypes enumerates the values for relation types.

const (
	// CasesToBookmarks Relations between cases and bookmarks
	CasesToBookmarks RelationTypes = "CasesToBookmarks"
)

func PossibleRelationTypesValues

func PossibleRelationTypesValues() []RelationTypes

PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.

type RelationsModelInput

type RelationsModelInput struct {
	// RelationsModelInputProperties - Relation input properties
	*RelationsModelInputProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationsModelInput relation input model

func (RelationsModelInput) MarshalJSON

func (rmi RelationsModelInput) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationsModelInput.

func (*RelationsModelInput) UnmarshalJSON

func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct.

type RelationsModelInputProperties

type RelationsModelInputProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// SourceRelationNode - Relation source node
	SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"`
	// TargetRelationNode - Relation target node
	TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"`
}

RelationsModelInputProperties relation input properties

type Resource

type Resource struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

Resource an azure resource object

type ResourceWithEtag

type ResourceWithEtag struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ResourceWithEtag an azure resource object with an Etag property

func (ResourceWithEtag) MarshalJSON

func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ResourceWithEtag.

type ScheduledAlertRule

type ScheduledAlertRule struct {
	// ScheduledAlertRuleProperties - Scheduled alert rule properties
	*ScheduledAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

ScheduledAlertRule represents scheduled alert rule.

func (ScheduledAlertRule) AsAlertRule

func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsBasicAlertRule

func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsFusionAlertRule

func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsScheduledAlertRule

func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON

func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON

func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.

type ScheduledAlertRuleCommonProperties

type ScheduledAlertRuleCommonProperties struct {
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleCommonProperties schedule alert rule template property bag.

type ScheduledAlertRuleProperties

type ScheduledAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleProperties scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON

func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate

type ScheduledAlertRuleTemplate struct {
	// ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
	*ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

ScheduledAlertRuleTemplate represents scheduled alert rule template.

func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON

func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON

func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.

type ScheduledAlertRuleTemplateProperties

type ScheduledAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

ScheduledAlertRuleTemplateProperties scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON

func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties.

type SecurityAlert

type SecurityAlert struct {
	// SecurityAlertProperties - SecurityAlert entity properties
	*SecurityAlertProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityAlert represents a security alert entity.

func (SecurityAlert) AsAccountEntity

func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsAzureResourceEntity

func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsBasicEntity

func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsCloudApplicationEntity

func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsDNSEntity

func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsEntity

func (sa SecurityAlert) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileEntity

func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileHashEntity

func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHostEntity

func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHuntingBookmark

func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIPEntity

func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIoTDeviceEntity

func (sa SecurityAlert) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMalwareEntity

func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsProcessEntity

func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryKeyEntity

func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryValueEntity

func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityAlert

func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityGroupEntity

func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsURLEntity

func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) MarshalJSON

func (sa SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlert.

func (*SecurityAlert) UnmarshalJSON

func (sa *SecurityAlert) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.

type SecurityAlertProperties

type SecurityAlertProperties struct {
	// AlertDisplayName - READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty"`
	// AlertType - READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty"`
	// CompromisedEntity - READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty"`
	// ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh'
	ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"`
	// ConfidenceReasons - READ-ONLY; The confidence reasons
	ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"`
	// ConfidenceScore - READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty"`
	// ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final'
	ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"`
	// Description - READ-ONLY; Alert description.
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact'
	Intent KillChainIntent `json:"intent,omitempty"`
	// ProviderAlertID - READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string `json:"providerAlertId,omitempty"`
	// ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"`
	// ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty"`
	// ProductName - READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty"`
	// ProductVersion - READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty"`
	// RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps *[]string `json:"remediationSteps,omitempty"`
	// Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress'
	Status AlertStatus `json:"status,omitempty"`
	// SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// TimeGenerated - READ-ONLY; The time the alert was generated.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// VendorName - READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty"`
	// AlertLink - READ-ONLY; The uri link of the alert.
	AlertLink *string `json:"alertLink,omitempty"`
	// ResourceIdentifiers - READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityAlertProperties securityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON

func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// Reason - READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty"`
	// ReasonType - READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty"`
}

