Documentation ¶
Overview ¶
Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.
API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
Index ¶
- Constants
- func UserAgent() string
- func Version() string
- type AADCheckRequirements
- func (acr AADCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (acr AADCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (acr AADCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (acr AADCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (acr AADCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (acr AADCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (acr AADCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (acr AADCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (acr AADCheckRequirements) MarshalJSON() ([]byte, error)
- func (acr *AADCheckRequirements) UnmarshalJSON(body []byte) error
- type AADCheckRequirementsProperties
- type AADDataConnector
- func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (adc AADDataConnector) MarshalJSON() ([]byte, error)
- func (adc *AADDataConnector) UnmarshalJSON(body []byte) error
- type AADDataConnectorProperties
- type AATPCheckRequirements
- func (acr AATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (acr AATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (acr AATPCheckRequirements) MarshalJSON() ([]byte, error)
- func (acr *AATPCheckRequirements) UnmarshalJSON(body []byte) error
- type AATPCheckRequirementsProperties
- type AATPDataConnector
- func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (adc AATPDataConnector) MarshalJSON() ([]byte, error)
- func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error
- type AATPDataConnectorProperties
- type ASCCheckRequirements
- func (acr ASCCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (acr ASCCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (acr ASCCheckRequirements) MarshalJSON() ([]byte, error)
- func (acr *ASCCheckRequirements) UnmarshalJSON(body []byte) error
- type ASCCheckRequirementsProperties
- type ASCDataConnector
- func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (adc ASCDataConnector) MarshalJSON() ([]byte, error)
- func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error
- type ASCDataConnectorProperties
- type AccountEntity
- func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)
- func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ae AccountEntity) AsEntity() (*Entity, bool)
- func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)
- func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)
- func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)
- func (ae AccountEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)
- func (ae AccountEntity) MarshalJSON() ([]byte, error)
- func (ae *AccountEntity) UnmarshalJSON(body []byte) error
- type AccountEntityProperties
- type ActionPropertiesBase
- type ActionRequest
- type ActionRequestProperties
- type ActionResponse
- type ActionResponseProperties
- type ActionsClient
- func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, ...) (result ActionsListPage, err error)
- func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, ...) (result ActionsListIterator, err error)
- func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)
- func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)
- type ActionsList
- type ActionsListIterator
- type ActionsListPage
- type ActivityTimelineItem
- func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
- func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
- func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
- func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
- func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
- func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error)
- type Aggregations
- type AggregationsKind
- type AggregationsModel
- type AlertRule
- func (ar AlertRule) AsAlertRule() (*AlertRule, bool)
- func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (ar AlertRule) MarshalJSON() ([]byte, error)
- type AlertRuleKind
- type AlertRuleKind1
- type AlertRuleModel
- type AlertRuleTemplate
- func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)
- type AlertRuleTemplateDataSource
- type AlertRuleTemplateModel
- type AlertRuleTemplatePropertiesBase
- type AlertRuleTemplatesClient
- func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplateModel, err error)
- func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)
- func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListPage, err error)
- func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListIterator, err error)
- func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)
- func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)
- type AlertRuleTemplatesList
- type AlertRuleTemplatesListIterator
- func (iter *AlertRuleTemplatesListIterator) Next() error
- func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter AlertRuleTemplatesListIterator) NotDone() bool
- func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList
- func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate
- type AlertRuleTemplatesListPage
- func (page *AlertRuleTemplatesListPage) Next() error
- func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)
- func (page AlertRuleTemplatesListPage) NotDone() bool
- func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList
- func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate
- type AlertRulesClient
- func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error)
- func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error)
- func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)
- func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)
- func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error)
- func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error)
- func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)
- func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)
- func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListPage, err error)
- func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListIterator, err error)
- func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)
- func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)
- type AlertRulesList
- type AlertRulesListIterator
- func (iter *AlertRulesListIterator) Next() error
- func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter AlertRulesListIterator) NotDone() bool
- func (iter AlertRulesListIterator) Response() AlertRulesList
- func (iter AlertRulesListIterator) Value() BasicAlertRule
- type AlertRulesListPage
- type AlertSeverity
- type AlertStatus
- type AlertsDataTypeOfDataConnector
- type AlertsDataTypeOfDataConnectorAlerts
- type AttackTactic
- type AwsCloudTrailCheckRequirements
- func (actcr AwsCloudTrailCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (actcr AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)
- type AwsCloudTrailDataConnector
- func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)
- func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error
- type AwsCloudTrailDataConnectorDataTypes
- type AwsCloudTrailDataConnectorDataTypesLogs
- type AwsCloudTrailDataConnectorProperties
- type AzureResourceEntity
- func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)
- func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)
- func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)
- func (are AzureResourceEntity) AsEntity() (*Entity, bool)
- func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)
- func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)
- func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)
- func (are AzureResourceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)
- func (are AzureResourceEntity) MarshalJSON() ([]byte, error)
- func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error
- type AzureResourceEntityProperties
- type BaseClient
- type BasicAggregations
- type BasicAlertRule
- type BasicAlertRuleTemplate
- type BasicDataConnector
- type BasicDataConnectorsCheckRequirements
- type BasicEntity
- type BasicEntityTimelineItem
- type BasicSettings
- type BasicThreatIntelligenceInformation
- type Bookmark
- type BookmarkClient
- func (client BookmarkClient) Expand(ctx context.Context, resourceGroupName string, ...) (result BookmarkExpandResponse, err error)
- func (client BookmarkClient) ExpandPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkClient) ExpandResponder(resp *http.Response) (result BookmarkExpandResponse, err error)
- func (client BookmarkClient) ExpandSender(req *http.Request) (*http.Response, error)
- type BookmarkExpandParameters
- type BookmarkExpandResponse
- type BookmarkExpandResponseValue
- type BookmarkList
- type BookmarkListIterator
- type BookmarkListPage
- type BookmarkProperties
- type BookmarkRelationsClient
- func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result Relation, err error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
- func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result Relation, err error)
- func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
- func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result RelationListPage, err error)
- func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result RelationListIterator, err error)
- func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
- func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type BookmarkTimelineItem
- func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
- func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
- func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
- func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
- func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
- func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error)
- type BookmarksClient
- func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error)
- func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)
- func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error)
- func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)
- func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, ...) (result BookmarkListPage, err error)
- func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result BookmarkListIterator, err error)
- func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)
- func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)
- type Case
- type CaseComment
- type CaseCommentList
- type CaseCommentListIterator
- func (iter *CaseCommentListIterator) Next() error
- func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter CaseCommentListIterator) NotDone() bool
- func (iter CaseCommentListIterator) Response() CaseCommentList
- func (iter CaseCommentListIterator) Value() CaseComment
- type CaseCommentListPage
- type CaseCommentProperties
- type CaseCommentsClient
- func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error)
- func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)
- func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)
- type CaseList
- type CaseListIterator
- type CaseListPage
- type CaseProperties
- type CaseRelation
- type CaseRelationList
- type CaseRelationListIterator
- func (iter *CaseRelationListIterator) Next() error
- func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter CaseRelationListIterator) NotDone() bool
- func (iter CaseRelationListIterator) Response() CaseRelationList
- func (iter CaseRelationListIterator) Value() CaseRelation
- type CaseRelationListPage
- type CaseRelationProperties
- type CaseRelationsClient
- func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error)
- func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)
- func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
- func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error)
- func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)
- func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListPage, err error)
- func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListIterator, err error)
- func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)
- func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type CaseSeverity
- type CaseStatus
- type CasesAggregation
- func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)
- func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)
- func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)
- func (ca CasesAggregation) MarshalJSON() ([]byte, error)
- func (ca *CasesAggregation) UnmarshalJSON(body []byte) error
- type CasesAggregationBySeverityProperties
- type CasesAggregationByStatusProperties
- type CasesAggregationProperties
- type CasesAggregationsClient
- func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, ...) (result AggregationsModel, err error)
- func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)
- func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)
- type CasesClient
- func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Case, err error)
- func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)
- func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) Get(ctx context.Context, resourceGroupName string, ...) (result Case, err error)
- func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error)
- func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)
- func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)
- func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseListPage, err error)
- func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseListIterator, err error)
- func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)
- func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)
- type ClientInfo
- type CloseReason
- type CloudApplicationEntity
- func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)
- func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)
- func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)
- func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)
- func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)
- func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)
- func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)
- func (cae CloudApplicationEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)
- func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)
- func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error
- type CloudApplicationEntityProperties
- type CloudError
- type CloudErrorBody
- type CommentsClient
- func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListPage, err error)
- func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListIterator, err error)
- func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)
- func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)
- type ConfidenceLevel
- type ConfidenceScoreStatus
- type DNSEntity
- func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)
- func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)
- func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)
- func (de DNSEntity) AsEntity() (*Entity, bool)
- func (de DNSEntity) AsFileEntity() (*FileEntity, bool)
- func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (de DNSEntity) AsHostEntity() (*HostEntity, bool)
- func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (de DNSEntity) AsIPEntity() (*IPEntity, bool)
- func (de DNSEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (de DNSEntity) AsURLEntity() (*URLEntity, bool)
- func (de DNSEntity) MarshalJSON() ([]byte, error)
- func (de *DNSEntity) UnmarshalJSON(body []byte) error
- type DNSEntityProperties
- type DataConnector
- func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (dc DataConnector) AsDataConnector() (*DataConnector, bool)
- func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (dc DataConnector) MarshalJSON() ([]byte, error)
- type DataConnectorAuthorizationState
- type DataConnectorDataTypeCommon
- type DataConnectorKind
- type DataConnectorKind1
- type DataConnectorLicenseState
- type DataConnectorList
- type DataConnectorListIterator
- func (iter *DataConnectorListIterator) Next() error
- func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter DataConnectorListIterator) NotDone() bool
- func (iter DataConnectorListIterator) Response() DataConnectorList
- func (iter DataConnectorListIterator) Value() BasicDataConnector
- type DataConnectorListPage
- func (page *DataConnectorListPage) Next() error
- func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)
- func (page DataConnectorListPage) NotDone() bool
- func (page DataConnectorListPage) Response() DataConnectorList
- func (page DataConnectorListPage) Values() []BasicDataConnector
- type DataConnectorModel
- type DataConnectorRequirementsState
- type DataConnectorTenantID
- type DataConnectorWithAlertsProperties
- type DataConnectorsCheckRequirements
- func (dccr DataConnectorsCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (dccr DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)
- type DataConnectorsCheckRequirementsClient
- func (client DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, ...) (result DataConnectorRequirementsState, err error)
- func (client DataConnectorsCheckRequirementsClient) PostPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ...) (*http.Request, error)
- func (client DataConnectorsCheckRequirementsClient) PostResponder(resp *http.Response) (result DataConnectorRequirementsState, err error)
- func (client DataConnectorsCheckRequirementsClient) PostSender(req *http.Request) (*http.Response, error)
- type DataConnectorsClient
- func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListPage, err error)
- func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListIterator, err error)
- func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)
- func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)
- type DataTypeState
- type ElevationToken
- type EntitiesClient
- func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, ...) (result EntityExpandResponse, err error)
- func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)
- func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)
- func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityModel, err error)
- func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)
- func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityListPage, err error)
- func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityListIterator, err error)
- func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)
- func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)
- type EntitiesGetTimelineClient
- func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityTimelineResponse, err error)
- func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error)
- func (client EntitiesGetTimelineClient) ListSender(req *http.Request) (*http.Response, error)
- type EntitiesMatchingMethod
- type EntitiesRelationsClient
- func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result RelationListPage, err error)
- func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result RelationListIterator, err error)
- func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
- func (client EntitiesRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type Entity
- func (e Entity) AsAccountEntity() (*AccountEntity, bool)
- func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (e Entity) AsBasicEntity() (BasicEntity, bool)
- func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (e Entity) AsDNSEntity() (*DNSEntity, bool)
- func (e Entity) AsEntity() (*Entity, bool)
- func (e Entity) AsFileEntity() (*FileEntity, bool)
- func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)
- func (e Entity) AsHostEntity() (*HostEntity, bool)
- func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (e Entity) AsIPEntity() (*IPEntity, bool)
- func (e Entity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)
- func (e Entity) AsProcessEntity() (*ProcessEntity, bool)
- func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)
- func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (e Entity) AsURLEntity() (*URLEntity, bool)
- func (e Entity) MarshalJSON() ([]byte, error)
- type EntityAnalytics
- func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool)
- func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool)
- func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool)
- func (ea EntityAnalytics) AsSettings() (*Settings, bool)
- func (ea EntityAnalytics) AsUeba() (*Ueba, bool)
- func (ea EntityAnalytics) MarshalJSON() ([]byte, error)
- func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error
- type EntityAnalyticsProperties
- type EntityCommonProperties
- type EntityExpandParameters
- type EntityExpandResponse
- type EntityExpandResponseValue
- type EntityKind
- type EntityKind1
- type EntityList
- type EntityListIterator
- type EntityListPage
- type EntityModel
- type EntityQueriesClient
- func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityQuery, err error)
- func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)
- func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListPage, err error)
- func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListIterator, err error)
- func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)
- func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)
- type EntityQuery
- type EntityQueryList
- type EntityQueryListIterator
- func (iter *EntityQueryListIterator) Next() error
- func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter EntityQueryListIterator) NotDone() bool
- func (iter EntityQueryListIterator) Response() EntityQueryList
- func (iter EntityQueryListIterator) Value() EntityQuery
- type EntityQueryListPage
- type EntityQueryProperties
- type EntityRelationsClient
- func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result Relation, err error)
- func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
- func (client EntityRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- type EntityTimelineItem
- func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
- func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
- func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
- func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
- func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
- func (eti EntityTimelineItem) MarshalJSON() ([]byte, error)
- type EntityTimelineKind
- type EntityTimelineParameters
- type EntityTimelineResponse
- type EntityType
- type EventGroupingAggregationKind
- type EventGroupingSettings
- type ExpansionResultAggregation
- type ExpansionResultsMetadata
- type EyesOn
- func (eo EyesOn) AsBasicSettings() (BasicSettings, bool)
- func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool)
- func (eo EyesOn) AsEyesOn() (*EyesOn, bool)
- func (eo EyesOn) AsSettings() (*Settings, bool)
- func (eo EyesOn) AsUeba() (*Ueba, bool)
- func (eo EyesOn) MarshalJSON() ([]byte, error)
- func (eo *EyesOn) UnmarshalJSON(body []byte) error
- type EyesOnSettingsProperties
- type FileEntity
- func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)
- func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)
- func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)
- func (fe FileEntity) AsEntity() (*Entity, bool)
- func (fe FileEntity) AsFileEntity() (*FileEntity, bool)
- func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (fe FileEntity) AsHostEntity() (*HostEntity, bool)
- func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (fe FileEntity) AsIPEntity() (*IPEntity, bool)
- func (fe FileEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (fe FileEntity) AsURLEntity() (*URLEntity, bool)
- func (fe FileEntity) MarshalJSON() ([]byte, error)
- func (fe *FileEntity) UnmarshalJSON(body []byte) error
- type FileEntityProperties
- type FileHashAlgorithm
- type FileHashEntity
- func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)
- func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)
- func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)
- func (fhe FileHashEntity) AsEntity() (*Entity, bool)
- func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)
- func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)
- func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)
- func (fhe FileHashEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)
- func (fhe FileHashEntity) MarshalJSON() ([]byte, error)
- func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error
- type FileHashEntityProperties
- type FusionAlertRule
- func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)
- func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (far FusionAlertRule) MarshalJSON() ([]byte, error)
- func (far *FusionAlertRule) UnmarshalJSON(body []byte) error
- type FusionAlertRuleProperties
- type FusionAlertRuleTemplate
- func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type FusionAlertRuleTemplateProperties
- type GeoLocation
- type GroupingConfiguration
- type GroupingEntityType
- type HostEntity
- func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)
- func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (he HostEntity) AsBasicEntity() (BasicEntity, bool)
- func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)
- func (he HostEntity) AsEntity() (*Entity, bool)
- func (he HostEntity) AsFileEntity() (*FileEntity, bool)
- func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (he HostEntity) AsHostEntity() (*HostEntity, bool)
- func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (he HostEntity) AsIPEntity() (*IPEntity, bool)
- func (he HostEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (he HostEntity) AsURLEntity() (*URLEntity, bool)
- func (he HostEntity) MarshalJSON() ([]byte, error)
- func (he *HostEntity) UnmarshalJSON(body []byte) error
- type HostEntityProperties
- type HuntingBookmark
- func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool)
- func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool)
- func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool)
- func (hb HuntingBookmark) AsEntity() (*Entity, bool)
- func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool)
- func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool)
- func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool)
- func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool)
- func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool)
- func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool)
- func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool)
- func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool)
- func (hb HuntingBookmark) MarshalJSON() ([]byte, error)
- func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error
- type HuntingBookmarkProperties
- type IPEntity
- func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)
- func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ie IPEntity) AsEntity() (*Entity, bool)
- func (ie IPEntity) AsFileEntity() (*FileEntity, bool)
- func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ie IPEntity) AsHostEntity() (*HostEntity, bool)
- func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (ie IPEntity) AsIPEntity() (*IPEntity, bool)
- func (ie IPEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ie IPEntity) AsURLEntity() (*URLEntity, bool)
- func (ie IPEntity) MarshalJSON() ([]byte, error)
- func (ie *IPEntity) UnmarshalJSON(body []byte) error
- type IPEntityProperties
- type Incident
- type IncidentAdditionalData
- type IncidentAlertList
- type IncidentBookmarkList
- type IncidentClassification
- type IncidentClassificationReason
- type IncidentComment
- type IncidentCommentList
- type IncidentCommentListIterator
- func (iter *IncidentCommentListIterator) Next() error
- func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter IncidentCommentListIterator) NotDone() bool
- func (iter IncidentCommentListIterator) Response() IncidentCommentList
- func (iter IncidentCommentListIterator) Value() IncidentComment
- type IncidentCommentListPage
- func (page *IncidentCommentListPage) Next() error
- func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)
- func (page IncidentCommentListPage) NotDone() bool
- func (page IncidentCommentListPage) Response() IncidentCommentList
- func (page IncidentCommentListPage) Values() []IncidentComment
- type IncidentCommentProperties
- type IncidentCommentsClient
- func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, ...) (result IncidentComment, err error)
- func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error)
- func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)
- func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error)
- func (client IncidentCommentsClient) DeleteCommentSender(req *http.Request) (*http.Response, error)
- func (client IncidentCommentsClient) GetComment(ctx context.Context, resourceGroupName string, ...) (result IncidentComment, err error)
- func (client IncidentCommentsClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentCommentsClient) GetCommentResponder(resp *http.Response) (result IncidentComment, err error)
- func (client IncidentCommentsClient) GetCommentSender(req *http.Request) (*http.Response, error)
- func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, ...) (result IncidentCommentListPage, err error)
- func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, ...) (result IncidentCommentListIterator, err error)
- func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error)
- func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error)
- type IncidentConfiguration
- type IncidentEntitiesResponse
- type IncidentEntitiesResultsMetadata
- type IncidentInfo
- type IncidentLabel
- type IncidentLabelType
- type IncidentList
- type IncidentListIterator
- type IncidentListPage
- type IncidentOwnerInfo
- type IncidentProperties
- type IncidentRelationsClient
- func (client IncidentRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result Relation, err error)
- func (client IncidentRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)
- func (client IncidentRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
- func (client IncidentRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client IncidentRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
- func (client IncidentRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
- func (client IncidentRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result Relation, err error)
- func (client IncidentRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
- func (client IncidentRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result RelationListPage, err error)
- func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result RelationListIterator, err error)
- func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
- func (client IncidentRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type IncidentSeverity
- type IncidentStatus
- type IncidentsClient
- func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Incident, err error)
- func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)
- func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, ...) (result Incident, err error)
- func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)
- func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, ...) (result IncidentListPage, err error)
- func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result IncidentListIterator, err error)
- func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, ...) (result IncidentAlertList, err error)
- func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error)
- func (client IncidentsClient) ListOfAlertsSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, ...) (result IncidentBookmarkList, err error)
- func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error)
- func (client IncidentsClient) ListOfBookmarksSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, ...) (result IncidentEntitiesResponse, err error)
- func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error)
- func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error)
- func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)
- func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error)
- type IoTDeviceEntity
- func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool)
- func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool)
- func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool)
- func (itde IoTDeviceEntity) AsEntity() (*Entity, bool)
- func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool)
- func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool)
- func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool)
- func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool)
- func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error)
- func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error
- type IoTDeviceEntityProperties
- type KillChainIntent
- type Kind
- type KindBasicAlertRule
- type KindBasicAlertRuleTemplate
- type KindBasicDataConnector
- type KindBasicDataConnectorsCheckRequirements
- type KindBasicEntity
- type KindBasicEntityTimelineItem
- type KindBasicSettings
- type KindBasicThreatIntelligenceInformation
- type MCASCheckRequirements
- func (mcr MCASCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (mcr MCASCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (mcr MCASCheckRequirements) MarshalJSON() ([]byte, error)
- func (mcr *MCASCheckRequirements) UnmarshalJSON(body []byte) error
- type MCASCheckRequirementsProperties
- type MCASDataConnector
- func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)
- func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)
- func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error
- type MCASDataConnectorDataTypes
- type MCASDataConnectorDataTypesDiscoveryLogs
- type MCASDataConnectorProperties
- type MDATPCheckRequirements
- func (mcr MDATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (mcr MDATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (mcr MDATPCheckRequirements) MarshalJSON() ([]byte, error)
- func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error
- type MDATPCheckRequirementsProperties
- type MDATPDataConnector
- func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)
- func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)
- func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error
- type MDATPDataConnectorProperties
- type MalwareEntity
- func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)
- func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)
- func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)
- func (me MalwareEntity) AsEntity() (*Entity, bool)
- func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)
- func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)
- func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)
- func (me MalwareEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)
- func (me MalwareEntity) MarshalJSON() ([]byte, error)
- func (me *MalwareEntity) UnmarshalJSON(body []byte) error
- type MalwareEntityProperties
- type MicrosoftSecurityIncidentCreationAlertRule
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
- func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error
- type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties
- type MicrosoftSecurityIncidentCreationAlertRuleProperties
- type MicrosoftSecurityIncidentCreationAlertRuleTemplate
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
- type MicrosoftSecurityProductName
- type OSFamily
- type OfficeATPCheckRequirements
- func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)
- func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error
- type OfficeATPCheckRequirementsProperties
- type OfficeATPDataConnector
- func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool)
- func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error)
- func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error
- type OfficeATPDataConnectorProperties
- type OfficeConsent
- type OfficeConsentList
- type OfficeConsentListIterator
- func (iter *OfficeConsentListIterator) Next() error
- func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter OfficeConsentListIterator) NotDone() bool
- func (iter OfficeConsentListIterator) Response() OfficeConsentList
- func (iter OfficeConsentListIterator) Value() OfficeConsent
- type OfficeConsentListPage
- func (page *OfficeConsentListPage) Next() error
- func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)
- func (page OfficeConsentListPage) NotDone() bool
- func (page OfficeConsentListPage) Response() OfficeConsentList
- func (page OfficeConsentListPage) Values() []OfficeConsent
- type OfficeConsentProperties
- type OfficeConsentsClient
- func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, ...) (result OfficeConsent, err error)
- func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)
- func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListPage, err error)
- func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListIterator, err error)
- func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)
- func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)
- type OfficeDataConnector
- func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)
- func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)
- func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error
- type OfficeDataConnectorDataTypes
- type OfficeDataConnectorDataTypesExchange
- type OfficeDataConnectorDataTypesSharePoint
- type OfficeDataConnectorDataTypesTeams
- type OfficeDataConnectorProperties
- type Operation
- type OperationDisplay
- type OperationsClient
- func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)
- func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)
- func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)
- func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)
- func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)
- type OperationsList
- type OperationsListIterator
- type OperationsListPage
- type ProcessEntity
- func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)
- func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)
- func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)
- func (peVar ProcessEntity) AsEntity() (*Entity, bool)
- func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)
- func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)
- func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)
- func (peVar ProcessEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)
- func (peVar ProcessEntity) MarshalJSON() ([]byte, error)
- func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error
- type ProcessEntityProperties
- type ProductSettingsClient
- func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client ProductSettingsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client ProductSettingsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error)
- func (client ProductSettingsClient) GetAll(ctx context.Context, resourceGroupName string, ...) (result SettingList, err error)
- func (client ProductSettingsClient) GetAllPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result SettingList, err error)
- func (client ProductSettingsClient) GetAllSender(req *http.Request) (*http.Response, error)
- func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)
- func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error)
- func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)
- func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)
- type RegistryHive
- type RegistryKeyEntity
- func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)
- func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)
- func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)
- func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)
- func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)
- func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)
- func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)
- func (rke RegistryKeyEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)
- func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)
- func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error
- type RegistryKeyEntityProperties
- type RegistryValueEntity
- func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)
- func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)
- func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)
- func (rve RegistryValueEntity) AsEntity() (*Entity, bool)
- func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)
- func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)
- func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)
- func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)
- func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)
- func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error
- type RegistryValueEntityProperties
- type RegistryValueKind
- type Relation
- type RelationBase
- type RelationList
- type RelationListIterator
- type RelationListPage
- type RelationNode
- type RelationNodeKind
- type RelationProperties
- type RelationTypes
- type RelationsModelInput
- type RelationsModelInputProperties
- type Resource
- type ResourceWithEtag
- type ScheduledAlertRule
- func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)
- func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)
- func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error
- type ScheduledAlertRuleCommonProperties
- type ScheduledAlertRuleProperties
- type ScheduledAlertRuleTemplate
- func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type ScheduledAlertRuleTemplateProperties
- type SecurityAlert
- func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)
- func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)
- func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)
- func (sa SecurityAlert) AsEntity() (*Entity, bool)
- func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)
- func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)
- func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)
- func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)
- func (sa SecurityAlert) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)
- func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)
- func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)
- func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)
- func (sa SecurityAlert) MarshalJSON() ([]byte, error)
- func (sa *SecurityAlert) UnmarshalJSON(body []byte) error
- type SecurityAlertProperties
- type SecurityAlertPropertiesConfidenceReasonsItem
- type SecurityAlertTimelineItem
- func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
- func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
- func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
- func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
- func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
- func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)
- type SecurityGroupEntity
- func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)
- func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)
- func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)
- func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)
- func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)
- func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)
- func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)
- func (sge SecurityGroupEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)
- func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)
- func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error
- type SecurityGroupEntityProperties
- type SettingKind
- type SettingList
- type Settings
- func (s Settings) AsBasicSettings() (BasicSettings, bool)
- func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool)
- func (s Settings) AsEyesOn() (*EyesOn, bool)
- func (s Settings) AsSettings() (*Settings, bool)
- func (s Settings) AsUeba() (*Ueba, bool)
- func (s Settings) MarshalJSON() ([]byte, error)
- type SettingsKind
- type SettingsModel
- type Source
- type TICheckRequirements
- func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (tcr TICheckRequirements) MarshalJSON() ([]byte, error)
- func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error
- type TICheckRequirementsProperties
- type TIDataConnector
- func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)
- func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (tdc TIDataConnector) MarshalJSON() ([]byte, error)
- func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error
- type TIDataConnectorDataTypes
- type TIDataConnectorDataTypesIndicators
- type TIDataConnectorProperties
- type TemplateStatus
- type ThreatIntelligence
- type ThreatIntelligenceAppendTags
- type ThreatIntelligenceFilteringCriteria
- type ThreatIntelligenceGranularMarkingModel
- type ThreatIntelligenceIndicatorClient
- func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error)
- func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationListPage, err error)
- func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationListIterator, err error)
- func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)
- func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error)
- func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
- func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error)
- type ThreatIntelligenceIndicatorMetricsClient
- func (client ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceMetricsList, err error)
- func (client ThreatIntelligenceIndicatorMetricsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorMetricsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceMetricsList, err error)
- func (client ThreatIntelligenceIndicatorMetricsClient) ListSender(req *http.Request) (*http.Response, error)
- type ThreatIntelligenceIndicatorModel
- func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)
- func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
- func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
- func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)
- func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error
- type ThreatIntelligenceIndicatorModelForRequestBody
- type ThreatIntelligenceIndicatorProperties
- type ThreatIntelligenceIndicatorsClient
- func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationListPage, err error)
- func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result ThreatIntelligenceInformationListIterator, err error)
- func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)
- func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error)
- type ThreatIntelligenceInformation
- func (tii ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)
- func (tii ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
- func (tii ThreatIntelligenceInformation) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
- func (tii ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)
- type ThreatIntelligenceInformationList
- type ThreatIntelligenceInformationListIterator
- func (iter *ThreatIntelligenceInformationListIterator) Next() error
- func (iter *ThreatIntelligenceInformationListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter ThreatIntelligenceInformationListIterator) NotDone() bool
- func (iter ThreatIntelligenceInformationListIterator) Response() ThreatIntelligenceInformationList
- func (iter ThreatIntelligenceInformationListIterator) Value() BasicThreatIntelligenceInformation
- type ThreatIntelligenceInformationListPage
- func (page *ThreatIntelligenceInformationListPage) Next() error
- func (page *ThreatIntelligenceInformationListPage) NextWithContext(ctx context.Context) (err error)
- func (page ThreatIntelligenceInformationListPage) NotDone() bool
- func (page ThreatIntelligenceInformationListPage) Response() ThreatIntelligenceInformationList
- func (page ThreatIntelligenceInformationListPage) Values() []BasicThreatIntelligenceInformation
- type ThreatIntelligenceInformationModel
- type ThreatIntelligenceKillChainPhase
- type ThreatIntelligenceMetric
- type ThreatIntelligenceMetricEntity
- type ThreatIntelligenceMetrics
- type ThreatIntelligenceMetricsList
- type ThreatIntelligenceResourceKind
- type ThreatIntelligenceResourceKind1
- type ThreatIntelligenceSortingCriteria
- type ThreatIntelligenceSortingCriteria1
- type TiTaxiiCheckRequirements
- func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
- func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)
- func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error
- type TiTaxiiCheckRequirementsProperties
- type TiTaxiiDataConnector
- func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
- func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error)
- func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error
- type TiTaxiiDataConnectorDataTypes
- type TiTaxiiDataConnectorDataTypesTaxiiClient
- type TiTaxiiDataConnectorProperties
- type TimelineAggregation
- type TimelineError
- type TimelineResultsMetadata
- type TriggerOperator
- type URLEntity
- func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)
- func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ue URLEntity) AsEntity() (*Entity, bool)
- func (ue URLEntity) AsFileEntity() (*FileEntity, bool)
- func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ue URLEntity) AsHostEntity() (*HostEntity, bool)
- func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
- func (ue URLEntity) AsIPEntity() (*IPEntity, bool)
- func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
- func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ue URLEntity) AsURLEntity() (*URLEntity, bool)
- func (ue URLEntity) MarshalJSON() ([]byte, error)
- func (ue *URLEntity) UnmarshalJSON(body []byte) error
- type URLEntityProperties
- type Ueba
- func (u Ueba) AsBasicSettings() (BasicSettings, bool)
- func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool)
- func (u Ueba) AsEyesOn() (*EyesOn, bool)
- func (u Ueba) AsSettings() (*Settings, bool)
- func (u Ueba) AsUeba() (*Ueba, bool)
- func (u Ueba) MarshalJSON() ([]byte, error)
- func (u *Ueba) UnmarshalJSON(body []byte) error
- type UebaDataSources
- type UebaProperties
- type UserInfo
- type Watchlist
- type WatchlistList
- type WatchlistListIterator
- type WatchlistListPage
- type WatchlistProperties
- type WatchlistsClient
- func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, ...) (result Watchlist, err error)
- func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error)
- func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error)
- func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, ...) (result Watchlist, err error)
- func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error)
- func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, ...) (result WatchlistListPage, err error)
- func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result WatchlistListIterator, err error)
- func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error)
- func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error)
Constants ¶
const (
// DefaultBaseURI is the default URI used for the service Securityinsight
DefaultBaseURI = "https://management.azure.com"
)
Variables ¶
This section is empty.