SecurityAlertPropertiesConfidenceReasonsItem confidence reason item

type SecurityAlertTimelineItem

type SecurityAlertTimelineItem struct {
	// AzureResourceID - The alert azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// ProductName - The alert product name.
	ProductName *string `json:"productName,omitempty"`
	// DisplayName - The alert name.
	DisplayName *string `json:"displayName,omitempty"`
	// Severity - The alert severity. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// EndTimeUtc - The alert end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - The alert start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// TimeGenerated - The alert generated time.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// AlertType - The name of the alert type.
	AlertType *string `json:"alertType,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

SecurityAlertTimelineItem represents security alert timeline item.

func (SecurityAlertTimelineItem) AsActivityTimelineItem

func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBasicEntityTimelineItem

func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBookmarkTimelineItem

func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsEntityTimelineItem

func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsSecurityAlertTimelineItem

func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) MarshalJSON

func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertTimelineItem.

type SecurityGroupEntity

type SecurityGroupEntity struct {
	// SecurityGroupEntityProperties - SecurityGroup entity properties
	*SecurityGroupEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityGroupEntity represents a security group entity.

func (SecurityGroupEntity) AsAccountEntity

func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsAzureResourceEntity

func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsBasicEntity

func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsCloudApplicationEntity

func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsDNSEntity

func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsEntity

func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileEntity

func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileHashEntity

func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHostEntity

func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHuntingBookmark

func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIPEntity

func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIoTDeviceEntity

func (sge SecurityGroupEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMalwareEntity

func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsProcessEntity

func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryKeyEntity

func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryValueEntity

func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityAlert

func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityGroupEntity

func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsURLEntity

func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON

func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON

func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.

type SecurityGroupEntityProperties

type SecurityGroupEntityProperties struct {
	// DistinguishedName - READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty"`
	// ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityGroupEntityProperties securityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON

func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.

type SettingKind

type SettingKind string

SettingKind enumerates the values for setting kind.

const (
	// SettingKindEntityAnalytics ...
	SettingKindEntityAnalytics SettingKind = "EntityAnalytics"
	// SettingKindEyesOn ...
	SettingKindEyesOn SettingKind = "EyesOn"
	// SettingKindUeba ...
	SettingKindUeba SettingKind = "Ueba"
)

func PossibleSettingKindValues

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns an array of possible values for the SettingKind const type.

type SettingList

type SettingList struct {
	autorest.Response `json:"-"`
	// Value - Array of settings.
	Value *[]BasicSettings `json:"value,omitempty"`
}

SettingList list of all the settings.

func (*SettingList) UnmarshalJSON

func (sl *SettingList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingList struct.

type Settings

type Settings struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Settings the Setting.

func (Settings) AsBasicSettings

func (s Settings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Settings.

func (Settings) AsEntityAnalytics

func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Settings.

func (Settings) AsEyesOn

func (s Settings) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Settings.

func (Settings) AsSettings

func (s Settings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Settings.

func (Settings) AsUeba

func (s Settings) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Settings.

func (Settings) MarshalJSON

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Settings.

type SettingsKind

type SettingsKind struct {
	// Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba'
	Kind SettingKind `json:"kind,omitempty"`
}

SettingsKind describes an Azure resource with kind.

type SettingsModel

type SettingsModel struct {
	autorest.Response `json:"-"`
	Value             BasicSettings `json:"value,omitempty"`
}

SettingsModel ...

func (*SettingsModel) UnmarshalJSON

func (sm *SettingsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingsModel struct.

type Source

type Source string

Source enumerates the values for source.

const (
	// Localfile ...
	Localfile Source = "Local file"
	// Remotestorage ...
	Remotestorage Source = "Remote storage"
)

func PossibleSourceValues

func PossibleSourceValues() []Source

PossibleSourceValues returns an array of possible values for the Source const type.

type TICheckRequirements

type TICheckRequirements struct {
	// TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties
	*TICheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TICheckRequirements threat Intelligence Platforms data connector check requirements

func (TICheckRequirements) AsAADCheckRequirements

func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAATPCheckRequirements

func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsASCCheckRequirements

func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAwsCloudTrailCheckRequirements

func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsBasicDataConnectorsCheckRequirements

func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsDataConnectorsCheckRequirements

func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMCASCheckRequirements

func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMDATPCheckRequirements

func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsOfficeATPCheckRequirements

func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTICheckRequirements

func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTiTaxiiCheckRequirements

func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) MarshalJSON

func (tcr TICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TICheckRequirements.

func (*TICheckRequirements) UnmarshalJSON

func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct.

type TICheckRequirementsProperties

type TICheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TICheckRequirementsProperties threat Intelligence Platforms data connector required properties.

type TIDataConnector

type TIDataConnector struct {
	// TIDataConnectorProperties - Threat Intelligence Platforms data connector properties.
	*TIDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

TIDataConnector data connector to pull threat intelligence data from TIP products.

func (TIDataConnector) AsAADDataConnector

func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAATPDataConnector

func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsASCDataConnector

func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsCloudTrailDataConnector

func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsBasicDataConnector

func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDataConnector

func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMCASDataConnector

func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMDATPDataConnector

func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeATPDataConnector

func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeDataConnector

func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTIDataConnector

func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTiTaxiiDataConnector

func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) MarshalJSON

func (tdc TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TIDataConnector.

func (*TIDataConnector) UnmarshalJSON

func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.

type TIDataConnectorDataTypes

type TIDataConnectorDataTypes struct {
	// Indicators - Data type for Threat Intelligence Platforms data connector.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes the available data types for Threat Intelligence Platforms data connector.

type TIDataConnectorDataTypesIndicators

type TIDataConnectorDataTypesIndicators struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators data type for Threat Intelligence Platforms data connector.

type TIDataConnectorProperties

type TIDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TIDataConnectorProperties threat Intelligence Platforms data connector properties.

type TemplateStatus

type TemplateStatus string

TemplateStatus enumerates the values for template status.

const (
	// Available Alert rule template is available.
	Available TemplateStatus = "Available"
	// Installed Alert rule template installed. and can not use more then once
	Installed TemplateStatus = "Installed"
	// NotAvailable Alert rule template is not available
	NotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.

type ThreatIntelligence

type ThreatIntelligence struct {
	// Confidence - READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty"`
	// ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty"`
	// ReportLink - READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty"`
	// ThreatDescription - READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty"`
	// ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty"`
	// ThreatType - READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty"`
}

ThreatIntelligence threatIntelligence property bag.

type ThreatIntelligenceAppendTags

type ThreatIntelligenceAppendTags struct {
	// ThreatIntelligenceTags - List of tags to be appended.
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
}

ThreatIntelligenceAppendTags array of tags to be appended to the threat intelligence indicator.

type ThreatIntelligenceFilteringCriteria

type ThreatIntelligenceFilteringCriteria struct {
	// PageSize - Page size
	PageSize *int32 `json:"pageSize,omitempty"`
	// MinConfidence - Minimum confidence.
	MinConfidence *int32 `json:"minConfidence,omitempty"`
	// MaxConfidence - Maximum confidence.
	MaxConfidence *int32 `json:"maxConfidence,omitempty"`
	// MinValidUntil - Start time for ValidUntil filter.
	MinValidUntil *string `json:"minValidUntil,omitempty"`
	// MaxValidUntil - End time for ValidUntil filter.
	MaxValidUntil *string `json:"maxValidUntil,omitempty"`
	// IncludeDisabled - Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool `json:"includeDisabled,omitempty"`
	// SortBy - Columns to sort by and sorting order
	SortBy *[]ThreatIntelligenceSortingCriteria1 `json:"sortBy,omitempty"`
	// Sources - Sources of threat intelligence indicators
	Sources *[]string `json:"sources,omitempty"`
	// PatternTypes - Pattern types
	PatternTypes *[]string `json:"patternTypes,omitempty"`
	// ThreatTypes - Threat types of threat intelligence indicators
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// Ids - Ids of threat intelligence indicators
	Ids *[]string `json:"ids,omitempty"`
	// Keywords - Keywords for searching threat intelligence indicators
	Keywords *[]string `json:"keywords,omitempty"`
	// SkipToken - Skip token.
	SkipToken *string `json:"skipToken,omitempty"`
}

ThreatIntelligenceFilteringCriteria filtering criteria for querying threat intelligence indicators.

type ThreatIntelligenceGranularMarkingModel

type ThreatIntelligenceGranularMarkingModel struct {
	// Language - Language granular marking model
	Language *string `json:"language,omitempty"`
	// MarkingRef - marking reference granular marking model
	MarkingRef *int32 `json:"markingRef,omitempty"`
	// Selectors - granular marking model selectors
	Selectors *[]string `json:"selectors,omitempty"`
}

ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity

type ThreatIntelligenceIndicatorClient

type ThreatIntelligenceIndicatorClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorClient

func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client.

func NewThreatIntelligenceIndicatorClientWithBaseURI

func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorClient) AppendTags

func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (result autorest.Response, err error)