Functions ¶
func UserAgent ¶
func UserAgent() string
UserAgent returns the UserAgent string to use when sending http.Requests.
func Version ¶
func Version() string
Version returns the semantic version (see http://semver.org) of the client.
Types ¶
type AADCheckRequirements ¶
type AADCheckRequirements struct { // AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. *AADCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
AADCheckRequirements represents AAD (Azure Active Directory) requirements check request.
func (AADCheckRequirements) AsAADCheckRequirements ¶
func (acr AADCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsAATPCheckRequirements ¶
func (acr AADCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsASCCheckRequirements ¶
func (acr AADCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (acr AADCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (acr AADCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (acr AADCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsMCASCheckRequirements ¶
func (acr AADCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsMDATPCheckRequirements ¶
func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsOfficeATPCheckRequirements ¶
func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsTICheckRequirements ¶
func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (acr AADCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.
func (AADCheckRequirements) MarshalJSON ¶
func (acr AADCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AADCheckRequirements.
func (*AADCheckRequirements) UnmarshalJSON ¶
func (acr *AADCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AADCheckRequirements struct.
type AADCheckRequirementsProperties ¶
type AADCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
AADCheckRequirementsProperties AAD (Azure Active Directory) requirements check properties.
type AADDataConnector ¶
type AADDataConnector struct { // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. *AADDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AADDataConnector represents AAD (Azure Active Directory) data connector.
func (AADDataConnector) AsAADDataConnector ¶
func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsAATPDataConnector ¶
func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsASCDataConnector ¶
func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsBasicDataConnector ¶
func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsDataConnector ¶
func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsMCASDataConnector ¶
func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsMDATPDataConnector ¶
func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsOfficeATPDataConnector ¶
func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsOfficeDataConnector ¶
func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsTIDataConnector ¶
func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsTiTaxiiDataConnector ¶
func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) MarshalJSON ¶
func (adc AADDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AADDataConnector.
func (*AADDataConnector) UnmarshalJSON ¶
func (adc *AADDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.
type AADDataConnectorProperties ¶
type AADDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.
type AATPCheckRequirements ¶
type AATPCheckRequirements struct { // AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. *AATPCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
AATPCheckRequirements represents AATP (Azure Advanced Threat Protection) requirements check request.
func (AATPCheckRequirements) AsAADCheckRequirements ¶
func (acr AATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsAATPCheckRequirements ¶
func (acr AATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsASCCheckRequirements ¶
func (acr AATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (acr AATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (acr AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (acr AATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsMCASCheckRequirements ¶
func (acr AATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsMDATPCheckRequirements ¶
func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsOfficeATPCheckRequirements ¶
func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsTICheckRequirements ¶
func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (acr AATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.
func (AATPCheckRequirements) MarshalJSON ¶
func (acr AATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AATPCheckRequirements.
func (*AATPCheckRequirements) UnmarshalJSON ¶
func (acr *AATPCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AATPCheckRequirements struct.
type AATPCheckRequirementsProperties ¶
type AATPCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
AATPCheckRequirementsProperties AATP (Azure Advanced Threat Protection) requirements check properties.
type AATPDataConnector ¶
type AATPDataConnector struct { // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. *AATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.
func (AATPDataConnector) AsAADDataConnector ¶
func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsAATPDataConnector ¶
func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsASCDataConnector ¶
func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsBasicDataConnector ¶
func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsDataConnector ¶
func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsMCASDataConnector ¶
func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsMDATPDataConnector ¶
func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsOfficeATPDataConnector ¶
func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsOfficeDataConnector ¶
func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsTIDataConnector ¶
func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsTiTaxiiDataConnector ¶
func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) MarshalJSON ¶
func (adc AATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AATPDataConnector.
func (*AATPDataConnector) UnmarshalJSON ¶
func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.
type AATPDataConnectorProperties ¶
type AATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.
type ASCCheckRequirements ¶
type ASCCheckRequirements struct { // ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. *ASCCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
ASCCheckRequirements represents ASC (Azure Security Center) requirements check request.
func (ASCCheckRequirements) AsAADCheckRequirements ¶
func (acr ASCCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsAATPCheckRequirements ¶
func (acr ASCCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsASCCheckRequirements ¶
func (acr ASCCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (acr ASCCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (acr ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (acr ASCCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsMCASCheckRequirements ¶
func (acr ASCCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsMDATPCheckRequirements ¶
func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsOfficeATPCheckRequirements ¶
func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsTICheckRequirements ¶
func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (acr ASCCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.
func (ASCCheckRequirements) MarshalJSON ¶
func (acr ASCCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ASCCheckRequirements.
func (*ASCCheckRequirements) UnmarshalJSON ¶
func (acr *ASCCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ASCCheckRequirements struct.
type ASCCheckRequirementsProperties ¶
type ASCCheckRequirementsProperties struct { // SubscriptionID - The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` }
ASCCheckRequirementsProperties ASC (Azure Security Center) requirements check properties.
type ASCDataConnector ¶
type ASCDataConnector struct { // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. *ASCDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
ASCDataConnector represents ASC (Azure Security Center) data connector.
func (ASCDataConnector) AsAADDataConnector ¶
func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsAATPDataConnector ¶
func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsASCDataConnector ¶
func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsBasicDataConnector ¶
func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsDataConnector ¶
func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsMCASDataConnector ¶
func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsMDATPDataConnector ¶
func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsOfficeATPDataConnector ¶
func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsOfficeDataConnector ¶
func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsTIDataConnector ¶
func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsTiTaxiiDataConnector ¶
func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) MarshalJSON ¶
func (adc ASCDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ASCDataConnector.
func (*ASCDataConnector) UnmarshalJSON ¶
func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.
type ASCDataConnectorProperties ¶
type ASCDataConnectorProperties struct { // SubscriptionID - The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.
type AccountEntity ¶
type AccountEntity struct { // AccountEntityProperties - Account entity properties *AccountEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
AccountEntity represents an account entity.
func (AccountEntity) AsAccountEntity ¶
func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsAzureResourceEntity ¶
func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsBasicEntity ¶
func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsCloudApplicationEntity ¶
func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsDNSEntity ¶
func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsEntity ¶
func (ae AccountEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsFileEntity ¶
func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsFileHashEntity ¶
func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsHostEntity ¶
func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsHuntingBookmark ¶
func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsIPEntity ¶
func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsIoTDeviceEntity ¶
func (ae AccountEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsMalwareEntity ¶
func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsProcessEntity ¶
func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsRegistryKeyEntity ¶
func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsRegistryValueEntity ¶
func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsSecurityAlert ¶
func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsSecurityGroupEntity ¶
func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsURLEntity ¶
func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) MarshalJSON ¶
func (ae AccountEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AccountEntity.
func (*AccountEntity) UnmarshalJSON ¶
func (ae *AccountEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AccountEntity struct.
type AccountEntityProperties ¶
type AccountEntityProperties struct { // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. AadTenantID *string `json:"aadTenantId,omitempty"` // AadUserID - READ-ONLY; The Azure Active Directory user id. AadUserID *string `json:"aadUserId,omitempty"` // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. AccountName *string `json:"accountName,omitempty"` // DisplayName - READ-ONLY; The display name of the account. DisplayName *string `json:"displayName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) HostEntityID *string `json:"hostEntityId,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. NtDomain *string `json:"ntDomain,omitempty"` // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // Puid - READ-ONLY; The Azure Active Directory Passport User ID. Puid *string `json:"puid,omitempty"` // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. Sid *string `json:"sid,omitempty"` // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. UpnSuffix *string `json:"upnSuffix,omitempty"` // DNSDomain - READ-ONLY; The fully qualified domain DNS name. DNSDomain *string `json:"dnsDomain,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
AccountEntityProperties account entity property bag.
func (AccountEntityProperties) MarshalJSON ¶
func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AccountEntityProperties.
type ActionPropertiesBase ¶
type ActionPropertiesBase struct { // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` }
ActionPropertiesBase action property bag base.
type ActionRequest ¶
type ActionRequest struct { // ActionRequestProperties - Action properties for put request *ActionRequestProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
ActionRequest action for alert rule.
func (ActionRequest) MarshalJSON ¶
func (ar ActionRequest) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActionRequest.
func (*ActionRequest) UnmarshalJSON ¶
func (ar *ActionRequest) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ActionRequest struct.
type ActionRequestProperties ¶
type ActionRequestProperties struct { // TriggerURI - Logic App Callback URL for this specific workflow. TriggerURI *string `json:"triggerUri,omitempty"` // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` }
ActionRequestProperties action property bag.
type ActionResponse ¶
type ActionResponse struct { autorest.Response `json:"-"` // Etag - Etag of the action. Etag *string `json:"etag,omitempty"` // ActionResponseProperties - Action properties for get request *ActionResponseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
ActionResponse action for alert rule.
func (ActionResponse) MarshalJSON ¶
func (ar ActionResponse) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActionResponse.
func (*ActionResponse) UnmarshalJSON ¶
func (ar *ActionResponse) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ActionResponse struct.
type ActionResponseProperties ¶
type ActionResponseProperties struct { // WorkflowID - The name of the logic app's workflow. WorkflowID *string `json:"workflowId,omitempty"` // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` }
ActionResponseProperties action property bag.
type ActionsClient ¶
type ActionsClient struct {
BaseClient
}
ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewActionsClient ¶
func NewActionsClient(subscriptionID string) ActionsClient
NewActionsClient creates an instance of the ActionsClient client.
func NewActionsClientWithBaseURI ¶
func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient
NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (ActionsClient) ListByAlertRule ¶
func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)
ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (ActionsClient) ListByAlertRuleComplete ¶
func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)
ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.
func (ActionsClient) ListByAlertRulePreparer ¶
func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
ListByAlertRulePreparer prepares the ListByAlertRule request.
func (ActionsClient) ListByAlertRuleResponder ¶
func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)
ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.
func (ActionsClient) ListByAlertRuleSender ¶
ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.
type ActionsList ¶
type ActionsList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of actions. NextLink *string `json:"nextLink,omitempty"` // Value - Array of actions. Value *[]ActionResponse `json:"value,omitempty"` }
ActionsList list all the actions.
func (ActionsList) IsEmpty ¶
func (al ActionsList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (ActionsList) MarshalJSON ¶
func (al ActionsList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActionsList.
type ActionsListIterator ¶
type ActionsListIterator struct {
// contains filtered or unexported fields
}
ActionsListIterator provides access to a complete listing of ActionResponse values.
func NewActionsListIterator ¶
func NewActionsListIterator(page ActionsListPage) ActionsListIterator
Creates a new instance of the ActionsListIterator type.
func (*ActionsListIterator) Next ¶
func (iter *ActionsListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ActionsListIterator) NextWithContext ¶
func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (ActionsListIterator) NotDone ¶
func (iter ActionsListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (ActionsListIterator) Response ¶
func (iter ActionsListIterator) Response() ActionsList
Response returns the raw server response from the last page request.
func (ActionsListIterator) Value ¶
func (iter ActionsListIterator) Value() ActionResponse
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type ActionsListPage ¶
type ActionsListPage struct {
// contains filtered or unexported fields
}
ActionsListPage contains a page of ActionResponse values.
func NewActionsListPage ¶
func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage
Creates a new instance of the ActionsListPage type.
func (*ActionsListPage) Next ¶
func (page *ActionsListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ActionsListPage) NextWithContext ¶
func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (ActionsListPage) NotDone ¶
func (page ActionsListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (ActionsListPage) Response ¶
func (page ActionsListPage) Response() ActionsList
Response returns the raw server response from the last page request.
func (ActionsListPage) Values ¶
func (page ActionsListPage) Values() []ActionResponse
Values returns the slice of values for the current page or nil if there are no values.
type ActivityTimelineItem ¶
type ActivityTimelineItem struct { // QueryID - The activity query id. QueryID *string `json:"queryId,omitempty"` // BucketStartTimeUTC - The grouping bucket start time. BucketStartTimeUTC *date.Time `json:"bucketStartTimeUTC,omitempty"` // BucketEndTimeUTC - The grouping bucket end time. BucketEndTimeUTC *date.Time `json:"bucketEndTimeUTC,omitempty"` // FirstActivityTimeUTC - The time of the first activity in the grouping bucket. FirstActivityTimeUTC *date.Time `json:"firstActivityTimeUTC,omitempty"` // LastActivityTimeUTC - The time of the last activity in the grouping bucket. LastActivityTimeUTC *date.Time `json:"lastActivityTimeUTC,omitempty"` // Content - The activity timeline content. Content *string `json:"content,omitempty"` // Title - The activity timeline title. Title *string `json:"title,omitempty"` // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` }
ActivityTimelineItem represents Activity timeline item.
func (ActivityTimelineItem) AsActivityTimelineItem ¶
func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
AsActivityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.
func (ActivityTimelineItem) AsBasicEntityTimelineItem ¶
func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.
func (ActivityTimelineItem) AsBookmarkTimelineItem ¶
func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.
func (ActivityTimelineItem) AsEntityTimelineItem ¶
func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
AsEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.
func (ActivityTimelineItem) AsSecurityAlertTimelineItem ¶
func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.
func (ActivityTimelineItem) MarshalJSON ¶
func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActivityTimelineItem.
type Aggregations ¶
type Aggregations struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' Kind Kind `json:"kind,omitempty"` }
Aggregations the aggregation.
func (Aggregations) AsAggregations ¶
func (a Aggregations) AsAggregations() (*Aggregations, bool)
AsAggregations is the BasicAggregations implementation for Aggregations.
func (Aggregations) AsBasicAggregations ¶
func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)
AsBasicAggregations is the BasicAggregations implementation for Aggregations.
func (Aggregations) AsCasesAggregation ¶
func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)
AsCasesAggregation is the BasicAggregations implementation for Aggregations.
func (Aggregations) MarshalJSON ¶
func (a Aggregations) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for Aggregations.
type AggregationsKind ¶
type AggregationsKind struct { // Kind - The kind of the setting Kind *string `json:"kind,omitempty"` }
AggregationsKind describes an Azure resource with kind.
type AggregationsModel ¶
type AggregationsModel struct { autorest.Response `json:"-"` Value BasicAggregations `json:"value,omitempty"` }
AggregationsModel ...
func (*AggregationsModel) UnmarshalJSON ¶
func (am *AggregationsModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.
type AlertRule ¶
type AlertRule struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
AlertRule alert rule.
func (AlertRule) AsAlertRule ¶
AsAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsBasicAlertRule ¶
func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsFusionAlertRule ¶
func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsScheduledAlertRule ¶
func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) MarshalJSON ¶
MarshalJSON is the custom marshaler for AlertRule.
type AlertRuleKind ¶
type AlertRuleKind string
AlertRuleKind enumerates the values for alert rule kind.
const ( // Fusion ... Fusion AlertRuleKind = "Fusion" // MicrosoftSecurityIncidentCreation ... MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" )
func PossibleAlertRuleKindValues ¶
func PossibleAlertRuleKindValues() []AlertRuleKind
PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.
type AlertRuleKind1 ¶
type AlertRuleKind1 struct { // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` }
AlertRuleKind1 describes an Azure resource with kind.
type AlertRuleModel ¶
type AlertRuleModel struct { autorest.Response `json:"-"` Value BasicAlertRule `json:"value,omitempty"` }
AlertRuleModel ...
func (*AlertRuleModel) UnmarshalJSON ¶
func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.
type AlertRuleTemplate ¶
type AlertRuleTemplate struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
AlertRuleTemplate alert rule template.
func (AlertRuleTemplate) AsAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) MarshalJSON ¶
func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AlertRuleTemplate.
type AlertRuleTemplateDataSource ¶
type AlertRuleTemplateDataSource struct { // ConnectorID - The connector id that provides the following data types ConnectorID *string `json:"connectorId,omitempty"` // DataTypes - The data types used by the alert rule template DataTypes *[]string `json:"dataTypes,omitempty"` }
AlertRuleTemplateDataSource alert rule template data sources
type AlertRuleTemplateModel ¶
type AlertRuleTemplateModel struct { autorest.Response `json:"-"` Value BasicAlertRuleTemplate `json:"value,omitempty"` }
AlertRuleTemplateModel ...
func (*AlertRuleTemplateModel) UnmarshalJSON ¶
func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.
type AlertRuleTemplatePropertiesBase ¶
type AlertRuleTemplatePropertiesBase struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data sources for this template RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` }
AlertRuleTemplatePropertiesBase base alert rule template property bag.
func (AlertRuleTemplatePropertiesBase) MarshalJSON ¶
func (artpb AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AlertRuleTemplatePropertiesBase.
type AlertRuleTemplatesClient ¶
type AlertRuleTemplatesClient struct {
BaseClient
}
AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewAlertRuleTemplatesClient ¶
func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient
NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.
func NewAlertRuleTemplatesClientWithBaseURI ¶
func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient
NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (AlertRuleTemplatesClient) Get ¶
func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)
Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID
func (AlertRuleTemplatesClient) GetPreparer ¶
func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (AlertRuleTemplatesClient) GetResponder ¶
func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (AlertRuleTemplatesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (AlertRuleTemplatesClient) List ¶
func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)
List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (AlertRuleTemplatesClient) ListComplete ¶
func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (AlertRuleTemplatesClient) ListPreparer ¶
func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (AlertRuleTemplatesClient) ListResponder ¶
func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (AlertRuleTemplatesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type AlertRuleTemplatesList ¶
type AlertRuleTemplatesList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. NextLink *string `json:"nextLink,omitempty"` // Value - Array of alert rule templates. Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` }
AlertRuleTemplatesList list all the alert rule templates.
func (AlertRuleTemplatesList) IsEmpty ¶
func (artl AlertRuleTemplatesList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (AlertRuleTemplatesList) MarshalJSON ¶
func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AlertRuleTemplatesList.
func (*AlertRuleTemplatesList) UnmarshalJSON ¶
func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.
type AlertRuleTemplatesListIterator ¶
type AlertRuleTemplatesListIterator struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.
func NewAlertRuleTemplatesListIterator ¶
func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator
Creates a new instance of the AlertRuleTemplatesListIterator type.
func (*AlertRuleTemplatesListIterator) Next ¶
func (iter *AlertRuleTemplatesListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRuleTemplatesListIterator) NextWithContext ¶
func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (AlertRuleTemplatesListIterator) NotDone ¶
func (iter AlertRuleTemplatesListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (AlertRuleTemplatesListIterator) Response ¶
func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList
Response returns the raw server response from the last page request.
func (AlertRuleTemplatesListIterator) Value ¶
func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type AlertRuleTemplatesListPage ¶
type AlertRuleTemplatesListPage struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.