AppendTags append tags to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceAppendTags - the threat intelligence append tags request body

func (ThreatIntelligenceIndicatorClient) AppendTagsPreparer

func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (*http.Request, error)

AppendTagsPreparer prepares the AppendTags request.

func (ThreatIntelligenceIndicatorClient) AppendTagsResponder

func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error)

AppendTagsResponder handles the response to the AppendTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) AppendTagsSender

func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error)

AppendTagsSender sends the AppendTags request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Create

func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

Create update a threat Intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicator

func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

CreateIndicator create a new threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreateIndicatorPreparer prepares the CreateIndicator request.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorResponder

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateIndicatorResponder handles the response to the CreateIndicator request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorSender

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error)

CreateIndicatorSender sends the CreateIndicator request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) CreatePreparer

func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreatePreparer prepares the Create request.

func (ThreatIntelligenceIndicatorClient) CreateResponder

func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateSender

func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Delete

func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error)

Delete delete a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) DeletePreparer

func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ThreatIntelligenceIndicatorClient) DeleteResponder

func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) DeleteSender

func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Get

func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceInformationModel, err error)

Get view a threat intelligence indicator by name. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) GetPreparer

func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ThreatIntelligenceIndicatorClient) GetResponder

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) GetSender

func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) QueryIndicators

func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListPage, err error)

QueryIndicators query threat intelligence indicators as per filtering criteria. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceFilteringCriteria - filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListIterator, err error)

QueryIndicatorsComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (*http.Request, error)

QueryIndicatorsPreparer prepares the QueryIndicators request.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)

QueryIndicatorsResponder handles the response to the QueryIndicators request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsSender

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error)

QueryIndicatorsSender sends the QueryIndicators request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) ReplaceTags

func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

ReplaceTags replace tags added to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceReplaceTags - tags in the threat intelligence indicator to be replaced.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

ReplaceTagsPreparer prepares the ReplaceTags request.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsResponder

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

ReplaceTagsResponder handles the response to the ReplaceTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsSender

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error)

ReplaceTagsSender sends the ReplaceTags request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorMetricsClient

type ThreatIntelligenceIndicatorMetricsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorMetricsClient

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient client.

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorMetricsClient) List

func (client ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result ThreatIntelligenceMetricsList, err error)

List get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (ThreatIntelligenceIndicatorMetricsClient) ListPreparer

func (client ThreatIntelligenceIndicatorMetricsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorMetricsClient) ListResponder

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorMetricsClient) ListSender

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorModel

type ThreatIntelligenceIndicatorModel struct {
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModel threat intelligence indicator entity.

func (ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation

func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) MarshalJSON

func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON

func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct.

type ThreatIntelligenceIndicatorModelForRequestBody

type ThreatIntelligenceIndicatorModelForRequestBody struct {
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModelForRequestBody threat intelligence indicator entity used in request body.

func (ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON

func (tiimfrb ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModelForRequestBody.

func (*ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON

func (tiimfrb *ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModelForRequestBody struct.

type ThreatIntelligenceIndicatorProperties

type ThreatIntelligenceIndicatorProperties struct {
	// ThreatIntelligenceTags - List of tags
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
	// LastUpdatedTimeUtc - Last updated time in UTC
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// Source - Source of a threat intelligence entity
	Source *string `json:"source,omitempty"`
	// DisplayName - Display name of a threat intelligence entity
	DisplayName *string `json:"displayName,omitempty"`
	// Description - Description of a threat intelligence entity
	Description *string `json:"description,omitempty"`
	// IndicatorTypes - Indicator types of threat intelligence entities
	IndicatorTypes *[]string `json:"indicatorTypes,omitempty"`
	// Pattern - Pattern of a threat intelligence entity
	Pattern *string `json:"pattern,omitempty"`
	// PatternType - Pattern type of a threat intelligence entity
	PatternType *string `json:"patternType,omitempty"`
	// KillChainPhases - Kill chain phases
	KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"`
	// ExternalID - External ID of threat intelligence entity
	ExternalID *string `json:"externalId,omitempty"`
	// CreatedByRef - Created by reference of threat intelligence entity
	CreatedByRef *string `json:"createdByRef,omitempty"`
	// ExternalReferences - External References
	ExternalReferences *[]string `json:"externalReferences,omitempty"`
	// GranularMarkings - Granular Markings
	GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"`
	// Revoked - Is threat intelligence entity revoked
	Revoked *bool `json:"revoked,omitempty"`
	// Confidence - Confidence of threat intelligence entity
	Confidence *int32 `json:"confidence,omitempty"`
	// Labels - Labels  of threat intelligence entity
	Labels *[]string `json:"labels,omitempty"`
	// ThreatTypes - Threat types
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// ValidFrom - Valid from
	ValidFrom *string `json:"validFrom,omitempty"`
	// ValidUntil - Valid until
	ValidUntil *string `json:"validUntil,omitempty"`
	// Created - Created by
	Created *string `json:"created,omitempty"`
	// Modified - Modified by
	Modified *string `json:"modified,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON

func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient

type ThreatIntelligenceIndicatorsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorsClient

func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client.

func NewThreatIntelligenceIndicatorsClientWithBaseURI

func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorsClient) List

func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListPage, err error)

List get all threat intelligence indicators. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. orderby - sorts the results. Optional.

func (ThreatIntelligenceIndicatorsClient) ListComplete

func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorsClient) ListPreparer

func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorsClient) ListResponder

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorsClient) ListSender

func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceInformation

type ThreatIntelligenceInformation struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceInformation threat intelligence information object.

func (ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation

func (tii ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceInformation

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) MarshalJSON

func (tii ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformation.

type ThreatIntelligenceInformationList

type ThreatIntelligenceInformationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of threat intelligence information objects.
	Value *[]BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationList list of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) IsEmpty

func (tiil ThreatIntelligenceInformationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ThreatIntelligenceInformationList) MarshalJSON

func (tiil ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformationList.

func (*ThreatIntelligenceInformationList) UnmarshalJSON

func (tiil *ThreatIntelligenceInformationList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationList struct.

type ThreatIntelligenceInformationListIterator

type ThreatIntelligenceInformationListIterator struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListIterator provides access to a complete listing of ThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListIterator

func NewThreatIntelligenceInformationListIterator(page ThreatIntelligenceInformationListPage) ThreatIntelligenceInformationListIterator

Creates a new instance of the ThreatIntelligenceInformationListIterator type.

func (*ThreatIntelligenceInformationListIterator) Next

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListIterator) NextWithContext

func (iter *ThreatIntelligenceInformationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ThreatIntelligenceInformationListIterator) NotDone

NotDone returns true if the enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListIterator) Response

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ThreatIntelligenceInformationListPage

type ThreatIntelligenceInformationListPage struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListPage contains a page of BasicThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListPage

Creates a new instance of the ThreatIntelligenceInformationListPage type.

func (*ThreatIntelligenceInformationListPage) Next

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListPage) NextWithContext

func (page *ThreatIntelligenceInformationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ThreatIntelligenceInformationListPage) NotDone

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListPage) Response

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListPage) Values

Values returns the slice of values for the current page or nil if there are no values.

type ThreatIntelligenceInformationModel

type ThreatIntelligenceInformationModel struct {
	autorest.Response `json:"-"`
	Value             BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationModel ...

func (*ThreatIntelligenceInformationModel) UnmarshalJSON

func (tiim *ThreatIntelligenceInformationModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationModel struct.

type ThreatIntelligenceKillChainPhase

type ThreatIntelligenceKillChainPhase struct {
	// KillChainName - Kill chainName name
	KillChainName *string `json:"killChainName,omitempty"`
	// PhaseName - Phase name
	PhaseName *int32 `json:"phaseName,omitempty"`
}

ThreatIntelligenceKillChainPhase describes threat kill chain phase entity

type ThreatIntelligenceMetric

type ThreatIntelligenceMetric struct {
	// LastUpdatedTimeUtc - Last updated indicator metric
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// ThreatTypeMetrics - Threat type metrics
	ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"`
	// PatternTypeMetrics - Pattern type metrics
	PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"`
	// SourceMetrics - Source metrics
	SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"`
}

ThreatIntelligenceMetric describes threat intelligence metric

type ThreatIntelligenceMetricEntity

type ThreatIntelligenceMetricEntity struct {
	// MetricName - Metric name
	MetricName *string `json:"metricName,omitempty"`
	// MetricValue - Metric value
	MetricValue *int32 `json:"metricValue,omitempty"`
}

ThreatIntelligenceMetricEntity describes threat intelligence metric entity

type ThreatIntelligenceMetrics

type ThreatIntelligenceMetrics struct {
	// Properties - Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric `json:"properties,omitempty"`
}

ThreatIntelligenceMetrics threat intelligence metrics.

type ThreatIntelligenceMetricsList

type ThreatIntelligenceMetricsList struct {
	autorest.Response `json:"-"`
	// Value - Array of threat intelligence metric fields (type/threat type/source).
	Value *[]ThreatIntelligenceMetrics `json:"value,omitempty"`
}

ThreatIntelligenceMetricsList list of all the threat intelligence metric fields (type/threat type/source).

type ThreatIntelligenceResourceKind

type ThreatIntelligenceResourceKind string

ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind.

const (
	// Indicator Entity represents threat intelligence indicator in the system.
	Indicator ThreatIntelligenceResourceKind = "indicator"
)

func PossibleThreatIntelligenceResourceKindValues

func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind

PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type.

type ThreatIntelligenceResourceKind1

type ThreatIntelligenceResourceKind1 struct {
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceResourceKind1 describes an entity with kind.

type ThreatIntelligenceSortingCriteria

type ThreatIntelligenceSortingCriteria string

ThreatIntelligenceSortingCriteria enumerates the values for threat intelligence sorting criteria.

const (
	// Ascending ...
	Ascending ThreatIntelligenceSortingCriteria = "ascending"
	// Descending ...
	Descending ThreatIntelligenceSortingCriteria = "descending"
	// Unsorted ...
	Unsorted ThreatIntelligenceSortingCriteria = "unsorted"
)

func PossibleThreatIntelligenceSortingCriteriaValues

func PossibleThreatIntelligenceSortingCriteriaValues() []ThreatIntelligenceSortingCriteria

PossibleThreatIntelligenceSortingCriteriaValues returns an array of possible values for the ThreatIntelligenceSortingCriteria const type.

type ThreatIntelligenceSortingCriteria1

type ThreatIntelligenceSortingCriteria1 struct {
	// ItemKey - Column name
	ItemKey *string `json:"itemKey,omitempty"`
	// SortOrder - Sorting order (ascending/descending/unsorted). Possible values include: 'Unsorted', 'Ascending', 'Descending'
	SortOrder ThreatIntelligenceSortingCriteria `json:"sortOrder,omitempty"`
}

ThreatIntelligenceSortingCriteria1 list of available columns for sorting

type TiTaxiiCheckRequirements

type TiTaxiiCheckRequirements struct {
	// TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties.
	*TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements

func (TiTaxiiCheckRequirements) AsAADCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAATPCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsASCCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMCASCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMDATPCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTICheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements

func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) MarshalJSON

func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements.

func (*TiTaxiiCheckRequirements) UnmarshalJSON

func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct.

type TiTaxiiCheckRequirementsProperties

type TiTaxiiCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties.

type TiTaxiiDataConnector

type TiTaxiiDataConnector struct {
	// TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties.
	*TiTaxiiDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server

func (TiTaxiiDataConnector) AsAADDataConnector

func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAATPDataConnector

func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsASCDataConnector

func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAwsCloudTrailDataConnector

func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsBasicDataConnector

func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsDataConnector

func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMCASDataConnector

func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMDATPDataConnector

func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeATPDataConnector

func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeDataConnector

func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTIDataConnector

func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTiTaxiiDataConnector

func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) MarshalJSON

func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiDataConnector.

func (*TiTaxiiDataConnector) UnmarshalJSON

func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct.

type TiTaxiiDataConnectorDataTypes

type TiTaxiiDataConnectorDataTypes struct {
	// TaxiiClient - Data type for TAXII connector.
	TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"`
}

TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector.

type TiTaxiiDataConnectorDataTypesTaxiiClient

type TiTaxiiDataConnectorDataTypesTaxiiClient struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector.

type TiTaxiiDataConnectorProperties

type TiTaxiiDataConnectorProperties struct {
	// WorkspaceID - The workspace id.
	WorkspaceID *string `json:"workspaceId,omitempty"`
	// FriendlyName - The friendly name for the TAXII server.
	FriendlyName *string `json:"friendlyName,omitempty"`
	// TaxiiServer - The API root for the TAXII server.
	TaxiiServer *string `json:"taxiiServer,omitempty"`
	// CollectionID - The collection id of the TAXII server.
	CollectionID *string `json:"collectionId,omitempty"`
	// UserName - The userName for the TAXII server.
	UserName *string `json:"userName,omitempty"`
	// Password - The password for the TAXII server.
	Password *string `json:"password,omitempty"`
	// DataTypes - The available data types for Threat Intelligence TAXII data connector.
	DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties.