func NewAlertRuleTemplatesListPage ¶
func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage
Creates a new instance of the AlertRuleTemplatesListPage type.
func (*AlertRuleTemplatesListPage) Next ¶
func (page *AlertRuleTemplatesListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRuleTemplatesListPage) NextWithContext ¶
func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (AlertRuleTemplatesListPage) NotDone ¶
func (page AlertRuleTemplatesListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (AlertRuleTemplatesListPage) Response ¶
func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList
Response returns the raw server response from the last page request.
func (AlertRuleTemplatesListPage) Values ¶
func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate
Values returns the slice of values for the current page or nil if there are no values.
type AlertRulesClient ¶
type AlertRulesClient struct {
BaseClient
}
AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewAlertRulesClient ¶
func NewAlertRulesClient(subscriptionID string) AlertRulesClient
NewAlertRulesClient creates an instance of the AlertRulesClient client.
func NewAlertRulesClientWithBaseURI ¶
func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient
NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (AlertRulesClient) CreateOrUpdate ¶
func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)
CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule
func (AlertRulesClient) CreateOrUpdateAction ¶
func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)
CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action
func (AlertRulesClient) CreateOrUpdateActionPreparer ¶
func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)
CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.
func (AlertRulesClient) CreateOrUpdateActionResponder ¶
func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)
CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.
func (AlertRulesClient) CreateOrUpdateActionSender ¶
func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)
CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) CreateOrUpdatePreparer ¶
func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (AlertRulesClient) CreateOrUpdateResponder ¶
func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (AlertRulesClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) Delete ¶
func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)
Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (AlertRulesClient) DeleteAction ¶
func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)
DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID
func (AlertRulesClient) DeleteActionPreparer ¶
func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)
DeleteActionPreparer prepares the DeleteAction request.
func (AlertRulesClient) DeleteActionResponder ¶
func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)
DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.
func (AlertRulesClient) DeleteActionSender ¶
DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) DeletePreparer ¶
func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (AlertRulesClient) DeleteResponder ¶
func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (AlertRulesClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) Get ¶
func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)
Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (AlertRulesClient) GetAction ¶
func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)
GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID
func (AlertRulesClient) GetActionPreparer ¶
func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)
GetActionPreparer prepares the GetAction request.
func (AlertRulesClient) GetActionResponder ¶
func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)
GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.
func (AlertRulesClient) GetActionSender ¶
GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) GetPreparer ¶
func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (AlertRulesClient) GetResponder ¶
func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (AlertRulesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) List ¶
func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)
List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (AlertRulesClient) ListComplete ¶
func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (AlertRulesClient) ListPreparer ¶
func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (AlertRulesClient) ListResponder ¶
func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (AlertRulesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type AlertRulesList ¶
type AlertRulesList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of alert rules. NextLink *string `json:"nextLink,omitempty"` // Value - Array of alert rules. Value *[]BasicAlertRule `json:"value,omitempty"` }
AlertRulesList list all the alert rules.
func (AlertRulesList) IsEmpty ¶
func (arl AlertRulesList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (AlertRulesList) MarshalJSON ¶
func (arl AlertRulesList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AlertRulesList.
func (*AlertRulesList) UnmarshalJSON ¶
func (arl *AlertRulesList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.
type AlertRulesListIterator ¶
type AlertRulesListIterator struct {
// contains filtered or unexported fields
}
AlertRulesListIterator provides access to a complete listing of AlertRule values.
func NewAlertRulesListIterator ¶
func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator
Creates a new instance of the AlertRulesListIterator type.
func (*AlertRulesListIterator) Next ¶
func (iter *AlertRulesListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRulesListIterator) NextWithContext ¶
func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (AlertRulesListIterator) NotDone ¶
func (iter AlertRulesListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (AlertRulesListIterator) Response ¶
func (iter AlertRulesListIterator) Response() AlertRulesList
Response returns the raw server response from the last page request.
func (AlertRulesListIterator) Value ¶
func (iter AlertRulesListIterator) Value() BasicAlertRule
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type AlertRulesListPage ¶
type AlertRulesListPage struct {
// contains filtered or unexported fields
}
AlertRulesListPage contains a page of BasicAlertRule values.
func NewAlertRulesListPage ¶
func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage
Creates a new instance of the AlertRulesListPage type.
func (*AlertRulesListPage) Next ¶
func (page *AlertRulesListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRulesListPage) NextWithContext ¶
func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (AlertRulesListPage) NotDone ¶
func (page AlertRulesListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (AlertRulesListPage) Response ¶
func (page AlertRulesListPage) Response() AlertRulesList
Response returns the raw server response from the last page request.
func (AlertRulesListPage) Values ¶
func (page AlertRulesListPage) Values() []BasicAlertRule
Values returns the slice of values for the current page or nil if there are no values.
type AlertSeverity ¶
type AlertSeverity string
AlertSeverity enumerates the values for alert severity.
const ( // High High severity High AlertSeverity = "High" // Informational Informational severity Informational AlertSeverity = "Informational" // Low Low severity Low AlertSeverity = "Low" // Medium Medium severity Medium AlertSeverity = "Medium" )
func PossibleAlertSeverityValues ¶
func PossibleAlertSeverityValues() []AlertSeverity
PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.
type AlertStatus ¶
type AlertStatus string
AlertStatus enumerates the values for alert status.
const ( // AlertStatusDismissed Alert dismissed as false positive AlertStatusDismissed AlertStatus = "Dismissed" // AlertStatusInProgress Alert is being handled AlertStatusInProgress AlertStatus = "InProgress" // AlertStatusNew New alert AlertStatusNew AlertStatus = "New" // AlertStatusResolved Alert closed after handling AlertStatusResolved AlertStatus = "Resolved" // AlertStatusUnknown Unknown value AlertStatusUnknown AlertStatus = "Unknown" )
func PossibleAlertStatusValues ¶
func PossibleAlertStatusValues() []AlertStatus
PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.
type AlertsDataTypeOfDataConnector ¶
type AlertsDataTypeOfDataConnector struct { // Alerts - Alerts data type connection. Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` }
AlertsDataTypeOfDataConnector alerts data type for data connectors.
type AlertsDataTypeOfDataConnectorAlerts ¶
type AlertsDataTypeOfDataConnectorAlerts struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
AlertsDataTypeOfDataConnectorAlerts alerts data type connection.
type AttackTactic ¶
type AttackTactic string
AttackTactic enumerates the values for attack tactic.
const ( // Collection ... Collection AttackTactic = "Collection" // CommandAndControl ... CommandAndControl AttackTactic = "CommandAndControl" // CredentialAccess ... CredentialAccess AttackTactic = "CredentialAccess" // DefenseEvasion ... DefenseEvasion AttackTactic = "DefenseEvasion" // Discovery ... Discovery AttackTactic = "Discovery" // Execution ... Execution AttackTactic = "Execution" // Exfiltration ... Exfiltration AttackTactic = "Exfiltration" // Impact ... Impact AttackTactic = "Impact" // InitialAccess ... InitialAccess AttackTactic = "InitialAccess" // LateralMovement ... LateralMovement AttackTactic = "LateralMovement" // Persistence ... Persistence AttackTactic = "Persistence" // PreAttack ... PreAttack AttackTactic = "PreAttack" // PrivilegeEscalation ... PrivilegeEscalation AttackTactic = "PrivilegeEscalation" )
func PossibleAttackTacticValues ¶
func PossibleAttackTacticValues() []AttackTactic
PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.
type AwsCloudTrailCheckRequirements ¶
type AwsCloudTrailCheckRequirements struct { // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request.
func (AwsCloudTrailCheckRequirements) AsAADCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsAATPCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsASCCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsMCASCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsTICheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (actcr AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) MarshalJSON ¶
func (actcr AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AwsCloudTrailCheckRequirements.
type AwsCloudTrailDataConnector ¶
type AwsCloudTrailDataConnector struct { // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.
func (AwsCloudTrailDataConnector) AsAADDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsAATPDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsASCDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsBasicDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsMCASDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsMDATPDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsOfficeATPDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsOfficeDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsTIDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsTiTaxiiDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) MarshalJSON ¶
func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.
func (*AwsCloudTrailDataConnector) UnmarshalJSON ¶
func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.
type AwsCloudTrailDataConnectorDataTypes ¶
type AwsCloudTrailDataConnectorDataTypes struct { // Logs - Logs data type. Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` }
AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.
type AwsCloudTrailDataConnectorDataTypesLogs ¶
type AwsCloudTrailDataConnectorDataTypesLogs struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
AwsCloudTrailDataConnectorDataTypesLogs logs data type.
type AwsCloudTrailDataConnectorProperties ¶
type AwsCloudTrailDataConnectorProperties struct { // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. AwsRoleArn *string `json:"awsRoleArn,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` }
AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.
type AzureResourceEntity ¶
type AzureResourceEntity struct { // AzureResourceEntityProperties - AzureResource entity properties *AzureResourceEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
AzureResourceEntity represents an azure resource entity.
func (AzureResourceEntity) AsAccountEntity ¶
func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsAzureResourceEntity ¶
func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsBasicEntity ¶
func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsCloudApplicationEntity ¶
func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsDNSEntity ¶
func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsEntity ¶
func (are AzureResourceEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsFileEntity ¶
func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsFileHashEntity ¶
func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsHostEntity ¶
func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsHuntingBookmark ¶
func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsIPEntity ¶
func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsIoTDeviceEntity ¶
func (are AzureResourceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsMalwareEntity ¶
func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsProcessEntity ¶
func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsRegistryKeyEntity ¶
func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsRegistryValueEntity ¶
func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsSecurityAlert ¶
func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsSecurityGroupEntity ¶
func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsURLEntity ¶
func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) MarshalJSON ¶
func (are AzureResourceEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AzureResourceEntity.
func (*AzureResourceEntity) UnmarshalJSON ¶
func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.
type AzureResourceEntityProperties ¶
type AzureResourceEntityProperties struct { // ResourceID - READ-ONLY; The azure resource id of the resource ResourceID *string `json:"resourceId,omitempty"` // SubscriptionID - READ-ONLY; The subscription id of the resource SubscriptionID *string `json:"subscriptionId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
AzureResourceEntityProperties azureResource entity property bag.
func (AzureResourceEntityProperties) MarshalJSON ¶
func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AzureResourceEntityProperties.
type BaseClient ¶
BaseClient is the base client for Securityinsight.
func New ¶
func New(subscriptionID string) BaseClient
New creates an instance of the BaseClient client.
func NewWithBaseURI ¶
func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient
NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
type BasicAggregations ¶
type BasicAggregations interface { AsCasesAggregation() (*CasesAggregation, bool) AsAggregations() (*Aggregations, bool) }
BasicAggregations the aggregation.
type BasicAlertRule ¶
type BasicAlertRule interface { AsFusionAlertRule() (*FusionAlertRule, bool) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) AsScheduledAlertRule() (*ScheduledAlertRule, bool) AsAlertRule() (*AlertRule, bool) }
BasicAlertRule alert rule.
type BasicAlertRuleTemplate ¶
type BasicAlertRuleTemplate interface { AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) }
BasicAlertRuleTemplate alert rule template.
type BasicDataConnector ¶
type BasicDataConnector interface { AsAADDataConnector() (*AADDataConnector, bool) AsAATPDataConnector() (*AATPDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool) AsDataConnector() (*DataConnector, bool) }
BasicDataConnector data connector.
type BasicDataConnectorsCheckRequirements ¶
type BasicDataConnectorsCheckRequirements interface { AsAADCheckRequirements() (*AADCheckRequirements, bool) AsAATPCheckRequirements() (*AATPCheckRequirements, bool) AsASCCheckRequirements() (*ASCCheckRequirements, bool) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool) AsMCASCheckRequirements() (*MCASCheckRequirements, bool) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool) AsTICheckRequirements() (*TICheckRequirements, bool) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool) }
BasicDataConnectorsCheckRequirements data connector requirements properties.
type BasicEntity ¶
type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) AsAzureResourceEntity() (*AzureResourceEntity, bool) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) AsDNSEntity() (*DNSEntity, bool) AsFileEntity() (*FileEntity, bool) AsFileHashEntity() (*FileHashEntity, bool) AsHostEntity() (*HostEntity, bool) AsHuntingBookmark() (*HuntingBookmark, bool) AsSecurityAlert() (*SecurityAlert, bool) AsIPEntity() (*IPEntity, bool) AsMalwareEntity() (*MalwareEntity, bool) AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsIoTDeviceEntity() (*IoTDeviceEntity, bool) AsEntity() (*Entity, bool) }
BasicEntity specific entity.
type BasicEntityTimelineItem ¶
type BasicEntityTimelineItem interface { AsActivityTimelineItem() (*ActivityTimelineItem, bool) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool) AsEntityTimelineItem() (*EntityTimelineItem, bool) }
BasicEntityTimelineItem entity timeline Item.
type BasicSettings ¶
type BasicSettings interface { AsEyesOn() (*EyesOn, bool) AsEntityAnalytics() (*EntityAnalytics, bool) AsUeba() (*Ueba, bool) AsSettings() (*Settings, bool) }
BasicSettings the Setting.
type BasicThreatIntelligenceInformation ¶
type BasicThreatIntelligenceInformation interface { AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool) }
BasicThreatIntelligenceInformation threat intelligence information object.
type Bookmark ¶
type Bookmark struct { autorest.Response `json:"-"` // BookmarkProperties - Bookmark properties *BookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Bookmark represents a bookmark in Azure Security Insights.
func (Bookmark) MarshalJSON ¶
MarshalJSON is the custom marshaler for Bookmark.
func (*Bookmark) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Bookmark struct.
type BookmarkClient ¶
type BookmarkClient struct {
BaseClient
}
BookmarkClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewBookmarkClient ¶
func NewBookmarkClient(subscriptionID string) BookmarkClient
NewBookmarkClient creates an instance of the BookmarkClient client.
func NewBookmarkClientWithBaseURI ¶
func NewBookmarkClientWithBaseURI(baseURI string, subscriptionID string) BookmarkClient
NewBookmarkClientWithBaseURI creates an instance of the BookmarkClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (BookmarkClient) Expand ¶
func (client BookmarkClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (result BookmarkExpandResponse, err error)
Expand expand an bookmark Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID parameters - the parameters required to execute an expand operation on the given bookmark.
func (BookmarkClient) ExpandPreparer ¶
func (client BookmarkClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (*http.Request, error)
ExpandPreparer prepares the Expand request.
func (BookmarkClient) ExpandResponder ¶
func (client BookmarkClient) ExpandResponder(resp *http.Response) (result BookmarkExpandResponse, err error)
ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.
func (BookmarkClient) ExpandSender ¶
ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.
type BookmarkExpandParameters ¶
type BookmarkExpandParameters struct { // EndTime - The end date filter, so the only expansion results returned are before this date. EndTime *date.Time `json:"endTime,omitempty"` // ExpansionID - The Id of the expansion to perform. ExpansionID *uuid.UUID `json:"expansionId,omitempty"` // StartTime - The start date filter, so the only expansion results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` }
BookmarkExpandParameters the parameters required to execute an expand operation on the given bookmark.
type BookmarkExpandResponse ¶
type BookmarkExpandResponse struct { autorest.Response `json:"-"` // MetaData - The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` // Value - The expansion result values. Value *BookmarkExpandResponseValue `json:"value,omitempty"` }
BookmarkExpandResponse the entity expansion result operation response.
type BookmarkExpandResponseValue ¶
type BookmarkExpandResponseValue struct { // Entities - Array of the expansion result entities. Entities *[]BasicEntity `json:"entities,omitempty"` }
BookmarkExpandResponseValue the expansion result values.
func (*BookmarkExpandResponseValue) UnmarshalJSON ¶
func (ber *BookmarkExpandResponseValue) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for BookmarkExpandResponseValue struct.
type BookmarkList ¶
type BookmarkList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of cases. NextLink *string `json:"nextLink,omitempty"` // Value - Array of bookmarks. Value *[]Bookmark `json:"value,omitempty"` }
BookmarkList list all the bookmarks.
func (BookmarkList) IsEmpty ¶
func (bl BookmarkList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (BookmarkList) MarshalJSON ¶
func (bl BookmarkList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for BookmarkList.
type BookmarkListIterator ¶
type BookmarkListIterator struct {
// contains filtered or unexported fields
}
BookmarkListIterator provides access to a complete listing of Bookmark values.
func NewBookmarkListIterator ¶
func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator
Creates a new instance of the BookmarkListIterator type.
func (*BookmarkListIterator) Next ¶
func (iter *BookmarkListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkListIterator) NextWithContext ¶
func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (BookmarkListIterator) NotDone ¶
func (iter BookmarkListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (BookmarkListIterator) Response ¶
func (iter BookmarkListIterator) Response() BookmarkList
Response returns the raw server response from the last page request.
func (BookmarkListIterator) Value ¶
func (iter BookmarkListIterator) Value() Bookmark
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type BookmarkListPage ¶
type BookmarkListPage struct {
// contains filtered or unexported fields
}
BookmarkListPage contains a page of Bookmark values.
func NewBookmarkListPage ¶
func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage
Creates a new instance of the BookmarkListPage type.
func (*BookmarkListPage) Next ¶
func (page *BookmarkListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkListPage) NextWithContext ¶
func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (BookmarkListPage) NotDone ¶
func (page BookmarkListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (BookmarkListPage) Response ¶
func (page BookmarkListPage) Response() BookmarkList
Response returns the raw server response from the last page request.
func (BookmarkListPage) Values ¶
func (page BookmarkListPage) Values() []Bookmark
Values returns the slice of values for the current page or nil if there are no values.
type BookmarkProperties ¶
type BookmarkProperties struct { // Created - The time the bookmark was created Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // DisplayName - The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` // Notes - The notes of the bookmark Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` // QueryResult - The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` // Updated - The last time the bookmark was updated Updated *date.Time `json:"updated,omitempty"` // UpdatedBy - Describes a user that updated the bookmark UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // IncidentInfo - Describes an incident that relates to bookmark IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` }
BookmarkProperties describes bookmark properties
type BookmarkRelationsClient ¶
type BookmarkRelationsClient struct {
BaseClient
}
BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewBookmarkRelationsClient ¶
func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient
NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.
func NewBookmarkRelationsClientWithBaseURI ¶
func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient
NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (BookmarkRelationsClient) CreateOrUpdateRelation ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (result Relation, err error)
CreateOrUpdateRelation creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relation - the relation model
func (BookmarkRelationsClient) CreateOrUpdateRelationPreparer ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (*http.Request, error)
CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.
func (BookmarkRelationsClient) CreateOrUpdateRelationResponder ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)
CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) CreateOrUpdateRelationSender ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) DeleteRelation ¶
func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)
DeleteRelation delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name
func (BookmarkRelationsClient) DeleteRelationPreparer ¶
func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)
DeleteRelationPreparer prepares the DeleteRelation request.
func (BookmarkRelationsClient) DeleteRelationResponder ¶
func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) DeleteRelationSender ¶
func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) GetRelation ¶
func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result Relation, err error)
GetRelation gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name
func (BookmarkRelationsClient) GetRelationPreparer ¶
func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (BookmarkRelationsClient) GetRelationResponder ¶
func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) List ¶
func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)
List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (BookmarkRelationsClient) ListComplete ¶
func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (BookmarkRelationsClient) ListPreparer ¶
func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (BookmarkRelationsClient) ListResponder ¶
func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type BookmarkTimelineItem ¶
type BookmarkTimelineItem struct { // AzureResourceID - The bookmark azure resource id. AzureResourceID *string `json:"azureResourceId,omitempty"` // DisplayName - The bookmark display name. DisplayName *string `json:"displayName,omitempty"` // Notes - The notes of the bookmark Notes *string `json:"notes,omitempty"` // EndTimeUtc - The bookmark end time. EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // StartTimeUtc - TThe bookmark start time. StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // EventTime - The bookmark event time. EventTime *date.Time `json:"eventTime,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` }
BookmarkTimelineItem represents bookmark timeline item.
func (BookmarkTimelineItem) AsActivityTimelineItem ¶
func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
AsActivityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.
func (BookmarkTimelineItem) AsBasicEntityTimelineItem ¶
func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.
func (BookmarkTimelineItem) AsBookmarkTimelineItem ¶
func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.
func (BookmarkTimelineItem) AsEntityTimelineItem ¶
func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
AsEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.
func (BookmarkTimelineItem) AsSecurityAlertTimelineItem ¶
func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.
func (BookmarkTimelineItem) MarshalJSON ¶
func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for BookmarkTimelineItem.
type BookmarksClient ¶
type BookmarksClient struct {
BaseClient
}
BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewBookmarksClient ¶
func NewBookmarksClient(subscriptionID string) BookmarksClient
NewBookmarksClient creates an instance of the BookmarksClient client.
func NewBookmarksClientWithBaseURI ¶
func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient
NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (BookmarksClient) CreateOrUpdate ¶
func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)
CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark
func (BookmarksClient) CreateOrUpdatePreparer ¶
func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (BookmarksClient) CreateOrUpdateResponder ¶
func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (BookmarksClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) Delete ¶
func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)
Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID
func (BookmarksClient) DeletePreparer ¶
func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (BookmarksClient) DeleteResponder ¶
func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (BookmarksClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) Get ¶
func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)
Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID
func (BookmarksClient) GetPreparer ¶
func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (BookmarksClient) GetResponder ¶
func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (BookmarksClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) List ¶
func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)
List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (BookmarksClient) ListComplete ¶
func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (BookmarksClient) ListPreparer ¶
func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (BookmarksClient) ListResponder ¶
func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (BookmarksClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type Case ¶
type Case struct { autorest.Response `json:"-"` // CaseProperties - Case properties *CaseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Case represents a case in Azure Security Insights.
func (Case) MarshalJSON ¶
MarshalJSON is the custom marshaler for Case.
func (*Case) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Case struct.
type CaseComment ¶
type CaseComment struct { autorest.Response `json:"-"` // CaseCommentProperties - Case comment properties *CaseCommentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
CaseComment represents a case comment
func (CaseComment) MarshalJSON ¶
func (cc CaseComment) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseComment.
func (*CaseComment) UnmarshalJSON ¶
func (cc *CaseComment) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CaseComment struct.
type CaseCommentList ¶
type CaseCommentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of comments. NextLink *string `json:"nextLink,omitempty"` // Value - Array of comments. Value *[]CaseComment `json:"value,omitempty"` }
CaseCommentList list of case comments.
func (CaseCommentList) IsEmpty ¶
func (ccl CaseCommentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (CaseCommentList) MarshalJSON ¶
func (ccl CaseCommentList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseCommentList.
type CaseCommentListIterator ¶
type CaseCommentListIterator struct {
// contains filtered or unexported fields
}
CaseCommentListIterator provides access to a complete listing of CaseComment values.
func NewCaseCommentListIterator ¶
func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator
Creates a new instance of the CaseCommentListIterator type.
func (*CaseCommentListIterator) Next ¶
func (iter *CaseCommentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseCommentListIterator) NextWithContext ¶
func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseCommentListIterator) NotDone ¶
func (iter CaseCommentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseCommentListIterator) Response ¶
func (iter CaseCommentListIterator) Response() CaseCommentList
Response returns the raw server response from the last page request.
func (CaseCommentListIterator) Value ¶
func (iter CaseCommentListIterator) Value() CaseComment
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseCommentListPage ¶
type CaseCommentListPage struct {
// contains filtered or unexported fields
}
CaseCommentListPage contains a page of CaseComment values.
func NewCaseCommentListPage ¶
func NewCaseCommentListPage(cur CaseCommentList, getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage
Creates a new instance of the CaseCommentListPage type.
func (*CaseCommentListPage) Next ¶
func (page *CaseCommentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseCommentListPage) NextWithContext ¶
func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseCommentListPage) NotDone ¶
func (page CaseCommentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseCommentListPage) Response ¶
func (page CaseCommentListPage) Response() CaseCommentList
Response returns the raw server response from the last page request.
func (CaseCommentListPage) Values ¶
func (page CaseCommentListPage) Values() []CaseComment
Values returns the slice of values for the current page or nil if there are no values.
type CaseCommentProperties ¶
type CaseCommentProperties struct { // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // Message - The comment message Message *string `json:"message,omitempty"` // UserInfo - READ-ONLY; Describes the user that created the comment UserInfo *UserInfo `json:"userInfo,omitempty"` }
CaseCommentProperties case comment property bag.
func (CaseCommentProperties) MarshalJSON ¶
func (ccp CaseCommentProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseCommentProperties.
type CaseCommentsClient ¶
type CaseCommentsClient struct {
BaseClient
}
CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCaseCommentsClient ¶
func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient
NewCaseCommentsClient creates an instance of the CaseCommentsClient client.
func NewCaseCommentsClientWithBaseURI ¶
func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient
NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (CaseCommentsClient) CreateComment ¶
func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)
CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment
func (CaseCommentsClient) CreateCommentPreparer ¶
func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)
CreateCommentPreparer prepares the CreateComment request.
func (CaseCommentsClient) CreateCommentResponder ¶
func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)
CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.
func (CaseCommentsClient) CreateCommentSender ¶
CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.
type CaseList ¶
type CaseList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of cases. NextLink *string `json:"nextLink,omitempty"` // Value - Array of cases. Value *[]Case `json:"value,omitempty"` }
CaseList list all the cases.
func (CaseList) MarshalJSON ¶
MarshalJSON is the custom marshaler for CaseList.
type CaseListIterator ¶
type CaseListIterator struct {
// contains filtered or unexported fields
}
CaseListIterator provides access to a complete listing of Case values.
func NewCaseListIterator ¶
func NewCaseListIterator(page CaseListPage) CaseListIterator
Creates a new instance of the CaseListIterator type.
func (*CaseListIterator) Next ¶
func (iter *CaseListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseListIterator) NextWithContext ¶
func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseListIterator) NotDone ¶
func (iter CaseListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseListIterator) Response ¶
func (iter CaseListIterator) Response() CaseList
Response returns the raw server response from the last page request.
func (CaseListIterator) Value ¶
func (iter CaseListIterator) Value() Case
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseListPage ¶
type CaseListPage struct {
// contains filtered or unexported fields
}
CaseListPage contains a page of Case values.
func NewCaseListPage ¶
func NewCaseListPage(cur CaseList, getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage
Creates a new instance of the CaseListPage type.
func (*CaseListPage) Next ¶
func (page *CaseListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseListPage) NextWithContext ¶
func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseListPage) NotDone ¶
func (page CaseListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseListPage) Response ¶
func (page CaseListPage) Response() CaseList
Response returns the raw server response from the last page request.
func (CaseListPage) Values ¶
func (page CaseListPage) Values() []Case
Values returns the slice of values for the current page or nil if there are no values.
type CaseProperties ¶
type CaseProperties struct { // CaseNumber - READ-ONLY; a sequential number CaseNumber *int32 `json:"caseNumber,omitempty"` // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` // ClosedReasonText - the case close reason details ClosedReasonText *string `json:"closedReasonText,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // Description - The description of the case Description *string `json:"description,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // Labels - List of labels relevant to this case Labels *[]string `json:"labels,omitempty"` // LastComment - READ-ONLY; the last comment in the case LastComment *string `json:"lastComment,omitempty"` // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` // Owner - Describes a user that the case is assigned to Owner *UserInfo `json:"owner,omitempty"` // RelatedAlertIds - READ-ONLY; List of related alert identifiers RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` // Tactics - READ-ONLY; The tactics associated with case Tactics *[]AttackTactic `json:"tactics,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` // StartTimeUtc - The start time of the case StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` // Title - The title of the case Title *string `json:"title,omitempty"` // TotalComments - READ-ONLY; the number of total comments in the case TotalComments *int32 `json:"totalComments,omitempty"` }
CaseProperties describes case properties
func (CaseProperties) MarshalJSON ¶
func (cp CaseProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseProperties.
type CaseRelation ¶
type CaseRelation struct { autorest.Response `json:"-"` // CaseRelationProperties - Case relation properties *CaseRelationProperties `json:"properties,omitempty"` // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
CaseRelation represents a case relation
func (CaseRelation) MarshalJSON ¶
func (cr CaseRelation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseRelation.
func (*CaseRelation) UnmarshalJSON ¶
func (cr *CaseRelation) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CaseRelation struct.
type CaseRelationList ¶
type CaseRelationList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of relations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of relations. Value *[]CaseRelation `json:"value,omitempty"` }
CaseRelationList list of case relations.
func (CaseRelationList) IsEmpty ¶
func (crl CaseRelationList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (CaseRelationList) MarshalJSON ¶
func (crl CaseRelationList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseRelationList.
type CaseRelationListIterator ¶
type CaseRelationListIterator struct {
// contains filtered or unexported fields
}
CaseRelationListIterator provides access to a complete listing of CaseRelation values.
func NewCaseRelationListIterator ¶
func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator
Creates a new instance of the CaseRelationListIterator type.
func (*CaseRelationListIterator) Next ¶
func (iter *CaseRelationListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseRelationListIterator) NextWithContext ¶
func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseRelationListIterator) NotDone ¶
func (iter CaseRelationListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseRelationListIterator) Response ¶
func (iter CaseRelationListIterator) Response() CaseRelationList
Response returns the raw server response from the last page request.
func (CaseRelationListIterator) Value ¶
func (iter CaseRelationListIterator) Value() CaseRelation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseRelationListPage ¶
type CaseRelationListPage struct {
// contains filtered or unexported fields
}
CaseRelationListPage contains a page of CaseRelation values.
func NewCaseRelationListPage ¶
func NewCaseRelationListPage(cur CaseRelationList, getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage
Creates a new instance of the CaseRelationListPage type.
func (*CaseRelationListPage) Next ¶
func (page *CaseRelationListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseRelationListPage) NextWithContext ¶
func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseRelationListPage) NotDone ¶
func (page CaseRelationListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseRelationListPage) Response ¶
func (page CaseRelationListPage) Response() CaseRelationList
Response returns the raw server response from the last page request.
func (CaseRelationListPage) Values ¶
func (page CaseRelationListPage) Values() []CaseRelation
Values returns the slice of values for the current page or nil if there are no values.
type CaseRelationProperties ¶
type CaseRelationProperties struct { // RelationName - Name of relation RelationName *string `json:"relationName,omitempty"` // BookmarkID - The case related bookmark id BookmarkID *string `json:"bookmarkId,omitempty"` // CaseIdentifier - The case identifier CaseIdentifier *string `json:"caseIdentifier,omitempty"` // BookmarkName - The case related bookmark name BookmarkName *string `json:"bookmarkName,omitempty"` }
CaseRelationProperties case relation properties
type CaseRelationsClient ¶
type CaseRelationsClient struct {
BaseClient
}
CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCaseRelationsClient ¶
func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient
NewCaseRelationsClient creates an instance of the CaseRelationsClient client.
func NewCaseRelationsClientWithBaseURI ¶
func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient
NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (CaseRelationsClient) CreateOrUpdateRelation ¶
func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error)
CreateOrUpdateRelation creates or updates the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name relationInputModel - the relation input model
func (CaseRelationsClient) CreateOrUpdateRelationPreparer ¶
func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)
CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.
func (CaseRelationsClient) CreateOrUpdateRelationResponder ¶
func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)
CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) CreateOrUpdateRelationSender ¶
func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) DeleteRelation ¶
func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error)
DeleteRelation delete the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name
func (CaseRelationsClient) DeleteRelationPreparer ¶
func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)
DeleteRelationPreparer prepares the DeleteRelation request.
func (CaseRelationsClient) DeleteRelationResponder ¶
func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) DeleteRelationSender ¶
DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) GetRelation ¶
func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error)
GetRelation gets a case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name
func (CaseRelationsClient) GetRelationPreparer ¶
func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (CaseRelationsClient) GetRelationResponder ¶
func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) List ¶
func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error)
List gets all case relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CaseRelationsClient) ListComplete ¶
func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (CaseRelationsClient) ListPreparer ¶
func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (CaseRelationsClient) ListResponder ¶
func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (CaseRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type CaseSeverity ¶
type CaseSeverity string
CaseSeverity enumerates the values for case severity.
const ( // CaseSeverityCritical Critical severity CaseSeverityCritical CaseSeverity = "Critical" // CaseSeverityHigh High severity CaseSeverityHigh CaseSeverity = "High" // CaseSeverityInformational Informational severity CaseSeverityInformational CaseSeverity = "Informational" // CaseSeverityLow Low severity CaseSeverityLow CaseSeverity = "Low" // CaseSeverityMedium Medium severity CaseSeverityMedium CaseSeverity = "Medium" )
func PossibleCaseSeverityValues ¶
func PossibleCaseSeverityValues() []CaseSeverity
PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.
type CaseStatus ¶
type CaseStatus string
CaseStatus enumerates the values for case status.
const ( // CaseStatusClosed A non active case CaseStatusClosed CaseStatus = "Closed" // CaseStatusDraft Case that wasn't promoted yet to active CaseStatusDraft CaseStatus = "Draft" // CaseStatusInProgress An active case which is handled CaseStatusInProgress CaseStatus = "InProgress" // CaseStatusNew An active case which isn't handled currently CaseStatusNew CaseStatus = "New" )
func PossibleCaseStatusValues ¶
func PossibleCaseStatusValues() []CaseStatus
PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.
type CasesAggregation ¶
type CasesAggregation struct { // CasesAggregationProperties - Properties of aggregations results of cases. *CasesAggregationProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' Kind Kind `json:"kind,omitempty"` }
CasesAggregation represents aggregations results for cases.
func (CasesAggregation) AsAggregations ¶
func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)
AsAggregations is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) AsBasicAggregations ¶
func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)
AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) AsCasesAggregation ¶
func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)
AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) MarshalJSON ¶
func (ca CasesAggregation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CasesAggregation.
func (*CasesAggregation) UnmarshalJSON ¶
func (ca *CasesAggregation) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.
type CasesAggregationBySeverityProperties ¶
type CasesAggregationBySeverityProperties struct { // TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"` // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"` // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"` // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` }
CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.
type CasesAggregationByStatusProperties ¶
type CasesAggregationByStatusProperties struct { // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"` // TotalNewStatus - READ-ONLY; Total amount of open cases with status New TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"` }
CasesAggregationByStatusProperties aggregative results of cases by status property bag.
type CasesAggregationProperties ¶
type CasesAggregationProperties struct { // AggregationBySeverity - Aggregations results by case severity. AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"` // AggregationByStatus - Aggregations results by case status. AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` }
CasesAggregationProperties aggregative results of cases property bag.
type CasesAggregationsClient ¶
type CasesAggregationsClient struct {
BaseClient
}
CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCasesAggregationsClient ¶
func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient
NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.
func NewCasesAggregationsClientWithBaseURI ¶
func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient
NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (CasesAggregationsClient) Get ¶
func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)
Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases
func (CasesAggregationsClient) GetPreparer ¶
func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)
GetPreparer prepares the Get request.
func (CasesAggregationsClient) GetResponder ¶
func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
type CasesClient ¶
type CasesClient struct {
BaseClient
}
CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCasesClient ¶
func NewCasesClient(subscriptionID string) CasesClient
NewCasesClient creates an instance of the CasesClient client.
func NewCasesClientWithBaseURI ¶
func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient
NewCasesClientWithBaseURI creates an instance of the CasesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (CasesClient) CreateOrUpdate ¶
func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)
CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case
func (CasesClient) CreateOrUpdatePreparer ¶
func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (CasesClient) CreateOrUpdateResponder ¶
func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (CasesClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (CasesClient) Delete ¶
func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)
Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID
func (CasesClient) DeletePreparer ¶
func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (CasesClient) DeleteResponder ¶
func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (CasesClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (CasesClient) Get ¶
func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)
Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID
func (CasesClient) GetComment ¶
func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)
GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID
func (CasesClient) GetCommentPreparer ¶
func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)
GetCommentPreparer prepares the GetComment request.
func (CasesClient) GetCommentResponder ¶
func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)
GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.
func (CasesClient) GetCommentSender ¶
GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.
func (CasesClient) GetPreparer ¶
func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (CasesClient) GetResponder ¶
func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (CasesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (CasesClient) List ¶
func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)
List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CasesClient) ListComplete ¶
func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (CasesClient) ListPreparer ¶
func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (CasesClient) ListResponder ¶
func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (CasesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type ClientInfo ¶
type ClientInfo struct { // Email - The email of the client. Email *string `json:"email,omitempty"` // Name - The name of the client. Name *string `json:"name,omitempty"` // ObjectID - The object id of the client. ObjectID *uuid.UUID `json:"objectId,omitempty"` // UserPrincipalName - The user principal name of the client. UserPrincipalName *string `json:"userPrincipalName,omitempty"` }
ClientInfo information on the client (user or application) that made some action
type CloseReason ¶
type CloseReason string
CloseReason enumerates the values for close reason.
const ( // Dismissed Case was dismissed Dismissed CloseReason = "Dismissed" // FalsePositive Case was false positive FalsePositive CloseReason = "FalsePositive" // Other Case was closed for another reason Other CloseReason = "Other" // Resolved Case was resolved Resolved CloseReason = "Resolved" // TruePositive Case was true positive TruePositive CloseReason = "TruePositive" )
func PossibleCloseReasonValues ¶
func PossibleCloseReasonValues() []CloseReason
PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.
type CloudApplicationEntity ¶
type CloudApplicationEntity struct { // CloudApplicationEntityProperties - CloudApplication entity properties *CloudApplicationEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
CloudApplicationEntity represents a cloud application entity.
func (CloudApplicationEntity) AsAccountEntity ¶
func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsAzureResourceEntity ¶
func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsBasicEntity ¶
func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsCloudApplicationEntity ¶
func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsDNSEntity ¶
func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsEntity ¶
func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsFileEntity ¶
func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsFileHashEntity ¶
func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsHostEntity ¶
func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsHuntingBookmark ¶
func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsIPEntity ¶
func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsIoTDeviceEntity ¶
func (cae CloudApplicationEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsMalwareEntity ¶
func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsProcessEntity ¶
func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsRegistryKeyEntity ¶
func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsRegistryValueEntity ¶
func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsSecurityAlert ¶
func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsSecurityGroupEntity ¶
func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsURLEntity ¶
func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) MarshalJSON ¶
func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudApplicationEntity.
func (*CloudApplicationEntity) UnmarshalJSON ¶
func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.
type CloudApplicationEntityProperties ¶
type CloudApplicationEntityProperties struct { // AppID - READ-ONLY; The technical identifier of the application. AppID *int32 `json:"appId,omitempty"` // AppName - READ-ONLY; The name of the related cloud application. AppName *string `json:"appName,omitempty"` // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. InstanceName *string `json:"instanceName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
CloudApplicationEntityProperties cloudApplication entity property bag.
func (CloudApplicationEntityProperties) MarshalJSON ¶
func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.
type CloudError ¶
type CloudError struct { // CloudErrorBody - Error data *CloudErrorBody `json:"error,omitempty"` }
CloudError error response structure.
func (CloudError) MarshalJSON ¶
func (ce CloudError) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudError.
func (*CloudError) UnmarshalJSON ¶
func (ce *CloudError) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CloudError struct.
type CloudErrorBody ¶
type CloudErrorBody struct { // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. Code *string `json:"code,omitempty"` // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. Message *string `json:"message,omitempty"` }
CloudErrorBody error details.
type CommentsClient ¶
type CommentsClient struct {
BaseClient
}
CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCommentsClient ¶
func NewCommentsClient(subscriptionID string) CommentsClient
NewCommentsClient creates an instance of the CommentsClient client.
func NewCommentsClientWithBaseURI ¶
func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient
NewCommentsClientWithBaseURI creates an instance of the CommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (CommentsClient) ListByCase ¶
func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)
ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CommentsClient) ListByCaseComplete ¶
func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)
ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.
func (CommentsClient) ListByCasePreparer ¶
func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListByCasePreparer prepares the ListByCase request.
func (CommentsClient) ListByCaseResponder ¶
func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)
ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.
func (CommentsClient) ListByCaseSender ¶
ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.
type ConfidenceLevel ¶
type ConfidenceLevel string
ConfidenceLevel enumerates the values for confidence level.
const ( // ConfidenceLevelHigh High confidence that the alert is true positive malicious ConfidenceLevelHigh ConfidenceLevel = "High" // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an // attack ConfidenceLevelLow ConfidenceLevel = "Low" // ConfidenceLevelUnknown Unknown confidence, the is the default value ConfidenceLevelUnknown ConfidenceLevel = "Unknown" )
func PossibleConfidenceLevelValues ¶
func PossibleConfidenceLevelValues() []ConfidenceLevel
PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.
type ConfidenceScoreStatus ¶
type ConfidenceScoreStatus string
ConfidenceScoreStatus enumerates the values for confidence score status.
const ( // Final Final score was calculated and available Final ConfidenceScoreStatus = "Final" // InProcess No score was set yet and calculation is in progress InProcess ConfidenceScoreStatus = "InProcess" // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst NotApplicable ConfidenceScoreStatus = "NotApplicable" // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time // following the processing of additional data NotFinal ConfidenceScoreStatus = "NotFinal" )
func PossibleConfidenceScoreStatusValues ¶
func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus
PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.
type DNSEntity ¶
type DNSEntity struct { // DNSEntityProperties - Dns entity properties *DNSEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
DNSEntity represents a dns entity.
func (DNSEntity) AsAccountEntity ¶
func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsAzureResourceEntity ¶
func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsBasicEntity ¶
func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsCloudApplicationEntity ¶
func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsFileEntity ¶
func (de DNSEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsFileHashEntity ¶
func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsHostEntity ¶
func (de DNSEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsHuntingBookmark ¶
func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsIoTDeviceEntity ¶
func (de DNSEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsMalwareEntity ¶
func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsProcessEntity ¶
func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsRegistryKeyEntity ¶
func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsRegistryValueEntity ¶
func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsSecurityAlert ¶
func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsSecurityGroupEntity ¶
func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for DNSEntity.
func (*DNSEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for DNSEntity struct.
type DNSEntityProperties ¶
type DNSEntityProperties struct { // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` // DomainName - READ-ONLY; The name of the dns record associated with the alert DomainName *string `json:"domainName,omitempty"` // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
DNSEntityProperties dns entity property bag.
func (DNSEntityProperties) MarshalJSON ¶
func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DNSEntityProperties.
type DataConnector ¶
type DataConnector struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
DataConnector data connector.
func (DataConnector) AsAADDataConnector ¶
func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsAATPDataConnector ¶
func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsASCDataConnector ¶
func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsAwsCloudTrailDataConnector ¶
func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsBasicDataConnector ¶
func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsDataConnector ¶
func (dc DataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsMCASDataConnector ¶
func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsMDATPDataConnector ¶
func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsOfficeATPDataConnector ¶
func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsOfficeDataConnector ¶
func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsTIDataConnector ¶
func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsTiTaxiiDataConnector ¶
func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) MarshalJSON ¶
func (dc DataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DataConnector.
type DataConnectorAuthorizationState ¶
type DataConnectorAuthorizationState string
DataConnectorAuthorizationState enumerates the values for data connector authorization state.
const ( // Invalid ... Invalid DataConnectorAuthorizationState = "Invalid" // Valid ... Valid DataConnectorAuthorizationState = "Valid" )
func PossibleDataConnectorAuthorizationStateValues ¶
func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState
PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.
type DataConnectorDataTypeCommon ¶
type DataConnectorDataTypeCommon struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
DataConnectorDataTypeCommon common field for data type in data connectors.
type DataConnectorKind ¶
type DataConnectorKind string
DataConnectorKind enumerates the values for data connector kind.
const ( // DataConnectorKindAmazonWebServicesCloudTrail ... DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" // DataConnectorKindAzureActiveDirectory ... DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" // DataConnectorKindAzureAdvancedThreatProtection ... DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" // DataConnectorKindAzureSecurityCenter ... DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" // DataConnectorKindMicrosoftCloudAppSecurity ... DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" // DataConnectorKindOfficeATP ... DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" // DataConnectorKindThreatIntelligenceTaxii ... DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" )
func PossibleDataConnectorKindValues ¶
func PossibleDataConnectorKindValues() []DataConnectorKind
PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.
type DataConnectorKind1 ¶
type DataConnectorKind1 struct { // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` }
DataConnectorKind1 describes an Azure resource with kind.
type DataConnectorLicenseState ¶
type DataConnectorLicenseState string
DataConnectorLicenseState enumerates the values for data connector license state.
const ( // DataConnectorLicenseStateInvalid ... DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" // DataConnectorLicenseStateUnknown ... DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" // DataConnectorLicenseStateValid ... DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" )
func PossibleDataConnectorLicenseStateValues ¶
func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState
PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.
type DataConnectorList ¶
type DataConnectorList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of data connectors. NextLink *string `json:"nextLink,omitempty"` // Value - Array of data connectors. Value *[]BasicDataConnector `json:"value,omitempty"` }
DataConnectorList list all the data connectors.
func (DataConnectorList) IsEmpty ¶
func (dcl DataConnectorList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (DataConnectorList) MarshalJSON ¶
func (dcl DataConnectorList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DataConnectorList.
func (*DataConnectorList) UnmarshalJSON ¶
func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.
type DataConnectorListIterator ¶
type DataConnectorListIterator struct {
// contains filtered or unexported fields
}
DataConnectorListIterator provides access to a complete listing of DataConnector values.
func NewDataConnectorListIterator ¶
func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator
Creates a new instance of the DataConnectorListIterator type.
func (*DataConnectorListIterator) Next ¶
func (iter *DataConnectorListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*DataConnectorListIterator) NextWithContext ¶
func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (DataConnectorListIterator) NotDone ¶
func (iter DataConnectorListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (DataConnectorListIterator) Response ¶
func (iter DataConnectorListIterator) Response() DataConnectorList
Response returns the raw server response from the last page request.
func (DataConnectorListIterator) Value ¶
func (iter DataConnectorListIterator) Value() BasicDataConnector
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type DataConnectorListPage ¶
type DataConnectorListPage struct {
// contains filtered or unexported fields
}
DataConnectorListPage contains a page of BasicDataConnector values.
func NewDataConnectorListPage ¶
func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage
Creates a new instance of the DataConnectorListPage type.
func (*DataConnectorListPage) Next ¶
func (page *DataConnectorListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*DataConnectorListPage) NextWithContext ¶
func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (DataConnectorListPage) NotDone ¶
func (page DataConnectorListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (DataConnectorListPage) Response ¶
func (page DataConnectorListPage) Response() DataConnectorList
Response returns the raw server response from the last page request.
func (DataConnectorListPage) Values ¶
func (page DataConnectorListPage) Values() []BasicDataConnector
Values returns the slice of values for the current page or nil if there are no values.
type DataConnectorModel ¶
type DataConnectorModel struct { autorest.Response `json:"-"` Value BasicDataConnector `json:"value,omitempty"` }
DataConnectorModel ...
func (*DataConnectorModel) UnmarshalJSON ¶
func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.
type DataConnectorRequirementsState ¶
type DataConnectorRequirementsState struct { autorest.Response `json:"-"` // AuthorizationState - Authorization state for this connector. Possible values include: 'Valid', 'Invalid' AuthorizationState DataConnectorAuthorizationState `json:"authorizationState,omitempty"` // LicenseState - License state for this connector. Possible values include: 'DataConnectorLicenseStateValid', 'DataConnectorLicenseStateInvalid', 'DataConnectorLicenseStateUnknown' LicenseState DataConnectorLicenseState `json:"licenseState,omitempty"` }
DataConnectorRequirementsState data connector requirements status.
type DataConnectorTenantID ¶
type DataConnectorTenantID struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
DataConnectorTenantID properties data connector on tenant level.
type DataConnectorWithAlertsProperties ¶
type DataConnectorWithAlertsProperties struct { // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
DataConnectorWithAlertsProperties data connector properties.
type DataConnectorsCheckRequirements ¶
type DataConnectorsCheckRequirements struct { // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
DataConnectorsCheckRequirements data connector requirements properties.
func (DataConnectorsCheckRequirements) AsAADCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsAATPCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsASCCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsMCASCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsMDATPCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsTICheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (dccr DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.
func (DataConnectorsCheckRequirements) MarshalJSON ¶
func (dccr DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DataConnectorsCheckRequirements.
type DataConnectorsCheckRequirementsClient ¶
type DataConnectorsCheckRequirementsClient struct {
BaseClient
}
DataConnectorsCheckRequirementsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewDataConnectorsCheckRequirementsClient ¶
func NewDataConnectorsCheckRequirementsClient(subscriptionID string) DataConnectorsCheckRequirementsClient
NewDataConnectorsCheckRequirementsClient creates an instance of the DataConnectorsCheckRequirementsClient client.
func NewDataConnectorsCheckRequirementsClientWithBaseURI ¶
func NewDataConnectorsCheckRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsCheckRequirementsClient
NewDataConnectorsCheckRequirementsClientWithBaseURI creates an instance of the DataConnectorsCheckRequirementsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (DataConnectorsCheckRequirementsClient) Post ¶
func (client DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (result DataConnectorRequirementsState, err error)
Post get requirements state for a data connector type. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. dataConnectorsCheckRequirements - the parameters for requirements check message
func (DataConnectorsCheckRequirementsClient) PostPreparer ¶
func (client DataConnectorsCheckRequirementsClient) PostPreparer(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (*http.Request, error)
PostPreparer prepares the Post request.
func (DataConnectorsCheckRequirementsClient) PostResponder ¶
func (client DataConnectorsCheckRequirementsClient) PostResponder(resp *http.Response) (result DataConnectorRequirementsState, err error)
PostResponder handles the response to the Post request. The method always closes the http.Response Body.
func (DataConnectorsCheckRequirementsClient) PostSender ¶
func (client DataConnectorsCheckRequirementsClient) PostSender(req *http.Request) (*http.Response, error)
PostSender sends the Post request. The method will close the http.Response Body if it receives an error.
type DataConnectorsClient ¶
type DataConnectorsClient struct {
BaseClient
}
DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewDataConnectorsClient ¶
func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient
NewDataConnectorsClient creates an instance of the DataConnectorsClient client.
func NewDataConnectorsClientWithBaseURI ¶
func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient
NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (DataConnectorsClient) CreateOrUpdate ¶
func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)
CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector
func (DataConnectorsClient) CreateOrUpdatePreparer ¶
func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (DataConnectorsClient) CreateOrUpdateResponder ¶
func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (DataConnectorsClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) Delete ¶
func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)
Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID
func (DataConnectorsClient) DeletePreparer ¶
func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (DataConnectorsClient) DeleteResponder ¶
func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (DataConnectorsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) Get ¶
func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)
Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID
func (DataConnectorsClient) GetPreparer ¶
func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (DataConnectorsClient) GetResponder ¶
func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (DataConnectorsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) List ¶
func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)
List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (DataConnectorsClient) ListComplete ¶
func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (DataConnectorsClient) ListPreparer ¶
func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (DataConnectorsClient) ListResponder ¶
func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (DataConnectorsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type DataTypeState ¶
type DataTypeState string
DataTypeState enumerates the values for data type state.
const ( // Disabled ... Disabled DataTypeState = "Disabled" // Enabled ... Enabled DataTypeState = "Enabled" )
func PossibleDataTypeStateValues ¶
func PossibleDataTypeStateValues() []DataTypeState
PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.
type ElevationToken ¶
type ElevationToken string
ElevationToken enumerates the values for elevation token.
const ( // Default Default elevation token Default ElevationToken = "Default" // Full Full elevation token Full ElevationToken = "Full" // Limited Limited elevation token Limited ElevationToken = "Limited" )
func PossibleElevationTokenValues ¶
func PossibleElevationTokenValues() []ElevationToken
PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.
type EntitiesClient ¶
type EntitiesClient struct {
BaseClient
}
EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntitiesClient ¶
func NewEntitiesClient(subscriptionID string) EntitiesClient
NewEntitiesClient creates an instance of the EntitiesClient client.
func NewEntitiesClientWithBaseURI ¶
func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient
NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (EntitiesClient) Expand ¶
func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)
Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.
func (EntitiesClient) ExpandPreparer ¶
func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)
ExpandPreparer prepares the Expand request.
func (EntitiesClient) ExpandResponder ¶
func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)
ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.
func (EntitiesClient) ExpandSender ¶
ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.
func (EntitiesClient) Get ¶
func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)
Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID
func (EntitiesClient) GetPreparer ¶
func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (EntitiesClient) GetResponder ¶
func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (EntitiesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (EntitiesClient) List ¶
func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)
List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (EntitiesClient) ListComplete ¶
func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (EntitiesClient) ListPreparer ¶
func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (EntitiesClient) ListResponder ¶
func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntitiesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type EntitiesGetTimelineClient ¶
type EntitiesGetTimelineClient struct {
BaseClient
}
EntitiesGetTimelineClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntitiesGetTimelineClient ¶
func NewEntitiesGetTimelineClient(subscriptionID string) EntitiesGetTimelineClient
NewEntitiesGetTimelineClient creates an instance of the EntitiesGetTimelineClient client.
func NewEntitiesGetTimelineClientWithBaseURI ¶
func NewEntitiesGetTimelineClientWithBaseURI(baseURI string, subscriptionID string) EntitiesGetTimelineClient
NewEntitiesGetTimelineClientWithBaseURI creates an instance of the EntitiesGetTimelineClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (EntitiesGetTimelineClient) List ¶
func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (result EntityTimelineResponse, err error)
List timeline for an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an timeline operation on the given entity.
func (EntitiesGetTimelineClient) ListPreparer ¶
func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (*http.Request, error)
ListPreparer prepares the List request.
func (EntitiesGetTimelineClient) ListResponder ¶
func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntitiesGetTimelineClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type EntitiesMatchingMethod ¶
type EntitiesMatchingMethod string
EntitiesMatchingMethod enumerates the values for entities matching method.
const ( // All Grouping alerts into a single incident if all the entities match All EntitiesMatchingMethod = "All" // Custom Grouping alerts into a single incident if the selected entities match Custom EntitiesMatchingMethod = "Custom" // None Grouping all alerts triggered by this rule into a single incident None EntitiesMatchingMethod = "None" )
func PossibleEntitiesMatchingMethodValues ¶
func PossibleEntitiesMatchingMethodValues() []EntitiesMatchingMethod
PossibleEntitiesMatchingMethodValues returns an array of possible values for the EntitiesMatchingMethod const type.
type EntitiesRelationsClient ¶
type EntitiesRelationsClient struct {
BaseClient
}
EntitiesRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntitiesRelationsClient ¶
func NewEntitiesRelationsClient(subscriptionID string) EntitiesRelationsClient
NewEntitiesRelationsClient creates an instance of the EntitiesRelationsClient client.
func NewEntitiesRelationsClientWithBaseURI ¶
func NewEntitiesRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntitiesRelationsClient
NewEntitiesRelationsClientWithBaseURI creates an instance of the EntitiesRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (EntitiesRelationsClient) List ¶
func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)
List gets all relations of an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (EntitiesRelationsClient) ListComplete ¶
func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (EntitiesRelationsClient) ListPreparer ¶
func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (EntitiesRelationsClient) ListResponder ¶
func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntitiesRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type Entity ¶
type Entity struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
Entity specific entity.
func (Entity) AsAccountEntity ¶
func (e Entity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for Entity.
func (Entity) AsAzureResourceEntity ¶
func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for Entity.
func (Entity) AsBasicEntity ¶
func (e Entity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for Entity.
func (Entity) AsCloudApplicationEntity ¶
func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for Entity.
func (Entity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for Entity.
func (Entity) AsFileEntity ¶
func (e Entity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for Entity.
func (Entity) AsFileHashEntity ¶
func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for Entity.
func (Entity) AsHostEntity ¶
func (e Entity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for Entity.
func (Entity) AsHuntingBookmark ¶
func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for Entity.
func (Entity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for Entity.
func (Entity) AsIoTDeviceEntity ¶
func (e Entity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for Entity.
func (Entity) AsMalwareEntity ¶
func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for Entity.
func (Entity) AsProcessEntity ¶
func (e Entity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for Entity.
func (Entity) AsRegistryKeyEntity ¶
func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for Entity.
func (Entity) AsRegistryValueEntity ¶
func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for Entity.
func (Entity) AsSecurityAlert ¶
func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for Entity.
func (Entity) AsSecurityGroupEntity ¶
func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for Entity.
func (Entity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for Entity.
func (Entity) MarshalJSON ¶
MarshalJSON is the custom marshaler for Entity.
type EntityAnalytics ¶
type EntityAnalytics struct { // EntityAnalyticsProperties - EntityAnalytics properties *EntityAnalyticsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` }
EntityAnalytics settings with single toggle.
func (EntityAnalytics) AsBasicSettings ¶
func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for EntityAnalytics.
func (EntityAnalytics) AsEntityAnalytics ¶
func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool)
AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics.
func (EntityAnalytics) AsEyesOn ¶
func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool)
AsEyesOn is the BasicSettings implementation for EntityAnalytics.
func (EntityAnalytics) AsSettings ¶
func (ea EntityAnalytics) AsSettings() (*Settings, bool)
AsSettings is the BasicSettings implementation for EntityAnalytics.
func (EntityAnalytics) AsUeba ¶
func (ea EntityAnalytics) AsUeba() (*Ueba, bool)
AsUeba is the BasicSettings implementation for EntityAnalytics.
func (EntityAnalytics) MarshalJSON ¶
func (ea EntityAnalytics) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityAnalytics.
func (*EntityAnalytics) UnmarshalJSON ¶
func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct.
type EntityAnalyticsProperties ¶
type EntityAnalyticsProperties struct { // IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty"` }
EntityAnalyticsProperties entityAnalytics property bag.
type EntityCommonProperties ¶
type EntityCommonProperties struct { // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
EntityCommonProperties entity common property bag.
func (EntityCommonProperties) MarshalJSON ¶
func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityCommonProperties.
type EntityExpandParameters ¶
type EntityExpandParameters struct { // EndTime - The end date filter, so the only expansion results returned are before this date. EndTime *date.Time `json:"endTime,omitempty"` // ExpansionID - The Id of the expansion to perform. ExpansionID *uuid.UUID `json:"expansionId,omitempty"` // StartTime - The start date filter, so the only expansion results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` }
EntityExpandParameters the parameters required to execute an expand operation on the given entity.
type EntityExpandResponse ¶
type EntityExpandResponse struct { autorest.Response `json:"-"` // MetaData - The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` // Value - The expansion result values. Value *EntityExpandResponseValue `json:"value,omitempty"` }
EntityExpandResponse the entity expansion result operation response.
type EntityExpandResponseValue ¶
type EntityExpandResponseValue struct { // Entities - Array of the expansion result entities. Entities *[]BasicEntity `json:"entities,omitempty"` }
EntityExpandResponseValue the expansion result values.
func (*EntityExpandResponseValue) UnmarshalJSON ¶
func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.
type EntityKind ¶
type EntityKind string
EntityKind enumerates the values for entity kind.
const ( // EntityKindAccount Entity represents account in the system. EntityKindAccount EntityKind = "Account" // EntityKindAzureResource Entity represents azure resource in the system. EntityKindAzureResource EntityKind = "AzureResource" // EntityKindBookmark Entity represents bookmark in the system. EntityKindBookmark EntityKind = "Bookmark" // EntityKindCloudApplication Entity represents cloud application in the system. EntityKindCloudApplication EntityKind = "CloudApplication" // EntityKindDNSResolution Entity represents dns resolution in the system. EntityKindDNSResolution EntityKind = "DnsResolution" // EntityKindFile Entity represents file in the system. EntityKindFile EntityKind = "File" // EntityKindFileHash Entity represents file hash in the system. EntityKindFileHash EntityKind = "FileHash" // EntityKindHost Entity represents host in the system. EntityKindHost EntityKind = "Host" // EntityKindIoTDevice Entity represents IoT device in the system. EntityKindIoTDevice EntityKind = "IoTDevice" // EntityKindIP Entity represents ip in the system. EntityKindIP EntityKind = "Ip" // EntityKindMalware Entity represents malware in the system. EntityKindMalware EntityKind = "Malware" // EntityKindProcess Entity represents process in the system. EntityKindProcess EntityKind = "Process" // EntityKindRegistryKey Entity represents registry key in the system. EntityKindRegistryKey EntityKind = "RegistryKey" // EntityKindRegistryValue Entity represents registry value in the system. EntityKindRegistryValue EntityKind = "RegistryValue" // EntityKindSecurityAlert Entity represents security alert in the system. EntityKindSecurityAlert EntityKind = "SecurityAlert" // EntityKindSecurityGroup Entity represents security group in the system. EntityKindSecurityGroup EntityKind = "SecurityGroup" // EntityKindURL Entity represents url in the system. EntityKindURL EntityKind = "Url" )
func PossibleEntityKindValues ¶
func PossibleEntityKindValues() []EntityKind
PossibleEntityKindValues returns an array of possible values for the EntityKind const type.
type EntityKind1 ¶
type EntityKind1 struct { // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' Kind EntityKind `json:"kind,omitempty"` }
EntityKind1 describes an entity with kind.
type EntityList ¶
type EntityList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of entities. NextLink *string `json:"nextLink,omitempty"` // Value - Array of entities. Value *[]BasicEntity `json:"value,omitempty"` }
EntityList list of all the entities.
func (EntityList) IsEmpty ¶
func (el EntityList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (EntityList) MarshalJSON ¶
func (el EntityList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityList.
func (*EntityList) UnmarshalJSON ¶
func (el *EntityList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityList struct.
type EntityListIterator ¶
type EntityListIterator struct {
// contains filtered or unexported fields
}
EntityListIterator provides access to a complete listing of Entity values.
func NewEntityListIterator ¶
func NewEntityListIterator(page EntityListPage) EntityListIterator
Creates a new instance of the EntityListIterator type.
func (*EntityListIterator) Next ¶
func (iter *EntityListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityListIterator) NextWithContext ¶
func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (EntityListIterator) NotDone ¶
func (iter EntityListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (EntityListIterator) Response ¶
func (iter EntityListIterator) Response() EntityList
Response returns the raw server response from the last page request.
func (EntityListIterator) Value ¶
func (iter EntityListIterator) Value() BasicEntity
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type EntityListPage ¶
type EntityListPage struct {
// contains filtered or unexported fields
}
EntityListPage contains a page of BasicEntity values.
func NewEntityListPage ¶
func NewEntityListPage(cur EntityList, getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage
Creates a new instance of the EntityListPage type.
func (*EntityListPage) Next ¶
func (page *EntityListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityListPage) NextWithContext ¶
func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (EntityListPage) NotDone ¶
func (page EntityListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (EntityListPage) Response ¶
func (page EntityListPage) Response() EntityList
Response returns the raw server response from the last page request.
func (EntityListPage) Values ¶
func (page EntityListPage) Values() []BasicEntity
Values returns the slice of values for the current page or nil if there are no values.
type EntityModel ¶
type EntityModel struct { autorest.Response `json:"-"` Value BasicEntity `json:"value,omitempty"` }
EntityModel ...
func (*EntityModel) UnmarshalJSON ¶
func (em *EntityModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityModel struct.
type EntityQueriesClient ¶
type EntityQueriesClient struct {
BaseClient
}
EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntityQueriesClient ¶
func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient
NewEntityQueriesClient creates an instance of the EntityQueriesClient client.
func NewEntityQueriesClientWithBaseURI ¶
func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient
NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (EntityQueriesClient) Get ¶
func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)
Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID
func (EntityQueriesClient) GetPreparer ¶
func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (EntityQueriesClient) GetResponder ¶
func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (EntityQueriesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (EntityQueriesClient) List ¶
func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)
List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (EntityQueriesClient) ListComplete ¶
func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (EntityQueriesClient) ListPreparer ¶
func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (EntityQueriesClient) ListResponder ¶
func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntityQueriesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type EntityQuery ¶
type EntityQuery struct { autorest.Response `json:"-"` // EntityQueryProperties - Entity query properties *EntityQueryProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
EntityQuery specific entity query.
func (EntityQuery) MarshalJSON ¶
func (eq EntityQuery) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityQuery.
func (*EntityQuery) UnmarshalJSON ¶
func (eq *EntityQuery) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityQuery struct.
type EntityQueryList ¶
type EntityQueryList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of entity queries. NextLink *string `json:"nextLink,omitempty"` // Value - Array of entity queries. Value *[]EntityQuery `json:"value,omitempty"` }
EntityQueryList list of all the entity queries.
func (EntityQueryList) IsEmpty ¶
func (eql EntityQueryList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (EntityQueryList) MarshalJSON ¶
func (eql EntityQueryList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityQueryList.
type EntityQueryListIterator ¶
type EntityQueryListIterator struct {
// contains filtered or unexported fields
}
EntityQueryListIterator provides access to a complete listing of EntityQuery values.
func NewEntityQueryListIterator ¶
func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator
Creates a new instance of the EntityQueryListIterator type.
func (*EntityQueryListIterator) Next ¶
func (iter *EntityQueryListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityQueryListIterator) NextWithContext ¶
func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (EntityQueryListIterator) NotDone ¶
func (iter EntityQueryListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (EntityQueryListIterator) Response ¶
func (iter EntityQueryListIterator) Response() EntityQueryList
Response returns the raw server response from the last page request.
func (EntityQueryListIterator) Value ¶
func (iter EntityQueryListIterator) Value() EntityQuery
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type EntityQueryListPage ¶
type EntityQueryListPage struct {
// contains filtered or unexported fields
}
EntityQueryListPage contains a page of EntityQuery values.
func NewEntityQueryListPage ¶
func NewEntityQueryListPage(cur EntityQueryList, getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage
Creates a new instance of the EntityQueryListPage type.
func (*EntityQueryListPage) Next ¶
func (page *EntityQueryListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityQueryListPage) NextWithContext ¶
func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (EntityQueryListPage) NotDone ¶
func (page EntityQueryListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (EntityQueryListPage) Response ¶
func (page EntityQueryListPage) Response() EntityQueryList
Response returns the raw server response from the last page request.
func (EntityQueryListPage) Values ¶
func (page EntityQueryListPage) Values() []EntityQuery
Values returns the slice of values for the current page or nil if there are no values.
type EntityQueryProperties ¶
type EntityQueryProperties struct { // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` // QueryTemplate - The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` }
EntityQueryProperties describes entity query properties
type EntityRelationsClient ¶
type EntityRelationsClient struct {
BaseClient
}
EntityRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntityRelationsClient ¶
func NewEntityRelationsClient(subscriptionID string) EntityRelationsClient
NewEntityRelationsClient creates an instance of the EntityRelationsClient client.
func NewEntityRelationsClientWithBaseURI ¶
func NewEntityRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntityRelationsClient
NewEntityRelationsClientWithBaseURI creates an instance of the EntityRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (EntityRelationsClient) GetRelation ¶
func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (result Relation, err error)
GetRelation gets an entity relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID relationName - relation Name
func (EntityRelationsClient) GetRelationPreparer ¶
func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (EntityRelationsClient) GetRelationResponder ¶
func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (EntityRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
type EntityTimelineItem ¶
type EntityTimelineItem struct { // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` }
EntityTimelineItem entity timeline Item.
func (EntityTimelineItem) AsActivityTimelineItem ¶
func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
AsActivityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.
func (EntityTimelineItem) AsBasicEntityTimelineItem ¶
func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.
func (EntityTimelineItem) AsBookmarkTimelineItem ¶
func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.
func (EntityTimelineItem) AsEntityTimelineItem ¶
func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
AsEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.
func (EntityTimelineItem) AsSecurityAlertTimelineItem ¶
func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.
func (EntityTimelineItem) MarshalJSON ¶
func (eti EntityTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityTimelineItem.
type EntityTimelineKind ¶
type EntityTimelineKind string
EntityTimelineKind enumerates the values for entity timeline kind.
const ( // EntityTimelineKindActivity activity EntityTimelineKindActivity EntityTimelineKind = "Activity" // EntityTimelineKindBookmark bookmarks EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" // EntityTimelineKindSecurityAlert security alerts EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" )
func PossibleEntityTimelineKindValues ¶
func PossibleEntityTimelineKindValues() []EntityTimelineKind
PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.
type EntityTimelineParameters ¶
type EntityTimelineParameters struct { // Kinds - Array of timeline Item kinds. Kinds *[]EntityTimelineKind `json:"kinds,omitempty"` // StartTime - The start timeline date, so the results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` // EndTime - The end timeline date, so the results returned are before this date. EndTime *date.Time `json:"endTime,omitempty"` // NumberOfBucket - The number of bucket for timeline queries aggregation. NumberOfBucket *int32 `json:"numberOfBucket,omitempty"` }
EntityTimelineParameters the parameters required to execute s timeline operation on the given entity.
type EntityTimelineResponse ¶
type EntityTimelineResponse struct { autorest.Response `json:"-"` // MetaData - The metadata from the timeline operation results. MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` // Value - The timeline result values. Value *[]BasicEntityTimelineItem `json:"value,omitempty"` }
EntityTimelineResponse the entity timeline result operation response.
func (*EntityTimelineResponse) UnmarshalJSON ¶
func (etr *EntityTimelineResponse) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityTimelineResponse struct.
type EntityType ¶
type EntityType string
EntityType enumerates the values for entity type.
const ( // EntityTypeAccount Entity represents account in the system. EntityTypeAccount EntityType = "Account" // EntityTypeAzureResource Entity represents azure resource in the system. EntityTypeAzureResource EntityType = "AzureResource" // EntityTypeCloudApplication Entity represents cloud application in the system. EntityTypeCloudApplication EntityType = "CloudApplication" // EntityTypeDNS Entity represents dns in the system. EntityTypeDNS EntityType = "DNS" // EntityTypeFile Entity represents file in the system. EntityTypeFile EntityType = "File" // EntityTypeFileHash Entity represents file hash in the system. EntityTypeFileHash EntityType = "FileHash" // EntityTypeHost Entity represents host in the system. EntityTypeHost EntityType = "Host" // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. EntityTypeHuntingBookmark EntityType = "HuntingBookmark" // EntityTypeIoTDevice Entity represents IoT device in the system. EntityTypeIoTDevice EntityType = "IoTDevice" // EntityTypeIP Entity represents ip in the system. EntityTypeIP EntityType = "IP" // EntityTypeMalware Entity represents malware in the system. EntityTypeMalware EntityType = "Malware" // EntityTypeProcess Entity represents process in the system. EntityTypeProcess EntityType = "Process" // EntityTypeRegistryKey Entity represents registry key in the system. EntityTypeRegistryKey EntityType = "RegistryKey" // EntityTypeRegistryValue Entity represents registry value in the system. EntityTypeRegistryValue EntityType = "RegistryValue" // EntityTypeSecurityAlert Entity represents security alert in the system. EntityTypeSecurityAlert EntityType = "SecurityAlert" // EntityTypeSecurityGroup Entity represents security group in the system. EntityTypeSecurityGroup EntityType = "SecurityGroup" // EntityTypeURL Entity represents url in the system. EntityTypeURL EntityType = "URL" )
func PossibleEntityTypeValues ¶
func PossibleEntityTypeValues() []EntityType
PossibleEntityTypeValues returns an array of possible values for the EntityType const type.
type EventGroupingAggregationKind ¶
type EventGroupingAggregationKind string
EventGroupingAggregationKind enumerates the values for event grouping aggregation kind.
const ( // AlertPerResult ... AlertPerResult EventGroupingAggregationKind = "AlertPerResult" // SingleAlert ... SingleAlert EventGroupingAggregationKind = "SingleAlert" )
func PossibleEventGroupingAggregationKindValues ¶
func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind
PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.
type EventGroupingSettings ¶
type EventGroupingSettings struct { // AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult' AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"` }
EventGroupingSettings event grouping settings property bag.
type ExpansionResultAggregation ¶
type ExpansionResultAggregation struct { // AggregationType - The common type of the aggregation. (for e.g. entity field name) AggregationType *string `json:"aggregationType,omitempty"` // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. Count *int32 `json:"count,omitempty"` // DisplayName - The display name of the aggregation by type. DisplayName *string `json:"displayName,omitempty"` // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' EntityKind EntityKind `json:"entityKind,omitempty"` }
ExpansionResultAggregation information of a specific aggregation in the expansion result.
type ExpansionResultsMetadata ¶
type ExpansionResultsMetadata struct { // Aggregations - Information of the aggregated nodes in the expansion result. Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` }
ExpansionResultsMetadata expansion result metadata.
type EyesOn ¶
type EyesOn struct { // EyesOnSettingsProperties - EyesOn properties *EyesOnSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` }
EyesOn settings with single toggle.
func (EyesOn) AsBasicSettings ¶
func (eo EyesOn) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for EyesOn.
func (EyesOn) AsEntityAnalytics ¶
func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool)
AsEntityAnalytics is the BasicSettings implementation for EyesOn.
func (EyesOn) AsSettings ¶
AsSettings is the BasicSettings implementation for EyesOn.
func (EyesOn) MarshalJSON ¶
MarshalJSON is the custom marshaler for EyesOn.
func (*EyesOn) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for EyesOn struct.
type EyesOnSettingsProperties ¶
type EyesOnSettingsProperties struct { // IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty"` }
EyesOnSettingsProperties eyesOn property bag.
type FileEntity ¶
type FileEntity struct { // FileEntityProperties - File entity properties *FileEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
FileEntity represents a file entity.
func (FileEntity) AsAccountEntity ¶
func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsAzureResourceEntity ¶
func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsBasicEntity ¶
func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsCloudApplicationEntity ¶
func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsDNSEntity ¶
func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsEntity ¶
func (fe FileEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsFileEntity ¶
func (fe FileEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsFileHashEntity ¶
func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsHostEntity ¶
func (fe FileEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsHuntingBookmark ¶
func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for FileEntity.
func (FileEntity) AsIPEntity ¶
func (fe FileEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsIoTDeviceEntity ¶
func (fe FileEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsMalwareEntity ¶
func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsProcessEntity ¶
func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsRegistryKeyEntity ¶
func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsRegistryValueEntity ¶
func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsSecurityAlert ¶
func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for FileEntity.
func (FileEntity) AsSecurityGroupEntity ¶
func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsURLEntity ¶
func (fe FileEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) MarshalJSON ¶
func (fe FileEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileEntity.
func (*FileEntity) UnmarshalJSON ¶
func (fe *FileEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FileEntity struct.
type FileEntityProperties ¶
type FileEntityProperties struct { // Directory - READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty"` // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id which the file belongs to HostEntityID *string `json:"hostEntityId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
FileEntityProperties file entity property bag.
func (FileEntityProperties) MarshalJSON ¶
func (fep FileEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileEntityProperties.
type FileHashAlgorithm ¶
type FileHashAlgorithm string
FileHashAlgorithm enumerates the values for file hash algorithm.
const ( // MD5 MD5 hash type MD5 FileHashAlgorithm = "MD5" // SHA1 SHA1 hash type SHA1 FileHashAlgorithm = "SHA1" // SHA256 SHA256 hash type SHA256 FileHashAlgorithm = "SHA256" // SHA256AC SHA256 Authenticode hash type SHA256AC FileHashAlgorithm = "SHA256AC" // Unknown Unknown hash algorithm Unknown FileHashAlgorithm = "Unknown" )
func PossibleFileHashAlgorithmValues ¶
func PossibleFileHashAlgorithmValues() []FileHashAlgorithm
PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.
type FileHashEntity ¶
type FileHashEntity struct { // FileHashEntityProperties - FileHash entity properties *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
FileHashEntity represents a file hash entity.
func (FileHashEntity) AsAccountEntity ¶
func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsAzureResourceEntity ¶
func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsBasicEntity ¶
func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsCloudApplicationEntity ¶
func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsDNSEntity ¶
func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsEntity ¶
func (fhe FileHashEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsFileEntity ¶
func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsFileHashEntity ¶
func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsHostEntity ¶
func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsHuntingBookmark ¶
func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsIPEntity ¶
func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsIoTDeviceEntity ¶
func (fhe FileHashEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsMalwareEntity ¶
func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsProcessEntity ¶
func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsRegistryKeyEntity ¶
func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsRegistryValueEntity ¶
func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsSecurityAlert ¶
func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsSecurityGroupEntity ¶
func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsURLEntity ¶
func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) MarshalJSON ¶
func (fhe FileHashEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileHashEntity.
func (*FileHashEntity) UnmarshalJSON ¶
func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.
type FileHashEntityProperties ¶
type FileHashEntityProperties struct { // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` // HashValue - READ-ONLY; The file hash value. HashValue *string `json:"hashValue,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
FileHashEntityProperties fileHash entity property bag.
func (FileHashEntityProperties) MarshalJSON ¶
func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileHashEntityProperties.
type FusionAlertRule ¶
type FusionAlertRule struct { // FusionAlertRuleProperties - Fusion alert rule properties *FusionAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
FusionAlertRule represents Fusion alert rule.
func (FusionAlertRule) AsAlertRule ¶
func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsBasicAlertRule ¶
func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsFusionAlertRule ¶
func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsScheduledAlertRule ¶
func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) MarshalJSON ¶
func (far FusionAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRule.
func (*FusionAlertRule) UnmarshalJSON ¶
func (far *FusionAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.
type FusionAlertRuleProperties ¶
type FusionAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - READ-ONLY; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // Tactics - READ-ONLY; The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` }
FusionAlertRuleProperties fusion alert rule base property bag.
func (FusionAlertRuleProperties) MarshalJSON ¶
func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRuleProperties.
type FusionAlertRuleTemplate ¶
type FusionAlertRuleTemplate struct { // FusionAlertRuleTemplateProperties - Fusion alert rule template properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
FusionAlertRuleTemplate represents Fusion alert rule template.
func (FusionAlertRuleTemplate) AsAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) MarshalJSON ¶
func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.
func (*FusionAlertRuleTemplate) UnmarshalJSON ¶
func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.
type FusionAlertRuleTemplateProperties ¶
type FusionAlertRuleTemplateProperties struct { // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data sources for this template RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` }
FusionAlertRuleTemplateProperties fusion alert rule template properties
func (FusionAlertRuleTemplateProperties) MarshalJSON ¶
func (fart FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties.
type GeoLocation ¶
type GeoLocation struct { // Asn - READ-ONLY; Autonomous System Number Asn *int32 `json:"asn,omitempty"` // City - READ-ONLY; City name City *string `json:"city,omitempty"` // CountryCode - READ-ONLY; The country code according to ISO 3166 format CountryCode *string `json:"countryCode,omitempty"` // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name CountryName *string `json:"countryName,omitempty"` // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. Latitude *float64 `json:"latitude,omitempty"` // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. Longitude *float64 `json:"longitude,omitempty"` // State - READ-ONLY; State name State *string `json:"state,omitempty"` }
GeoLocation the geo-location context attached to the ip entity
type GroupingConfiguration ¶
type GroupingConfiguration struct { // Enabled - Grouping enabled Enabled *bool `json:"enabled,omitempty"` // ReopenClosedIncident - Re-open closed matching incidents ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"` // LookbackDuration - Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) LookbackDuration *string `json:"lookbackDuration,omitempty"` // EntitiesMatchingMethod - Grouping matching method. Possible values include: 'All', 'None', 'Custom' EntitiesMatchingMethod EntitiesMatchingMethod `json:"entitiesMatchingMethod,omitempty"` // GroupByEntities - A list of entity types to group by (when entitiesMatchingMethod is Custom) GroupByEntities *[]GroupingEntityType `json:"groupByEntities,omitempty"` }
GroupingConfiguration grouping configuration property bag.
type GroupingEntityType ¶
type GroupingEntityType string
GroupingEntityType enumerates the values for grouping entity type.
const ( // Account Account entity Account GroupingEntityType = "Account" // Host Host entity Host GroupingEntityType = "Host" // IP Ip entity IP GroupingEntityType = "Ip" // URL Url entity URL GroupingEntityType = "Url" )
func PossibleGroupingEntityTypeValues ¶
func PossibleGroupingEntityTypeValues() []GroupingEntityType
PossibleGroupingEntityTypeValues returns an array of possible values for the GroupingEntityType const type.
type HostEntity ¶
type HostEntity struct { // HostEntityProperties - Host entity properties *HostEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
HostEntity represents a host entity.
func (HostEntity) AsAccountEntity ¶
func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsAzureResourceEntity ¶
func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsBasicEntity ¶
func (he HostEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsCloudApplicationEntity ¶
func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsDNSEntity ¶
func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsEntity ¶
func (he HostEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsFileEntity ¶
func (he HostEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsFileHashEntity ¶
func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsHostEntity ¶
func (he HostEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsHuntingBookmark ¶
func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for HostEntity.
func (HostEntity) AsIPEntity ¶
func (he HostEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsIoTDeviceEntity ¶
func (he HostEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsMalwareEntity ¶
func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsProcessEntity ¶
func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsRegistryKeyEntity ¶
func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsRegistryValueEntity ¶
func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsSecurityAlert ¶
func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for HostEntity.
func (HostEntity) AsSecurityGroupEntity ¶
func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsURLEntity ¶
func (he HostEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) MarshalJSON ¶
func (he HostEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HostEntity.
func (*HostEntity) UnmarshalJSON ¶
func (he *HostEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for HostEntity struct.
type HostEntityProperties ¶
type HostEntityProperties struct { // AzureID - READ-ONLY; The azure resource id of the VM. AzureID *string `json:"azureID,omitempty"` // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain DNSDomain *string `json:"dnsDomain,omitempty"` // HostName - READ-ONLY; The hostname without the domain suffix. HostName *string `json:"hostName,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NetBiosName - READ-ONLY; The host name (pre-windows2000). NetBiosName *string `json:"netBiosName,omitempty"` // NtDomain - READ-ONLY; The NT domain that this host belongs to. NtDomain *string `json:"ntDomain,omitempty"` // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. OmsAgentID *string `json:"omsAgentID,omitempty"` // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' OsFamily OSFamily `json:"osFamily,omitempty"` // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration OsVersion *string `json:"osVersion,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
HostEntityProperties host entity property bag.
func (HostEntityProperties) MarshalJSON ¶
func (hep HostEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HostEntityProperties.
type HuntingBookmark ¶
type HuntingBookmark struct { // HuntingBookmarkProperties - HuntingBookmark entity properties *HuntingBookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
HuntingBookmark represents a Hunting bookmark entity.
func (HuntingBookmark) AsAccountEntity ¶
func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsAzureResourceEntity ¶
func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsBasicEntity ¶
func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsCloudApplicationEntity ¶
func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsDNSEntity ¶
func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsEntity ¶
func (hb HuntingBookmark) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsFileEntity ¶
func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsFileHashEntity ¶
func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsHostEntity ¶
func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsHuntingBookmark ¶
func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsIPEntity ¶
func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsIoTDeviceEntity ¶
func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsMalwareEntity ¶
func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsProcessEntity ¶
func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsRegistryKeyEntity ¶
func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsRegistryValueEntity ¶
func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsSecurityAlert ¶
func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsSecurityGroupEntity ¶
func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) AsURLEntity ¶
func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for HuntingBookmark.
func (HuntingBookmark) MarshalJSON ¶
func (hb HuntingBookmark) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HuntingBookmark.
func (*HuntingBookmark) UnmarshalJSON ¶
func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct.
type HuntingBookmarkProperties ¶
type HuntingBookmarkProperties struct { // Created - The time the bookmark was created Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // DisplayName - The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` // EventTime - The time of the event EventTime *date.Time `json:"eventTime,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` // Notes - The notes of the bookmark Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` // QueryResult - The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` // Updated - The last time the bookmark was updated Updated *date.Time `json:"updated,omitempty"` // UpdatedBy - Describes a user that updated the bookmark UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // IncidentInfo - Describes an incident that relates to bookmark IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
HuntingBookmarkProperties describes bookmark properties
func (HuntingBookmarkProperties) MarshalJSON ¶
func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HuntingBookmarkProperties.
type IPEntity ¶
type IPEntity struct { // IPEntityProperties - Ip entity properties *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
IPEntity represents an ip entity.
func (IPEntity) AsAccountEntity ¶
func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsAzureResourceEntity ¶
func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsBasicEntity ¶
func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsCloudApplicationEntity ¶
func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsFileEntity ¶
func (ie IPEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsFileHashEntity ¶
func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsHostEntity ¶
func (ie IPEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsHuntingBookmark ¶
func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for IPEntity.
func (IPEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsIoTDeviceEntity ¶
func (ie IPEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsMalwareEntity ¶
func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsProcessEntity ¶
func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsRegistryKeyEntity ¶
func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsRegistryValueEntity ¶
func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsSecurityAlert ¶
func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for IPEntity.
func (IPEntity) AsSecurityGroupEntity ¶
func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for IPEntity.
func (*IPEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for IPEntity struct.
type IPEntityProperties ¶
type IPEntityProperties struct { // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) Address *string `json:"address,omitempty"` // Location - The geo-location context attached to the ip entity Location *GeoLocation `json:"location,omitempty"` // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
IPEntityProperties ip entity property bag.
func (IPEntityProperties) MarshalJSON ¶
func (iep IPEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IPEntityProperties.
type Incident ¶
type Incident struct { autorest.Response `json:"-"` // IncidentProperties - Incident properties *IncidentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Incident represents an incident in Azure Security Insights.
func (Incident) MarshalJSON ¶
MarshalJSON is the custom marshaler for Incident.
func (*Incident) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Incident struct.
type IncidentAdditionalData ¶
type IncidentAdditionalData struct { // AlertsCount - READ-ONLY; The number of alerts in the incident AlertsCount *int32 `json:"alertsCount,omitempty"` // BookmarksCount - READ-ONLY; The number of bookmarks in the incident BookmarksCount *int32 `json:"bookmarksCount,omitempty"` // CommentsCount - READ-ONLY; The number of comments in the incident CommentsCount *int32 `json:"commentsCount,omitempty"` // AlertProductNames - READ-ONLY; List of product names of alerts in the incident AlertProductNames *[]string `json:"alertProductNames,omitempty"` // Tactics - READ-ONLY; The tactics associated with incident Tactics *[]AttackTactic `json:"tactics,omitempty"` }
IncidentAdditionalData incident additional data property bag.
type IncidentAlertList ¶
type IncidentAlertList struct { autorest.Response `json:"-"` // Value - Array of incident alerts. Value *[]SecurityAlert `json:"value,omitempty"` }
IncidentAlertList list of incident alerts.
type IncidentBookmarkList ¶
type IncidentBookmarkList struct { autorest.Response `json:"-"` // Value - Array of incident bookmarks. Value *[]HuntingBookmark `json:"value,omitempty"` }
IncidentBookmarkList list of incident bookmarks.
type IncidentClassification ¶
type IncidentClassification string
IncidentClassification enumerates the values for incident classification.
const ( // IncidentClassificationBenignPositive Incident was benign positive IncidentClassificationBenignPositive IncidentClassification = "BenignPositive" // IncidentClassificationFalsePositive Incident was false positive IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" // IncidentClassificationTruePositive Incident was true positive IncidentClassificationTruePositive IncidentClassification = "TruePositive" // IncidentClassificationUndetermined Incident classification was undetermined IncidentClassificationUndetermined IncidentClassification = "Undetermined" )
func PossibleIncidentClassificationValues ¶
func PossibleIncidentClassificationValues() []IncidentClassification
PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.
type IncidentClassificationReason ¶
type IncidentClassificationReason string
IncidentClassificationReason enumerates the values for incident classification reason.
const ( // InaccurateData Classification reason was inaccurate data InaccurateData IncidentClassificationReason = "InaccurateData" // IncorrectAlertLogic Classification reason was incorrect alert logic IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" // SuspiciousActivity Classification reason was suspicious activity SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" // SuspiciousButExpected Classification reason was suspicious but expected SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" )
func PossibleIncidentClassificationReasonValues ¶
func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason
PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.
type IncidentComment ¶
type IncidentComment struct { autorest.Response `json:"-"` // IncidentCommentProperties - Incident comment properties *IncidentCommentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
IncidentComment represents an incident comment
func (IncidentComment) MarshalJSON ¶
func (ic IncidentComment) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentComment.
func (*IncidentComment) UnmarshalJSON ¶
func (ic *IncidentComment) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for IncidentComment struct.
type IncidentCommentList ¶
type IncidentCommentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of comments. NextLink *string `json:"nextLink,omitempty"` // Value - Array of comments. Value *[]IncidentComment `json:"value,omitempty"` }
IncidentCommentList list of incident comments.
func (IncidentCommentList) IsEmpty ¶
func (icl IncidentCommentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (IncidentCommentList) MarshalJSON ¶
func (icl IncidentCommentList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentCommentList.
type IncidentCommentListIterator ¶
type IncidentCommentListIterator struct {
// contains filtered or unexported fields
}
IncidentCommentListIterator provides access to a complete listing of IncidentComment values.
func NewIncidentCommentListIterator ¶
func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator
Creates a new instance of the IncidentCommentListIterator type.
func (*IncidentCommentListIterator) Next ¶
func (iter *IncidentCommentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*IncidentCommentListIterator) NextWithContext ¶
func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (IncidentCommentListIterator) NotDone ¶
func (iter IncidentCommentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (IncidentCommentListIterator) Response ¶
func (iter IncidentCommentListIterator) Response() IncidentCommentList
Response returns the raw server response from the last page request.
func (IncidentCommentListIterator) Value ¶
func (iter IncidentCommentListIterator) Value() IncidentComment
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type IncidentCommentListPage ¶
type IncidentCommentListPage struct {
// contains filtered or unexported fields
}
IncidentCommentListPage contains a page of IncidentComment values.
func NewIncidentCommentListPage ¶
func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage
Creates a new instance of the IncidentCommentListPage type.
func (*IncidentCommentListPage) Next ¶
func (page *IncidentCommentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*IncidentCommentListPage) NextWithContext ¶
func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (IncidentCommentListPage) NotDone ¶
func (page IncidentCommentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (IncidentCommentListPage) Response ¶
func (page IncidentCommentListPage) Response() IncidentCommentList
Response returns the raw server response from the last page request.
func (IncidentCommentListPage) Values ¶
func (page IncidentCommentListPage) Values() []IncidentComment
Values returns the slice of values for the current page or nil if there are no values.
type IncidentCommentProperties ¶
type IncidentCommentProperties struct { // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // LastModifiedTimeUtc - READ-ONLY; The time the comment was updated LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` // Message - The comment message Message *string `json:"message,omitempty"` // Author - READ-ONLY; Describes the client that created the comment Author *ClientInfo `json:"author,omitempty"` }
IncidentCommentProperties incident comment property bag.
func (IncidentCommentProperties) MarshalJSON ¶
func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentCommentProperties.
type IncidentCommentsClient ¶
type IncidentCommentsClient struct {
BaseClient
}
IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewIncidentCommentsClient ¶
func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient
NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client.
func NewIncidentCommentsClientWithBaseURI ¶
func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient
NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (IncidentCommentsClient) CreateComment ¶
func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error)
CreateComment creates or updates the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID incidentComment - the incident comment
func (IncidentCommentsClient) CreateCommentPreparer ¶
func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error)
CreateCommentPreparer prepares the CreateComment request.
func (IncidentCommentsClient) CreateCommentResponder ¶
func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error)
CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.
func (IncidentCommentsClient) CreateCommentSender ¶
CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.
func (IncidentCommentsClient) DeleteComment ¶
func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error)
DeleteComment delete the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID
func (IncidentCommentsClient) DeleteCommentPreparer ¶
func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)
DeleteCommentPreparer prepares the DeleteComment request.
func (IncidentCommentsClient) DeleteCommentResponder ¶
func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error)
DeleteCommentResponder handles the response to the DeleteComment request. The method always closes the http.Response Body.
func (IncidentCommentsClient) DeleteCommentSender ¶
DeleteCommentSender sends the DeleteComment request. The method will close the http.Response Body if it receives an error.
func (IncidentCommentsClient) GetComment ¶
func (client IncidentCommentsClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error)
GetComment gets an incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID
func (IncidentCommentsClient) GetCommentPreparer ¶
func (client IncidentCommentsClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)
GetCommentPreparer prepares the GetComment request.
func (IncidentCommentsClient) GetCommentResponder ¶
func (client IncidentCommentsClient) GetCommentResponder(resp *http.Response) (result IncidentComment, err error)
GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.
func (IncidentCommentsClient) GetCommentSender ¶
GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.
func (IncidentCommentsClient) ListByIncident ¶
func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error)
ListByIncident gets all incident comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (IncidentCommentsClient) ListByIncidentComplete ¶
func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error)
ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required.
func (IncidentCommentsClient) ListByIncidentPreparer ¶
func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListByIncidentPreparer prepares the ListByIncident request.
func (IncidentCommentsClient) ListByIncidentResponder ¶
func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error)
ListByIncidentResponder handles the response to the ListByIncident request. The method always closes the http.Response Body.
func (IncidentCommentsClient) ListByIncidentSender ¶
func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error)
ListByIncidentSender sends the ListByIncident request. The method will close the http.Response Body if it receives an error.
type IncidentConfiguration ¶
type IncidentConfiguration struct { // CreateIncident - Create incidents from alerts triggered by this analytics rule CreateIncident *bool `json:"createIncident,omitempty"` // GroupingConfiguration - Set how the alerts that are triggered by this analytics rule, are grouped into incidents GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` }
IncidentConfiguration incident Configuration property bag.
type IncidentEntitiesResponse ¶
type IncidentEntitiesResponse struct { autorest.Response `json:"-"` // Entities - Array of the incident related entities. Entities *[]BasicEntity `json:"entities,omitempty"` // MetaData - The metadata from the incident related entities results. MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` }
IncidentEntitiesResponse the incident related entities response.
func (*IncidentEntitiesResponse) UnmarshalJSON ¶
func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct.
type IncidentEntitiesResultsMetadata ¶
type IncidentEntitiesResultsMetadata struct { // Count - Total number of aggregations of the given kind in the incident related entities result. Count *int32 `json:"count,omitempty"` // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark' EntityKind EntityKind `json:"entityKind,omitempty"` }
IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities result.
type IncidentInfo ¶
type IncidentInfo struct { // IncidentID - Incident Id IncidentID *string `json:"incidentId,omitempty"` // Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` // Title - The title of the incident Title *string `json:"title,omitempty"` // RelationName - Relation Name RelationName *string `json:"relationName,omitempty"` }
IncidentInfo describes related incident information for the bookmark
type IncidentLabel ¶
type IncidentLabel struct { // LabelName - The name of the label LabelName *string `json:"labelName,omitempty"` // LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System' LabelType IncidentLabelType `json:"labelType,omitempty"` }
IncidentLabel represents an incident label
func (IncidentLabel) MarshalJSON ¶
func (il IncidentLabel) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentLabel.
type IncidentLabelType ¶
type IncidentLabelType string
IncidentLabelType enumerates the values for incident label type.
const ( // System Label automatically created by the system System IncidentLabelType = "System" // User Label manually created by a user User IncidentLabelType = "User" )
func PossibleIncidentLabelTypeValues ¶
func PossibleIncidentLabelTypeValues() []IncidentLabelType
PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.
type IncidentList ¶
type IncidentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of incidents. NextLink *string `json:"nextLink,omitempty"` // Value - Array of incidents. Value *[]Incident `json:"value,omitempty"` }
IncidentList list all the incidents.
func (IncidentList) IsEmpty ¶
func (il IncidentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (IncidentList) MarshalJSON ¶
func (il IncidentList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentList.
type IncidentListIterator ¶
type IncidentListIterator struct {
// contains filtered or unexported fields
}
IncidentListIterator provides access to a complete listing of Incident values.
func NewIncidentListIterator ¶
func NewIncidentListIterator(page IncidentListPage) IncidentListIterator
Creates a new instance of the IncidentListIterator type.
func (*IncidentListIterator) Next ¶
func (iter *IncidentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*IncidentListIterator) NextWithContext ¶
func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (IncidentListIterator) NotDone ¶
func (iter IncidentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (IncidentListIterator) Response ¶
func (iter IncidentListIterator) Response() IncidentList
Response returns the raw server response from the last page request.
func (IncidentListIterator) Value ¶
func (iter IncidentListIterator) Value() Incident
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type IncidentListPage ¶
type IncidentListPage struct {
// contains filtered or unexported fields
}
IncidentListPage contains a page of Incident values.
func NewIncidentListPage ¶
func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage
Creates a new instance of the IncidentListPage type.
func (*IncidentListPage) Next ¶
func (page *IncidentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*IncidentListPage) NextWithContext ¶
func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (IncidentListPage) NotDone ¶
func (page IncidentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (IncidentListPage) Response ¶
func (page IncidentListPage) Response() IncidentList
Response returns the raw server response from the last page request.
func (IncidentListPage) Values ¶
func (page IncidentListPage) Values() []Incident
Values returns the slice of values for the current page or nil if there are no values.
type IncidentOwnerInfo ¶
type IncidentOwnerInfo struct { // Email - The email of the user the incident is assigned to. Email *string `json:"email,omitempty"` // AssignedTo - The name of the user the incident is assigned to. AssignedTo *string `json:"assignedTo,omitempty"` // ObjectID - The object id of the user the incident is assigned to. ObjectID *uuid.UUID `json:"objectId,omitempty"` // UserPrincipalName - The user principal name of the user the incident is assigned to. UserPrincipalName *string `json:"userPrincipalName,omitempty"` }
IncidentOwnerInfo information on the user an incident is assigned to
type IncidentProperties ¶
type IncidentProperties struct { // AdditionalData - READ-ONLY; Additional data on the incident AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"` // Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUndetermined', 'IncidentClassificationTruePositive', 'IncidentClassificationBenignPositive', 'IncidentClassificationFalsePositive' Classification IncidentClassification `json:"classification,omitempty"` // ClassificationComment - Describes the reason the incident was closed ClassificationComment *string `json:"classificationComment,omitempty"` // ClassificationReason - The classification reason the incident was closed with. Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData' ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the incident was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // Description - The description of the incident Description *string `json:"description,omitempty"` // FirstActivityTimeUtc - The time of the first activity in the incident FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"` // IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal IncidentURL *string `json:"incidentUrl,omitempty"` // IncidentNumber - READ-ONLY; A sequential number IncidentNumber *int32 `json:"incidentNumber,omitempty"` // Labels - List of labels relevant to this incident Labels *[]IncidentLabel `json:"labels,omitempty"` // LastActivityTimeUtc - The time of the last activity in the incident LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"` // LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` // Owner - Describes a user that the incident is assigned to Owner *IncidentOwnerInfo `json:"owner,omitempty"` // RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"` // Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational' Severity IncidentSeverity `json:"severity,omitempty"` // Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed' Status IncidentStatus `json:"status,omitempty"` // Title - The title of the incident Title *string `json:"title,omitempty"` }
IncidentProperties describes incident properties
func (IncidentProperties) MarshalJSON ¶
func (IP IncidentProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IncidentProperties.
type IncidentRelationsClient ¶
type IncidentRelationsClient struct {
BaseClient
}
IncidentRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewIncidentRelationsClient ¶
func NewIncidentRelationsClient(subscriptionID string) IncidentRelationsClient
NewIncidentRelationsClient creates an instance of the IncidentRelationsClient client.
func NewIncidentRelationsClientWithBaseURI ¶
func NewIncidentRelationsClientWithBaseURI(baseURI string, subscriptionID string) IncidentRelationsClient
NewIncidentRelationsClientWithBaseURI creates an instance of the IncidentRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (IncidentRelationsClient) CreateOrUpdateRelation ¶
func (client IncidentRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (result Relation, err error)
CreateOrUpdateRelation creates or updates the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name relation - the relation model
func (IncidentRelationsClient) CreateOrUpdateRelationPreparer ¶
func (client IncidentRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (*http.Request, error)
CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.
func (IncidentRelationsClient) CreateOrUpdateRelationResponder ¶
func (client IncidentRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)
CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.
func (IncidentRelationsClient) CreateOrUpdateRelationSender ¶
func (client IncidentRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.
func (IncidentRelationsClient) DeleteRelation ¶
func (client IncidentRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error)
DeleteRelation delete the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name
func (IncidentRelationsClient) DeleteRelationPreparer ¶
func (client IncidentRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)
DeleteRelationPreparer prepares the DeleteRelation request.
func (IncidentRelationsClient) DeleteRelationResponder ¶
func (client IncidentRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.
func (IncidentRelationsClient) DeleteRelationSender ¶
func (client IncidentRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.
func (IncidentRelationsClient) GetRelation ¶
func (client IncidentRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result Relation, err error)
GetRelation gets an incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name
func (IncidentRelationsClient) GetRelationPreparer ¶
func (client IncidentRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (IncidentRelationsClient) GetRelationResponder ¶
func (client IncidentRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (IncidentRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
func (IncidentRelationsClient) List ¶
func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)
List gets all incident relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (IncidentRelationsClient) ListComplete ¶
func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (IncidentRelationsClient) ListPreparer ¶
func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (IncidentRelationsClient) ListResponder ¶
func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (IncidentRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type IncidentSeverity ¶
type IncidentSeverity string
IncidentSeverity enumerates the values for incident severity.
const ( // IncidentSeverityHigh High severity IncidentSeverityHigh IncidentSeverity = "High" // IncidentSeverityInformational Informational severity IncidentSeverityInformational IncidentSeverity = "Informational" // IncidentSeverityLow Low severity IncidentSeverityLow IncidentSeverity = "Low" // IncidentSeverityMedium Medium severity IncidentSeverityMedium IncidentSeverity = "Medium" )
func PossibleIncidentSeverityValues ¶
func PossibleIncidentSeverityValues() []IncidentSeverity
PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.
type IncidentStatus ¶
type IncidentStatus string
IncidentStatus enumerates the values for incident status.
const ( // IncidentStatusActive An active incident which is being handled IncidentStatusActive IncidentStatus = "Active" // IncidentStatusClosed A non-active incident IncidentStatusClosed IncidentStatus = "Closed" // IncidentStatusNew An active incident which isn't being handled currently IncidentStatusNew IncidentStatus = "New" )
func PossibleIncidentStatusValues ¶
func PossibleIncidentStatusValues() []IncidentStatus
PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.
type IncidentsClient ¶
type IncidentsClient struct {
BaseClient
}
IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewIncidentsClient ¶
func NewIncidentsClient(subscriptionID string) IncidentsClient
NewIncidentsClient creates an instance of the IncidentsClient client.
func NewIncidentsClientWithBaseURI ¶
func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient
NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (IncidentsClient) CreateOrUpdate ¶
func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (result Incident, err error)
CreateOrUpdate creates or updates the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incident - the incident
func (IncidentsClient) CreateOrUpdatePreparer ¶
func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (IncidentsClient) CreateOrUpdateResponder ¶
func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (IncidentsClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) Delete ¶
func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result autorest.Response, err error)
Delete delete the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID
func (IncidentsClient) DeletePreparer ¶
func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (IncidentsClient) DeleteResponder ¶
func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (IncidentsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) Get ¶
func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result Incident, err error)
Get gets an incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID
func (IncidentsClient) GetPreparer ¶
func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (IncidentsClient) GetResponder ¶
func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (IncidentsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) List ¶
func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error)
List gets all incidents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (IncidentsClient) ListComplete ¶
func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (IncidentsClient) ListOfAlerts ¶
func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentAlertList, err error)
ListOfAlerts gets all incident alerts. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID
func (IncidentsClient) ListOfAlertsPreparer ¶
func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)
ListOfAlertsPreparer prepares the ListOfAlerts request.
func (IncidentsClient) ListOfAlertsResponder ¶
func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error)
ListOfAlertsResponder handles the response to the ListOfAlerts request. The method always closes the http.Response Body.
func (IncidentsClient) ListOfAlertsSender ¶
ListOfAlertsSender sends the ListOfAlerts request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) ListOfBookmarks ¶
func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error)
ListOfBookmarks gets all incident bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID
func (IncidentsClient) ListOfBookmarksPreparer ¶
func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)
ListOfBookmarksPreparer prepares the ListOfBookmarks request.
func (IncidentsClient) ListOfBookmarksResponder ¶
func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error)
ListOfBookmarksResponder handles the response to the ListOfBookmarks request. The method always closes the http.Response Body.
func (IncidentsClient) ListOfBookmarksSender ¶
ListOfBookmarksSender sends the ListOfBookmarks request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) ListOfEntities ¶
func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error)
ListOfEntities gets all incident related entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID
func (IncidentsClient) ListOfEntitiesPreparer ¶
func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)
ListOfEntitiesPreparer prepares the ListOfEntities request.
func (IncidentsClient) ListOfEntitiesResponder ¶
func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error)
ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always closes the http.Response Body.
func (IncidentsClient) ListOfEntitiesSender ¶
ListOfEntitiesSender sends the ListOfEntities request. The method will close the http.Response Body if it receives an error.
func (IncidentsClient) ListPreparer ¶
func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (IncidentsClient) ListResponder ¶
func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (IncidentsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type IoTDeviceEntity ¶
type IoTDeviceEntity struct { // IoTDeviceEntityProperties - IoTDevice entity properties *IoTDeviceEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
IoTDeviceEntity represents an IoT device entity.
func (IoTDeviceEntity) AsAccountEntity ¶
func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsAzureResourceEntity ¶
func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsBasicEntity ¶
func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsCloudApplicationEntity ¶
func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsDNSEntity ¶
func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsEntity ¶
func (itde IoTDeviceEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsFileEntity ¶
func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsFileHashEntity ¶
func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsHostEntity ¶
func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsHuntingBookmark ¶
func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsIPEntity ¶
func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsIoTDeviceEntity ¶
func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsMalwareEntity ¶
func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsProcessEntity ¶
func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsRegistryKeyEntity ¶
func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsRegistryValueEntity ¶
func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsSecurityAlert ¶
func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsSecurityGroupEntity ¶
func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) AsURLEntity ¶
func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for IoTDeviceEntity.
func (IoTDeviceEntity) MarshalJSON ¶
func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IoTDeviceEntity.
func (*IoTDeviceEntity) UnmarshalJSON ¶
func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct.
type IoTDeviceEntityProperties ¶
type IoTDeviceEntityProperties struct { // DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub DeviceID *string `json:"deviceId,omitempty"` // IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"` // DeviceType - READ-ONLY; The type of the device DeviceType *string `json:"deviceType,omitempty"` // Vendor - READ-ONLY; The vendor of the device Vendor *string `json:"vendor,omitempty"` // EdgeID - READ-ONLY; The ID of the edge device EdgeID *string `json:"edgeId,omitempty"` // IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub IotHubEntityID *string `json:"iotHubEntityId,omitempty"` // HostEntityID - READ-ONLY; The Host entity id of this device HostEntityID *string `json:"hostEntityId,omitempty"` // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity. ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
IoTDeviceEntityProperties ioTDevice entity property bag.
func (IoTDeviceEntityProperties) MarshalJSON ¶
func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IoTDeviceEntityProperties.
type KillChainIntent ¶
type KillChainIntent string
KillChainIntent enumerates the values for kill chain intent.
const ( // KillChainIntentCollection Collection consists of techniques used to identify and gather information, // such as sensitive files, from a target network prior to exfiltration. This category also covers // locations on a system or network where the adversary may look for information to exfiltrate. KillChainIntentCollection KillChainIntent = "Collection" // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate // with systems under their control within a target network. KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or // control over system, domain, or service credentials that are used within an enterprise environment. // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts // (local system administrator or domain users with administrator access) to use within the network. With // sufficient access within a network, an adversary can create accounts for later use within the // environment. KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques // in other categories that have the added benefit of subverting a particular defense or mitigation. KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge // about the system and internal network. When adversaries gain access to a new system, they must orient // themselves to what they now have control of and what benefits operating from that system give to their // current objective or overall goals during the intrusion. The operating system provides many native tools // that aid in this post-compromise information-gathering phase. KillChainIntentDiscovery KillChainIntent = "Discovery" // KillChainIntentExecution The execution tactic represents techniques that result in execution of // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with // lateral movement to expand access to remote systems on a network. KillChainIntentExecution KillChainIntent = "Execution" // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the // adversary removing files and information from a target network. This category also covers locations on a // system or network where the adversary may look for information to exfiltrate. KillChainIntentExfiltration KillChainIntent = "Exfiltration" // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as // user accounts, certificates etc. Adversaries will often be able to control the resource after this // stage. KillChainIntentExploitation KillChainIntent = "Exploitation" // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or // integrity of a system, service, or network; including manipulation of data to impact a business or // operational process. This would often refer to techniques such as ransom-ware, defacement, data // manipulation and others. KillChainIntentImpact KillChainIntent = "Impact" // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to // access and control remote systems on a network and could, but does not necessarily, include execution of // tools on remote systems. The lateral movement techniques could allow an adversary to gather information // from a system without needing additional tools, such as a remote access tool. An adversary can use // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, // access to specific information or files, access to additional credentials, or to cause an effect. KillChainIntentLateralMovement KillChainIntent = "LateralMovement" // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access // to systems through interruptions such as system restarts, loss of credentials, or other failures that // would require a remote access tool to restart or alternate backdoor for them to regain access. KillChainIntentPersistence KillChainIntent = "Persistence" // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary // to obtain a higher level of permissions on a system or network. Certain tools or actions require a // higher level of privilege to work and are likely necessary at many points throughout an operation. User // accounts with permissions to access specific systems or perform specific functions necessary for // adversaries to achieve their objective may also be considered an escalation of privilege. KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a // malicious intent or a failed attempt to gain access to a target system to gather information prior to // exploitation. This step is usually detected as an attempt originating from outside the network in // attempt to scan the target system and find a way in. KillChainIntentProbing KillChainIntent = "Probing" // KillChainIntentUnknown The default value. KillChainIntentUnknown KillChainIntent = "Unknown" )
func PossibleKillChainIntentValues ¶
func PossibleKillChainIntentValues() []KillChainIntent
PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.
type Kind ¶
type Kind string
Kind enumerates the values for kind.
func PossibleKindValues ¶
func PossibleKindValues() []Kind
PossibleKindValues returns an array of possible values for the Kind const type.
type KindBasicAlertRule ¶
type KindBasicAlertRule string
KindBasicAlertRule enumerates the values for kind basic alert rule.
const ( // KindAlertRule ... KindAlertRule KindBasicAlertRule = "AlertRule" // KindFusion ... KindFusion KindBasicAlertRule = "Fusion" // KindMicrosoftSecurityIncidentCreation ... KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation" // KindScheduled ... KindScheduled KindBasicAlertRule = "Scheduled" )
func PossibleKindBasicAlertRuleValues ¶
func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule
PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.
type KindBasicAlertRuleTemplate ¶
type KindBasicAlertRuleTemplate string
KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template.
const ( // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" // KindBasicAlertRuleTemplateKindFusion ... KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" // KindBasicAlertRuleTemplateKindScheduled ... KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" )
func PossibleKindBasicAlertRuleTemplateValues ¶
func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate
PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.
type KindBasicDataConnector ¶
type KindBasicDataConnector string
KindBasicDataConnector enumerates the values for kind basic data connector.
const ( // KindAmazonWebServicesCloudTrail ... KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindAzureActiveDirectory ... KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" // KindAzureAdvancedThreatProtection ... KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindAzureSecurityCenter ... KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindDataConnector ... KindDataConnector KindBasicDataConnector = "DataConnector" // KindMicrosoftCloudAppSecurity ... KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" // KindMicrosoftDefenderAdvancedThreatProtection ... KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" // KindOfficeATP ... KindOfficeATP KindBasicDataConnector = "OfficeATP" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" // KindThreatIntelligenceTaxii ... KindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii" )
func PossibleKindBasicDataConnectorValues ¶
func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector
PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.
type KindBasicDataConnectorsCheckRequirements ¶
type KindBasicDataConnectorsCheckRequirements string
KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check requirements.
const ( // KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ... KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail" // KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ... KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory" // KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection" // KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ... KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter" // KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ... KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii" )
func PossibleKindBasicDataConnectorsCheckRequirementsValues ¶
func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements
PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type.
type KindBasicEntity ¶
type KindBasicEntity string
KindBasicEntity enumerates the values for kind basic entity.
const ( // KindAccount ... KindAccount KindBasicEntity = "Account" // KindAzureResource ... KindAzureResource KindBasicEntity = "AzureResource" // KindBookmark ... KindBookmark KindBasicEntity = "Bookmark" // KindCloudApplication ... KindCloudApplication KindBasicEntity = "CloudApplication" // KindDNSResolution ... KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" // KindFileHash ... KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" // KindIoTDevice ... KindIoTDevice KindBasicEntity = "IoTDevice" // KindIP ... KindIP KindBasicEntity = "Ip" // KindMalware ... KindMalware KindBasicEntity = "Malware" // KindProcess ... KindProcess KindBasicEntity = "Process" // KindRegistryKey ... KindRegistryKey KindBasicEntity = "RegistryKey" // KindRegistryValue ... KindRegistryValue KindBasicEntity = "RegistryValue" // KindSecurityAlert ... KindSecurityAlert KindBasicEntity = "SecurityAlert" // KindSecurityGroup ... KindSecurityGroup KindBasicEntity = "SecurityGroup" // KindURL ... KindURL KindBasicEntity = "Url" )
func PossibleKindBasicEntityValues ¶
func PossibleKindBasicEntityValues() []KindBasicEntity
PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.
type KindBasicEntityTimelineItem ¶
type KindBasicEntityTimelineItem string
KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item.
const ( // KindBasicEntityTimelineItemKindActivity ... KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity" // KindBasicEntityTimelineItemKindBookmark ... KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark" // KindBasicEntityTimelineItemKindEntityTimelineItem ... KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem" // KindBasicEntityTimelineItemKindSecurityAlert ... KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert" )
func PossibleKindBasicEntityTimelineItemValues ¶
func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem
PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type.
type KindBasicSettings ¶
type KindBasicSettings string
KindBasicSettings enumerates the values for kind basic settings.
const ( // KindEntityAnalytics ... KindEntityAnalytics KindBasicSettings = "EntityAnalytics" // KindEyesOn ... KindEyesOn KindBasicSettings = "EyesOn" // KindSettings ... KindSettings KindBasicSettings = "Settings" // KindUeba ... KindUeba KindBasicSettings = "Ueba" )
func PossibleKindBasicSettingsValues ¶
func PossibleKindBasicSettingsValues() []KindBasicSettings
PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.
type KindBasicThreatIntelligenceInformation ¶
type KindBasicThreatIntelligenceInformation string
KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information.
const ( // KindIndicator ... KindIndicator KindBasicThreatIntelligenceInformation = "indicator" // KindThreatIntelligenceInformation ... KindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation" )
func PossibleKindBasicThreatIntelligenceInformationValues ¶
func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation
PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type.
type MCASCheckRequirements ¶
type MCASCheckRequirements struct { // MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. *MCASCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
MCASCheckRequirements represents MCAS (Microsoft Cloud App Security) requirements check request.
func (MCASCheckRequirements) AsAADCheckRequirements ¶
func (mcr MCASCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsAATPCheckRequirements ¶
func (mcr MCASCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsASCCheckRequirements ¶
func (mcr MCASCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (mcr MCASCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (mcr MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (mcr MCASCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsMCASCheckRequirements ¶
func (mcr MCASCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsMDATPCheckRequirements ¶
func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsOfficeATPCheckRequirements ¶
func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsTICheckRequirements ¶
func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (mcr MCASCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.
func (MCASCheckRequirements) MarshalJSON ¶
func (mcr MCASCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MCASCheckRequirements.
func (*MCASCheckRequirements) UnmarshalJSON ¶
func (mcr *MCASCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MCASCheckRequirements struct.
type MCASCheckRequirementsProperties ¶
type MCASCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MCASCheckRequirementsProperties MCAS (Microsoft Cloud App Security) requirements check properties.
type MCASDataConnector ¶
type MCASDataConnector struct { // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. *MCASDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.
func (MCASDataConnector) AsAADDataConnector ¶
func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsAATPDataConnector ¶
func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsASCDataConnector ¶
func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsAwsCloudTrailDataConnector ¶
func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsBasicDataConnector ¶
func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsDataConnector ¶
func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsMCASDataConnector ¶
func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsMDATPDataConnector ¶
func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsOfficeATPDataConnector ¶
func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsOfficeDataConnector ¶
func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsTIDataConnector ¶
func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsTiTaxiiDataConnector ¶
func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) MarshalJSON ¶
func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MCASDataConnector.
func (*MCASDataConnector) UnmarshalJSON ¶
func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.
type MCASDataConnectorDataTypes ¶
type MCASDataConnectorDataTypes struct { // DiscoveryLogs - Discovery log data type connection. DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` // Alerts - Alerts data type connection. Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` }
MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.
type MCASDataConnectorDataTypesDiscoveryLogs ¶
type MCASDataConnectorDataTypesDiscoveryLogs struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection.
type MCASDataConnectorProperties ¶
type MCASDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.
type MDATPCheckRequirements ¶
type MDATPCheckRequirements struct { // MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. *MDATPCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.
func (MDATPCheckRequirements) AsAADCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsAATPCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsASCCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsMCASCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsMDATPCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsOfficeATPCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsTICheckRequirements ¶
func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (mcr MDATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.
func (MDATPCheckRequirements) MarshalJSON ¶
func (mcr MDATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MDATPCheckRequirements.
func (*MDATPCheckRequirements) UnmarshalJSON ¶
func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MDATPCheckRequirements struct.
type MDATPCheckRequirementsProperties ¶
type MDATPCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
type MDATPDataConnector ¶
type MDATPDataConnector struct { // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. *MDATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
func (MDATPDataConnector) AsAADDataConnector ¶
func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsAATPDataConnector ¶
func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsASCDataConnector ¶
func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsAwsCloudTrailDataConnector ¶
func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsBasicDataConnector ¶
func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsDataConnector ¶
func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsMCASDataConnector ¶
func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsMDATPDataConnector ¶
func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsOfficeATPDataConnector ¶
func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsOfficeDataConnector ¶
func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsTIDataConnector ¶
func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsTiTaxiiDataConnector ¶
func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) MarshalJSON ¶
func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MDATPDataConnector.
func (*MDATPDataConnector) UnmarshalJSON ¶
func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.
type MDATPDataConnectorProperties ¶
type MDATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
type MalwareEntity ¶
type MalwareEntity struct { // MalwareEntityProperties - File entity properties *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
MalwareEntity represents a malware entity.
func (MalwareEntity) AsAccountEntity ¶
func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsAzureResourceEntity ¶
func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsBasicEntity ¶
func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsCloudApplicationEntity ¶
func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsDNSEntity ¶
func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsEntity ¶
func (me MalwareEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsFileEntity ¶
func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsFileHashEntity ¶
func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsHostEntity ¶
func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsHuntingBookmark ¶
func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsIPEntity ¶
func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsIoTDeviceEntity ¶
func (me MalwareEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsMalwareEntity ¶
func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsProcessEntity ¶
func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsRegistryKeyEntity ¶
func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsRegistryValueEntity ¶
func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsSecurityAlert ¶
func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsSecurityGroupEntity ¶
func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsURLEntity ¶
func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) MarshalJSON ¶
func (me MalwareEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MalwareEntity.
func (*MalwareEntity) UnmarshalJSON ¶
func (me *MalwareEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.
type MalwareEntityProperties ¶
type MalwareEntityProperties struct { // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan Category *string `json:"category,omitempty"` // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found FileEntityIds *[]string `json:"fileEntityIds,omitempty"` // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn MalwareName *string `json:"malwareName,omitempty"` // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
MalwareEntityProperties malware entity property bag.
func (MalwareEntityProperties) MarshalJSON ¶
func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MalwareEntityProperties.
type MicrosoftSecurityIncidentCreationAlertRule ¶
type MicrosoftSecurityIncidentCreationAlertRule struct { // MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.
func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON ¶
func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.
type MicrosoftSecurityIncidentCreationAlertRuleProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.
func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON ¶
func (msicarp MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties.
type MicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { // MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON ¶
func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data sources for this template RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties
func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.
type MicrosoftSecurityProductName ¶
type MicrosoftSecurityProductName string
MicrosoftSecurityProductName enumerates the values for microsoft security product name.
const ( // AzureActiveDirectoryIdentityProtection ... AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" // AzureAdvancedThreatProtection ... AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" // AzureSecurityCenter ... AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" // AzureSecurityCenterforIoT ... AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" // MicrosoftCloudAppSecurity ... MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" // MicrosoftDefenderAdvancedThreatProtection ... MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" // Office365AdvancedThreatProtection ... Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" )
func PossibleMicrosoftSecurityProductNameValues ¶
func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName
PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.
type OSFamily ¶
type OSFamily string
OSFamily enumerates the values for os family.
func PossibleOSFamilyValues ¶
func PossibleOSFamilyValues() []OSFamily
PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.
type OfficeATPCheckRequirements ¶
type OfficeATPCheckRequirements struct { // OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.
func (OfficeATPCheckRequirements) AsAADCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsAATPCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsASCCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsMCASCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsMDATPCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsOfficeATPCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsTICheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) MarshalJSON ¶
func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeATPCheckRequirements.
func (*OfficeATPCheckRequirements) UnmarshalJSON ¶
func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct.
type OfficeATPCheckRequirementsProperties ¶
type OfficeATPCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check properties.
type OfficeATPDataConnector ¶
type OfficeATPDataConnector struct { // OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. *OfficeATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector.
func (OfficeATPDataConnector) AsAADDataConnector ¶
func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsAATPDataConnector ¶
func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsASCDataConnector ¶
func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsAwsCloudTrailDataConnector ¶
func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsBasicDataConnector ¶
func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsDataConnector ¶
func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsMCASDataConnector ¶
func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsMDATPDataConnector ¶
func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsOfficeATPDataConnector ¶
func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsOfficeDataConnector ¶
func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsTIDataConnector ¶
func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) AsTiTaxiiDataConnector ¶
func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.
func (OfficeATPDataConnector) MarshalJSON ¶
func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeATPDataConnector.
func (*OfficeATPDataConnector) UnmarshalJSON ¶
func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct.
type OfficeATPDataConnectorProperties ¶
type OfficeATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector properties.
type OfficeConsent ¶
type OfficeConsent struct { autorest.Response `json:"-"` // OfficeConsentProperties - Office consent properties *OfficeConsentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
OfficeConsent consent for Office365 tenant that already made.
func (OfficeConsent) MarshalJSON ¶
func (oc OfficeConsent) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeConsent.
func (*OfficeConsent) UnmarshalJSON ¶
func (oc *OfficeConsent) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.
type OfficeConsentList ¶
type OfficeConsentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of office consents. NextLink *string `json:"nextLink,omitempty"` // Value - Array of the consents. Value *[]OfficeConsent `json:"value,omitempty"` }
OfficeConsentList list of all the office365 consents.
func (OfficeConsentList) IsEmpty ¶
func (ocl OfficeConsentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (OfficeConsentList) MarshalJSON ¶
func (ocl OfficeConsentList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeConsentList.
type OfficeConsentListIterator ¶
type OfficeConsentListIterator struct {
// contains filtered or unexported fields
}
OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.
func NewOfficeConsentListIterator ¶
func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator
Creates a new instance of the OfficeConsentListIterator type.
func (*OfficeConsentListIterator) Next ¶
func (iter *OfficeConsentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OfficeConsentListIterator) NextWithContext ¶
func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (OfficeConsentListIterator) NotDone ¶
func (iter OfficeConsentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (OfficeConsentListIterator) Response ¶
func (iter OfficeConsentListIterator) Response() OfficeConsentList
Response returns the raw server response from the last page request.
func (OfficeConsentListIterator) Value ¶
func (iter OfficeConsentListIterator) Value() OfficeConsent
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type OfficeConsentListPage ¶
type OfficeConsentListPage struct {
// contains filtered or unexported fields
}
OfficeConsentListPage contains a page of OfficeConsent values.
func NewOfficeConsentListPage ¶
func NewOfficeConsentListPage(cur OfficeConsentList, getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage
Creates a new instance of the OfficeConsentListPage type.
func (*OfficeConsentListPage) Next ¶
func (page *OfficeConsentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OfficeConsentListPage) NextWithContext ¶
func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (OfficeConsentListPage) NotDone ¶
func (page OfficeConsentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (OfficeConsentListPage) Response ¶
func (page OfficeConsentListPage) Response() OfficeConsentList
Response returns the raw server response from the last page request.
func (OfficeConsentListPage) Values ¶
func (page OfficeConsentListPage) Values() []OfficeConsent
Values returns the slice of values for the current page or nil if there are no values.
type OfficeConsentProperties ¶
type OfficeConsentProperties struct { // TenantID - The tenantId of the Office365 with the consent. TenantID *string `json:"tenantId,omitempty"` // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. TenantName *string `json:"tenantName,omitempty"` }
OfficeConsentProperties consent property bag.
func (OfficeConsentProperties) MarshalJSON ¶
func (ocp OfficeConsentProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeConsentProperties.
type OfficeConsentsClient ¶
type OfficeConsentsClient struct {
BaseClient
}
OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewOfficeConsentsClient ¶
func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient
NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.
func NewOfficeConsentsClientWithBaseURI ¶
func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient
NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (OfficeConsentsClient) Delete ¶
func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error)
Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID
func (OfficeConsentsClient) DeletePreparer ¶
func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (OfficeConsentsClient) DeleteResponder ¶
func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (OfficeConsentsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (OfficeConsentsClient) Get ¶
func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result OfficeConsent, err error)
Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID
func (OfficeConsentsClient) GetPreparer ¶
func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (OfficeConsentsClient) GetResponder ¶
func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (OfficeConsentsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (OfficeConsentsClient) List ¶
func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListPage, err error)
List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (OfficeConsentsClient) ListComplete ¶
func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (OfficeConsentsClient) ListPreparer ¶
func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (OfficeConsentsClient) ListResponder ¶
func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (OfficeConsentsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type OfficeDataConnector ¶
type OfficeDataConnector struct { // OfficeDataConnectorProperties - Office data connector properties. *OfficeDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
OfficeDataConnector represents office data connector.
func (OfficeDataConnector) AsAADDataConnector ¶
func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsAATPDataConnector ¶
func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsASCDataConnector ¶
func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsAwsCloudTrailDataConnector ¶
func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsBasicDataConnector ¶
func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsDataConnector ¶
func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsMCASDataConnector ¶
func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsMDATPDataConnector ¶
func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsOfficeATPDataConnector ¶
func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsOfficeDataConnector ¶
func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsTIDataConnector ¶
func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsTiTaxiiDataConnector ¶
func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) MarshalJSON ¶
func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeDataConnector.
func (*OfficeDataConnector) UnmarshalJSON ¶
func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.
type OfficeDataConnectorDataTypes ¶
type OfficeDataConnectorDataTypes struct { // Exchange - Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` // Teams - Teams data type connection. Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` }
OfficeDataConnectorDataTypes the available data types for office data connector.
type OfficeDataConnectorDataTypesExchange ¶
type OfficeDataConnectorDataTypesExchange struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
OfficeDataConnectorDataTypesExchange exchange data type connection.
type OfficeDataConnectorDataTypesSharePoint ¶
type OfficeDataConnectorDataTypesSharePoint struct { DataTypeState `json:"state,omitempty"` }State
OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.
type OfficeDataConnectorDataTypesTeams ¶
type OfficeDataConnectorDataTypesTeams struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
OfficeDataConnectorDataTypesTeams teams data type connection.
type OfficeDataConnectorProperties ¶
type OfficeDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeDataConnectorProperties office data connector properties.
type Operation ¶
type Operation struct { // Display - Properties of the operation Display *OperationDisplay `json:"display,omitempty"` // Name - Name of the operation Name *string `json:"name,omitempty"` }
Operation operation provided by provider
type OperationDisplay ¶
type OperationDisplay struct { // Description - Description of the operation Description *string `json:"description,omitempty"` // Operation - Operation name Operation *string `json:"operation,omitempty"` // Provider - Provider name Provider *string `json:"provider,omitempty"` // Resource - Resource name Resource *string `json:"resource,omitempty"` }
OperationDisplay properties of the operation
type OperationsClient ¶
type OperationsClient struct {
BaseClient
}
OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewOperationsClient ¶
func NewOperationsClient(subscriptionID string) OperationsClient
NewOperationsClient creates an instance of the OperationsClient client.
func NewOperationsClientWithBaseURI ¶
func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient
NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (OperationsClient) List ¶
func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)
List lists all operations available Azure Security Insights Resource Provider.
func (OperationsClient) ListComplete ¶
func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (OperationsClient) ListPreparer ¶
ListPreparer prepares the List request.
func (OperationsClient) ListResponder ¶
func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (OperationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type OperationsList ¶
type OperationsList struct { autorest.Response `json:"-"` // NextLink - URL to fetch the next set of operations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of operations Value *[]Operation `json:"value,omitempty"` }
OperationsList lists the operations available in the SecurityInsights RP.
func (OperationsList) IsEmpty ¶
func (ol OperationsList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type OperationsListIterator ¶
type OperationsListIterator struct {
// contains filtered or unexported fields
}
OperationsListIterator provides access to a complete listing of Operation values.
func NewOperationsListIterator ¶
func NewOperationsListIterator(page OperationsListPage) OperationsListIterator
Creates a new instance of the OperationsListIterator type.
func (*OperationsListIterator) Next ¶
func (iter *OperationsListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OperationsListIterator) NextWithContext ¶
func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (OperationsListIterator) NotDone ¶
func (iter OperationsListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (OperationsListIterator) Response ¶
func (iter OperationsListIterator) Response() OperationsList
Response returns the raw server response from the last page request.
func (OperationsListIterator) Value ¶
func (iter OperationsListIterator) Value() Operation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type OperationsListPage ¶
type OperationsListPage struct {
// contains filtered or unexported fields
}
OperationsListPage contains a page of Operation values.
func NewOperationsListPage ¶
func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage
Creates a new instance of the OperationsListPage type.
func (*OperationsListPage) Next ¶
func (page *OperationsListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OperationsListPage) NextWithContext ¶
func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (OperationsListPage) NotDone ¶
func (page OperationsListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (OperationsListPage) Response ¶
func (page OperationsListPage) Response() OperationsList
Response returns the raw server response from the last page request.
func (OperationsListPage) Values ¶
func (page OperationsListPage) Values() []Operation
Values returns the slice of values for the current page or nil if there are no values.
type ProcessEntity ¶
type ProcessEntity struct { // ProcessEntityProperties - Process entity properties *ProcessEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
ProcessEntity represents a process entity.
func (ProcessEntity) AsAccountEntity ¶
func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsAzureResourceEntity ¶
func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsBasicEntity ¶
func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsCloudApplicationEntity ¶
func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsDNSEntity ¶
func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsEntity ¶
func (peVar ProcessEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsFileEntity ¶
func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsFileHashEntity ¶
func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsHostEntity ¶
func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsHuntingBookmark ¶
func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsIPEntity ¶
func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsIoTDeviceEntity ¶
func (peVar ProcessEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsMalwareEntity ¶
func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsProcessEntity ¶
func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsRegistryKeyEntity ¶
func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsRegistryValueEntity ¶
func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsSecurityAlert ¶
func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsSecurityGroupEntity ¶
func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsURLEntity ¶
func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) MarshalJSON ¶
func (peVar ProcessEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ProcessEntity.
func (*ProcessEntity) UnmarshalJSON ¶
func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.
type ProcessEntityProperties ¶
type ProcessEntityProperties struct { // AccountEntityID - READ-ONLY; The account entity id running the processes. AccountEntityID *string `json:"accountEntityId,omitempty"` // CommandLine - READ-ONLY; The command line used to create the process CommandLine *string `json:"commandLine,omitempty"` // CreationTimeUtc - READ-ONLY; The time when the process started to run CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' ElevationToken ElevationToken `json:"elevationToken,omitempty"` // HostEntityID - READ-ONLY; The host entity id on which the process was running HostEntityID *string `json:"hostEntityId,omitempty"` // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` // ImageFileEntityID - READ-ONLY; Image file entity id ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` // ParentProcessEntityID - READ-ONLY; The parent process entity id. ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` // ProcessID - READ-ONLY; The process ID ProcessID *string `json:"processId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
ProcessEntityProperties process entity property bag.
func (ProcessEntityProperties) MarshalJSON ¶
func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ProcessEntityProperties.
type ProductSettingsClient ¶
type ProductSettingsClient struct {
BaseClient
}
ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewProductSettingsClient ¶
func NewProductSettingsClient(subscriptionID string) ProductSettingsClient
NewProductSettingsClient creates an instance of the ProductSettingsClient client.
func NewProductSettingsClientWithBaseURI ¶
func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient
NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (ProductSettingsClient) Delete ¶
func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error)
Delete delete setting of the product. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba
func (ProductSettingsClient) DeletePreparer ¶
func (client ProductSettingsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (ProductSettingsClient) DeleteResponder ¶
func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (ProductSettingsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (ProductSettingsClient) Get ¶
func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error)
Get gets a setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba
func (ProductSettingsClient) GetAll ¶
func (client ProductSettingsClient) GetAll(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result SettingList, err error)
GetAll list of all the settings Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (ProductSettingsClient) GetAllPreparer ¶
func (client ProductSettingsClient) GetAllPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
GetAllPreparer prepares the GetAll request.
func (ProductSettingsClient) GetAllResponder ¶
func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result SettingList, err error)
GetAllResponder handles the response to the GetAll request. The method always closes the http.Response Body.
func (ProductSettingsClient) GetAllSender ¶
GetAllSender sends the GetAll request. The method will close the http.Response Body if it receives an error.
func (ProductSettingsClient) GetPreparer ¶
func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)
GetPreparer prepares the Get request.
func (ProductSettingsClient) GetResponder ¶
func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (ProductSettingsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (ProductSettingsClient) Update ¶
func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)
Update updates setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba settings - the setting
func (ProductSettingsClient) UpdatePreparer ¶
func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)
UpdatePreparer prepares the Update request.
func (ProductSettingsClient) UpdateResponder ¶
func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)
UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.
func (ProductSettingsClient) UpdateSender ¶
UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.
type RegistryHive ¶
type RegistryHive string
RegistryHive enumerates the values for registry hive.
const ( // HKEYA HKEY_A HKEYA RegistryHive = "HKEY_A" // HKEYCLASSESROOT HKEY_CLASSES_ROOT HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" // HKEYCURRENTUSER HKEY_CURRENT_USER HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" // HKEYUSERS HKEY_USERS HKEYUSERS RegistryHive = "HKEY_USERS" )
func PossibleRegistryHiveValues ¶
func PossibleRegistryHiveValues() []RegistryHive
PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.
type RegistryKeyEntity ¶
type RegistryKeyEntity struct { // RegistryKeyEntityProperties - RegistryKey entity properties *RegistryKeyEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
RegistryKeyEntity represents a registry key entity.
func (RegistryKeyEntity) AsAccountEntity ¶
func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsAzureResourceEntity ¶
func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsBasicEntity ¶
func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsCloudApplicationEntity ¶
func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsDNSEntity ¶
func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsEntity ¶
func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsFileEntity ¶
func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsFileHashEntity ¶
func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsHostEntity ¶
func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsHuntingBookmark ¶
func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsIPEntity ¶
func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsIoTDeviceEntity ¶
func (rke RegistryKeyEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsMalwareEntity ¶
func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsProcessEntity ¶
func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsRegistryKeyEntity ¶
func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsRegistryValueEntity ¶
func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsSecurityAlert ¶
func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsSecurityGroupEntity ¶
func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsURLEntity ¶
func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) MarshalJSON ¶
func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryKeyEntity.
func (*RegistryKeyEntity) UnmarshalJSON ¶
func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.
type RegistryKeyEntityProperties ¶
type RegistryKeyEntityProperties struct { // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' Hive RegistryHive `json:"hive,omitempty"` // Key - READ-ONLY; The registry key path. Key *string `json:"key,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
RegistryKeyEntityProperties registryKey entity property bag.
func (RegistryKeyEntityProperties) MarshalJSON ¶
func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.
type RegistryValueEntity ¶
type RegistryValueEntity struct { // RegistryValueEntityProperties - RegistryKey entity properties *RegistryValueEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
RegistryValueEntity represents a registry value entity.
func (RegistryValueEntity) AsAccountEntity ¶
func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsAzureResourceEntity ¶
func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsBasicEntity ¶
func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsCloudApplicationEntity ¶
func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsDNSEntity ¶
func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsEntity ¶
func (rve RegistryValueEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsFileEntity ¶
func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsFileHashEntity ¶
func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsHostEntity ¶
func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsHuntingBookmark ¶
func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsIPEntity ¶
func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsIoTDeviceEntity ¶
func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsMalwareEntity ¶
func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsProcessEntity ¶
func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsRegistryKeyEntity ¶
func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsRegistryValueEntity ¶
func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsSecurityAlert ¶
func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsSecurityGroupEntity ¶
func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsURLEntity ¶
func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) MarshalJSON ¶
func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryValueEntity.
func (*RegistryValueEntity) UnmarshalJSON ¶
func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.
type RegistryValueEntityProperties ¶
type RegistryValueEntityProperties struct { // KeyEntityID - READ-ONLY; The registry key entity id. KeyEntityID *string `json:"keyEntityId,omitempty"` // ValueData - READ-ONLY; String formatted representation of the value data. ValueData *string `json:"valueData,omitempty"` // ValueName - READ-ONLY; The registry value name. ValueName *string `json:"valueName,omitempty"` // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' ValueType RegistryValueKind `json:"valueType,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
RegistryValueEntityProperties registryValue entity property bag.
func (RegistryValueEntityProperties) MarshalJSON ¶
func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryValueEntityProperties.
type RegistryValueKind ¶
type RegistryValueKind string
RegistryValueKind enumerates the values for registry value kind.
const ( // RegistryValueKindBinary Binary value type RegistryValueKindBinary RegistryValueKind = "Binary" // RegistryValueKindDWord DWord value type RegistryValueKindDWord RegistryValueKind = "DWord" // RegistryValueKindExpandString ExpandString value type RegistryValueKindExpandString RegistryValueKind = "ExpandString" // RegistryValueKindMultiString MultiString value type RegistryValueKindMultiString RegistryValueKind = "MultiString" // RegistryValueKindNone None RegistryValueKindNone RegistryValueKind = "None" // RegistryValueKindQWord QWord value type RegistryValueKindQWord RegistryValueKind = "QWord" // RegistryValueKindString String value type RegistryValueKindString RegistryValueKind = "String" // RegistryValueKindUnknown Unknown value type RegistryValueKindUnknown RegistryValueKind = "Unknown" )
func PossibleRegistryValueKindValues ¶
func PossibleRegistryValueKindValues() []RegistryValueKind
PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.
type Relation ¶
type Relation struct { autorest.Response `json:"-"` // RelationProperties - Relation properties *RelationProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Relation represents a relation between two resources
func (Relation) MarshalJSON ¶
MarshalJSON is the custom marshaler for Relation.
func (*Relation) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Relation struct.
type RelationBase ¶
type RelationBase struct { // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
RelationBase represents a relation
func (RelationBase) MarshalJSON ¶
func (rb RelationBase) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationBase.
type RelationList ¶
type RelationList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of relations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of relations. Value *[]Relation `json:"value,omitempty"` }
RelationList list of relations.
func (RelationList) IsEmpty ¶
func (rl RelationList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (RelationList) MarshalJSON ¶
func (rl RelationList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationList.
type RelationListIterator ¶
type RelationListIterator struct {
// contains filtered or unexported fields
}
RelationListIterator provides access to a complete listing of Relation values.
func NewRelationListIterator ¶
func NewRelationListIterator(page RelationListPage) RelationListIterator
Creates a new instance of the RelationListIterator type.
func (*RelationListIterator) Next ¶
func (iter *RelationListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*RelationListIterator) NextWithContext ¶
func (iter *RelationListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (RelationListIterator) NotDone ¶
func (iter RelationListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (RelationListIterator) Response ¶
func (iter RelationListIterator) Response() RelationList
Response returns the raw server response from the last page request.
func (RelationListIterator) Value ¶
func (iter RelationListIterator) Value() Relation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type RelationListPage ¶
type RelationListPage struct {
// contains filtered or unexported fields
}
RelationListPage contains a page of Relation values.
func NewRelationListPage ¶
func NewRelationListPage(cur RelationList, getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage
Creates a new instance of the RelationListPage type.
func (*RelationListPage) Next ¶
func (page *RelationListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*RelationListPage) NextWithContext ¶
func (page *RelationListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (RelationListPage) NotDone ¶
func (page RelationListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (RelationListPage) Response ¶
func (page RelationListPage) Response() RelationList
Response returns the raw server response from the last page request.
func (RelationListPage) Values ¶
func (page RelationListPage) Values() []Relation
Values returns the slice of values for the current page or nil if there are no values.
type RelationNode ¶
type RelationNode struct { // RelationNodeID - Relation Node Id RelationNodeID *string `json:"relationNodeId,omitempty"` // RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark' RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"` // Etag - Etag for relation node Etag *string `json:"etag,omitempty"` // RelationAdditionalProperties - Additional set of properties RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"` }
RelationNode relation node
func (RelationNode) MarshalJSON ¶
func (rn RelationNode) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationNode.
type RelationNodeKind ¶
type RelationNodeKind string
RelationNodeKind enumerates the values for relation node kind.
const ( // RelationNodeKindBookmark Bookmark node part of the relation RelationNodeKindBookmark RelationNodeKind = "Bookmark" // RelationNodeKindCase Case node part of the relation RelationNodeKindCase RelationNodeKind = "Case" )
func PossibleRelationNodeKindValues ¶
func PossibleRelationNodeKindValues() []RelationNodeKind
PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.
type RelationProperties ¶
type RelationProperties struct { // RelatedResourceID - The resource ID of the related resource RelatedResourceID *string `json:"relatedResourceId,omitempty"` // RelatedResourceName - READ-ONLY; The name of the related resource RelatedResourceName *string `json:"relatedResourceName,omitempty"` // RelatedResourceType - READ-ONLY; The resource type of the related resource RelatedResourceType *string `json:"relatedResourceType,omitempty"` // RelatedResourceKind - READ-ONLY; The resource kind of the related resource RelatedResourceKind *string `json:"relatedResourceKind,omitempty"` }
RelationProperties relation property bag.
func (RelationProperties) MarshalJSON ¶
func (rp RelationProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationProperties.
type RelationTypes ¶
type RelationTypes string
RelationTypes enumerates the values for relation types.
const ( // CasesToBookmarks Relations between cases and bookmarks CasesToBookmarks RelationTypes = "CasesToBookmarks" )
func PossibleRelationTypesValues ¶
func PossibleRelationTypesValues() []RelationTypes
PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.
type RelationsModelInput ¶
type RelationsModelInput struct { // RelationsModelInputProperties - Relation input properties *RelationsModelInputProperties `json:"properties,omitempty"` // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
RelationsModelInput relation input model
func (RelationsModelInput) MarshalJSON ¶
func (rmi RelationsModelInput) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationsModelInput.
func (*RelationsModelInput) UnmarshalJSON ¶
func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct.
type RelationsModelInputProperties ¶
type RelationsModelInputProperties struct { // RelationName - Name of relation RelationName *string `json:"relationName,omitempty"` // SourceRelationNode - Relation source node SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"` // TargetRelationNode - Relation target node TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"` }
RelationsModelInputProperties relation input properties
type Resource ¶
type Resource struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
Resource an azure resource object
type ResourceWithEtag ¶
type ResourceWithEtag struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
ResourceWithEtag an azure resource object with an Etag property
func (ResourceWithEtag) MarshalJSON ¶
func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ResourceWithEtag.
type ScheduledAlertRule ¶
type ScheduledAlertRule struct { // ScheduledAlertRuleProperties - Scheduled alert rule properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
ScheduledAlertRule represents scheduled alert rule.
func (ScheduledAlertRule) AsAlertRule ¶
func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsBasicAlertRule ¶
func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsFusionAlertRule ¶
func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsScheduledAlertRule ¶
func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) MarshalJSON ¶
func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRule.
func (*ScheduledAlertRule) UnmarshalJSON ¶
func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.
type ScheduledAlertRuleCommonProperties ¶
type ScheduledAlertRuleCommonProperties struct { // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` // EventGroupingSettings - The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` }
ScheduledAlertRuleCommonProperties schedule alert rule template property bag.
type ScheduledAlertRuleProperties ¶
type ScheduledAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. SuppressionDuration *string `json:"suppressionDuration,omitempty"` // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // Tactics - The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` // IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` // EventGroupingSettings - The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` }
ScheduledAlertRuleProperties scheduled alert rule base property bag.
func (ScheduledAlertRuleProperties) MarshalJSON ¶
func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties.
type ScheduledAlertRuleTemplate ¶
type ScheduledAlertRuleTemplate struct { // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
ScheduledAlertRuleTemplate represents scheduled alert rule template.
func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) MarshalJSON ¶
func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.
func (*ScheduledAlertRuleTemplate) UnmarshalJSON ¶
func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.
type ScheduledAlertRuleTemplateProperties ¶
type ScheduledAlertRuleTemplateProperties struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data sources for this template RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` // EventGroupingSettings - The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` }
ScheduledAlertRuleTemplateProperties scheduled alert rule template properties
func (ScheduledAlertRuleTemplateProperties) MarshalJSON ¶
func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties.
type SecurityAlert ¶
type SecurityAlert struct { // SecurityAlertProperties - SecurityAlert entity properties *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
SecurityAlert represents a security alert entity.
func (SecurityAlert) AsAccountEntity ¶
func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsAzureResourceEntity ¶
func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsBasicEntity ¶
func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsCloudApplicationEntity ¶
func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsDNSEntity ¶
func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsEntity ¶
func (sa SecurityAlert) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsFileEntity ¶
func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsFileHashEntity ¶
func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsHostEntity ¶
func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsHuntingBookmark ¶
func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsIPEntity ¶
func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsIoTDeviceEntity ¶
func (sa SecurityAlert) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsMalwareEntity ¶
func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsProcessEntity ¶
func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsRegistryKeyEntity ¶
func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsRegistryValueEntity ¶
func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsSecurityAlert ¶
func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsSecurityGroupEntity ¶
func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsURLEntity ¶
func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) MarshalJSON ¶
func (sa SecurityAlert) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityAlert.
func (*SecurityAlert) UnmarshalJSON ¶
func (sa *SecurityAlert) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.
type SecurityAlertProperties ¶
type SecurityAlertProperties struct { // AlertDisplayName - READ-ONLY; The display name of the alert. AlertDisplayName *string `json:"alertDisplayName,omitempty"` // AlertType - READ-ONLY; The type name of the alert. AlertType *string `json:"alertType,omitempty"` // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. CompromisedEntity *string `json:"compromisedEntity,omitempty"` // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` // ConfidenceReasons - READ-ONLY; The confidence reasons ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` // ConfidenceScore - READ-ONLY; The confidence score of the alert. ConfidenceScore *float64 `json:"confidenceScore,omitempty"` // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` // Description - READ-ONLY; Alert description. Description *string `json:"description,omitempty"` // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' Intent KillChainIntent `json:"intent,omitempty"` // ProviderAlertID - READ-ONLY; The identifier of the alert inside the product which generated the alert. ProviderAlertID *string `json:"providerAlertId,omitempty"` // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. ProductComponentName *string `json:"productComponentName,omitempty"` // ProductName - READ-ONLY; The name of the product which published this alert. ProductName *string `json:"productName,omitempty"` // ProductVersion - READ-ONLY; The version of the product generating the alert. ProductVersion *string `json:"productVersion,omitempty"` // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. RemediationSteps *[]string `json:"remediationSteps,omitempty"` // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' Status AlertStatus `json:"status,omitempty"` // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. SystemAlertID *string `json:"systemAlertId,omitempty"` // Tactics - READ-ONLY; The tactics of the alert Tactics *[]AttackTactic `json:"tactics,omitempty"` // TimeGenerated - READ-ONLY; The time the alert was generated. TimeGenerated *date.Time `json:"timeGenerated,omitempty"` // VendorName - READ-ONLY; The name of the vendor that raise the alert. VendorName *string `json:"vendorName,omitempty"` // AlertLink - READ-ONLY; The uri link of the alert. AlertLink *string `json:"alertLink,omitempty"` // ResourceIdentifiers - READ-ONLY; The list of resource identifiers of the alert. ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
SecurityAlertProperties securityAlert entity property bag.
func (SecurityAlertProperties) MarshalJSON ¶
func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityAlertProperties.
type SecurityAlertPropertiesConfidenceReasonsItem ¶
type SecurityAlertPropertiesConfidenceReasonsItem struct { // Reason - READ-ONLY; The reason's description Reason *string `json:"reason,omitempty"` // ReasonType - READ-ONLY; The type (category) of the reason ReasonType *string `json:"reasonType,omitempty"` }
SecurityAlertPropertiesConfidenceReasonsItem confidence reason item
type SecurityAlertTimelineItem ¶
type SecurityAlertTimelineItem struct { // AzureResourceID - The alert azure resource id. AzureResourceID *string `json:"azureResourceId,omitempty"` // ProductName - The alert product name. ProductName *string `json:"productName,omitempty"` // DisplayName - The alert name. DisplayName *string `json:"displayName,omitempty"` // Severity - The alert severity. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // EndTimeUtc - The alert end time. EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // StartTimeUtc - The alert start time. StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // TimeGenerated - The alert generated time. TimeGenerated *date.Time `json:"timeGenerated,omitempty"` // AlertType - The name of the alert type. AlertType *string `json:"alertType,omitempty"` // Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark' Kind KindBasicEntityTimelineItem `json:"kind,omitempty"` }
SecurityAlertTimelineItem represents security alert timeline item.
func (SecurityAlertTimelineItem) AsActivityTimelineItem ¶
func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)
AsActivityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) AsBasicEntityTimelineItem ¶
func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)
AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) AsBookmarkTimelineItem ¶
func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) AsEntityTimelineItem ¶
func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)
AsEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) AsSecurityAlertTimelineItem ¶
func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) MarshalJSON ¶
func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityAlertTimelineItem.
type SecurityGroupEntity ¶
type SecurityGroupEntity struct { // SecurityGroupEntityProperties - SecurityGroup entity properties *SecurityGroupEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
SecurityGroupEntity represents a security group entity.
func (SecurityGroupEntity) AsAccountEntity ¶
func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsAzureResourceEntity ¶
func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsBasicEntity ¶
func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsCloudApplicationEntity ¶
func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsDNSEntity ¶
func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsEntity ¶
func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsFileEntity ¶
func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsFileHashEntity ¶
func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsHostEntity ¶
func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsHuntingBookmark ¶
func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsIPEntity ¶
func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsIoTDeviceEntity ¶
func (sge SecurityGroupEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsMalwareEntity ¶
func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsProcessEntity ¶
func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsRegistryKeyEntity ¶
func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsRegistryValueEntity ¶
func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsSecurityAlert ¶
func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsSecurityGroupEntity ¶
func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsURLEntity ¶
func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) MarshalJSON ¶
func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityGroupEntity.
func (*SecurityGroupEntity) UnmarshalJSON ¶
func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.
type SecurityGroupEntityProperties ¶
type SecurityGroupEntityProperties struct { // DistinguishedName - READ-ONLY; The group distinguished name DistinguishedName *string `json:"distinguishedName,omitempty"` // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group Sid *string `json:"sid,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
SecurityGroupEntityProperties securityGroup entity property bag.
func (SecurityGroupEntityProperties) MarshalJSON ¶
func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.
type SettingKind ¶
type SettingKind string
SettingKind enumerates the values for setting kind.
const ( // SettingKindEntityAnalytics ... SettingKindEntityAnalytics SettingKind = "