type TimelineAggregation

type TimelineAggregation struct {
	// Count - the total items found for a kind
	Count *int32 `json:"count,omitempty"`
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
}

TimelineAggregation timeline aggregation information per kind

type TimelineError

type TimelineError struct {
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
	// QueryID - the query id
	QueryID *string `json:"queryId,omitempty"`
	// ErrorMessage - the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`
}

TimelineError timeline Query Errors.

type TimelineResultsMetadata

type TimelineResultsMetadata struct {
	// TotalCount - the total items found for the timeline request
	TotalCount *int32 `json:"totalCount,omitempty"`
	// Aggregations - timeline aggregation per kind
	Aggregations *[]TimelineAggregation `json:"aggregations,omitempty"`
	// Errors - information about the failure queries
	Errors *[]TimelineError `json:"errors,omitempty"`
}

TimelineResultsMetadata expansion result metadata.

type TriggerOperator

type TriggerOperator string

TriggerOperator enumerates the values for trigger operator.

const (
	// Equal ...
	Equal TriggerOperator = "Equal"
	// GreaterThan ...
	GreaterThan TriggerOperator = "GreaterThan"
	// LessThan ...
	LessThan TriggerOperator = "LessThan"
	// NotEqual ...
	NotEqual TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.

type URLEntity

type URLEntity struct {
	// URLEntityProperties - Url entity properties
	*URLEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

URLEntity represents a url entity.

func (URLEntity) AsAccountEntity

func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsAzureResourceEntity

func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsBasicEntity

func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsCloudApplicationEntity

func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsDNSEntity

func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsEntity

func (ue URLEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileEntity

func (ue URLEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileHashEntity

func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHostEntity

func (ue URLEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHuntingBookmark

func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIPEntity

func (ue URLEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIoTDeviceEntity

func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMalwareEntity

func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsProcessEntity

func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryKeyEntity

func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryValueEntity

func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityAlert

func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityGroupEntity

func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsURLEntity

func (ue URLEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) MarshalJSON

func (ue URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntity.

func (*URLEntity) UnmarshalJSON

func (ue *URLEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for URLEntity struct.

type URLEntityProperties

type URLEntityProperties struct {
	// URL - READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

URLEntityProperties url entity property bag.

func (URLEntityProperties) MarshalJSON

func (uep URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntityProperties.

type Ueba

type Ueba struct {
	// UebaProperties - Ueba properties
	*UebaProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Ueba settings with single toggle.

func (Ueba) AsBasicSettings

func (u Ueba) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsEntityAnalytics

func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Ueba.

func (Ueba) AsEyesOn

func (u Ueba) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Ueba.

func (Ueba) AsSettings

func (u Ueba) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsUeba

func (u Ueba) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Ueba.

func (Ueba) MarshalJSON

func (u Ueba) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Ueba.

func (*Ueba) UnmarshalJSON

func (u *Ueba) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Ueba struct.

type UebaDataSources

type UebaDataSources string

UebaDataSources enumerates the values for ueba data sources.

const (
	// AuditLogs ...
	AuditLogs UebaDataSources = "AuditLogs"
	// AzureActivity ...
	AzureActivity UebaDataSources = "AzureActivity"
	// SecurityEvent ...
	SecurityEvent UebaDataSources = "SecurityEvent"
	// SigninLogs ...
	SigninLogs UebaDataSources = "SigninLogs"
)

func PossibleUebaDataSourcesValues

func PossibleUebaDataSourcesValues() []UebaDataSources

PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type.

type UebaProperties

type UebaProperties struct {
	// DataSources - The relevant data sources that enriched by ueba
	DataSources *[]UebaDataSources `json:"dataSources,omitempty"`
}

UebaProperties ueba property bag.

type UserInfo

type UserInfo struct {
	// Email - READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty"`
	// Name - READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the user.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
}

UserInfo user information that made some action

func (UserInfo) MarshalJSON

func (UI UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UserInfo.

type Watchlist

type Watchlist struct {
	autorest.Response `json:"-"`
	// WatchlistProperties - Watchlist properties
	*WatchlistProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Watchlist represents a Watchlist in Azure Security Insights.

func (Watchlist) MarshalJSON

func (w Watchlist) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Watchlist.

func (*Watchlist) UnmarshalJSON

func (w *Watchlist) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Watchlist struct.

type WatchlistList

type WatchlistList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of watchlist.
	Value *[]Watchlist `json:"value,omitempty"`
}

WatchlistList list all the watchlists.

func (WatchlistList) IsEmpty

func (wl WatchlistList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (WatchlistList) MarshalJSON

func (wl WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for WatchlistList.

type WatchlistListIterator

type WatchlistListIterator struct {
	// contains filtered or unexported fields
}

WatchlistListIterator provides access to a complete listing of Watchlist values.

func NewWatchlistListIterator

func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator

Creates a new instance of the WatchlistListIterator type.

func (*WatchlistListIterator) Next

func (iter *WatchlistListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListIterator) NextWithContext

func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (WatchlistListIterator) NotDone

func (iter WatchlistListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (WatchlistListIterator) Response

func (iter WatchlistListIterator) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListIterator) Value

func (iter WatchlistListIterator) Value() Watchlist

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type WatchlistListPage

type WatchlistListPage struct {
	// contains filtered or unexported fields
}

WatchlistListPage contains a page of Watchlist values.

func NewWatchlistListPage

func NewWatchlistListPage(cur WatchlistList, getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage

Creates a new instance of the WatchlistListPage type.

func (*WatchlistListPage) Next

func (page *WatchlistListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListPage) NextWithContext

func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (WatchlistListPage) NotDone

func (page WatchlistListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (WatchlistListPage) Response

func (page WatchlistListPage) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListPage) Values

func (page WatchlistListPage) Values() []Watchlist

Values returns the slice of values for the current page or nil if there are no values.

type WatchlistProperties

type WatchlistProperties struct {
	// WatchlistID - The id (a Guid) of the watchlist
	WatchlistID *string `json:"watchlistId,omitempty"`
	// DisplayName - The display name of the watchlist
	DisplayName *string `json:"displayName,omitempty"`
	// Provider - The provider of the watchlist
	Provider *string `json:"provider,omitempty"`
	// Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage'
	Source Source `json:"source,omitempty"`
	// Created - The time the watchlist was created
	Created *date.Time `json:"created,omitempty"`
	// Updated - The last time the watchlist was updated
	Updated *date.Time `json:"updated,omitempty"`
	// CreatedBy - Describes a user that created the watchlist
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// UpdatedBy - Describes a user that updated the watchlist
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// Description - A description of the watchlist
	Description *string `json:"description,omitempty"`
	// WatchlistType - The type of the watchlist
	WatchlistType *string `json:"watchlistType,omitempty"`
	// WatchlistAlias - The alias of the watchlist
	WatchlistAlias *string `json:"watchlistAlias,omitempty"`
	// IsDeleted - A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`
	// Labels - List of labels relevant to this watchlist
	Labels *[]string `json:"labels,omitempty"`
	// DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string `json:"defaultDuration,omitempty"`
	// TenantID - The tenantId where the watchlist belongs to
	TenantID *string `json:"tenantId,omitempty"`
	// NumberOfLinesToSkip - The number of lines in a csv/tsv content to skip before the header
	NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"`
	// RawContent - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
	RawContent *string `json:"rawContent,omitempty"`
	// ContentType - The content type of the raw content. Example : text/csv or text/tsv
	ContentType *string `json:"contentType,omitempty"`
}

WatchlistProperties describes watchlist properties

type WatchlistsClient

type WatchlistsClient struct {
	BaseClient
}

WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewWatchlistsClient

func NewWatchlistsClient(subscriptionID string) WatchlistsClient

NewWatchlistsClient creates an instance of the WatchlistsClient client.

func NewWatchlistsClientWithBaseURI

func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient

NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (WatchlistsClient) Create

func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error)

Create creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlist - the watchlist

func (WatchlistsClient) CreatePreparer

func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error)

CreatePreparer prepares the Create request.

func (WatchlistsClient) CreateResponder

func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (WatchlistsClient) CreateSender

func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Delete

func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error)

Delete delete a watchlist. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) DeletePreparer

func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (WatchlistsClient) DeleteResponder

func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (WatchlistsClient) DeleteSender

func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Get

func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error)

Get gets a watchlist, without its watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) GetPreparer

func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)

GetPreparer prepares the Get request.

func (WatchlistsClient) GetResponder

func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (WatchlistsClient) GetSender

func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) List

func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error)

List gets all watchlists, without watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (WatchlistsClient) ListComplete

func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (WatchlistsClient) ListPreparer

func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (WatchlistsClient) ListResponder

func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (WatchlistsClient) ListSender

func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL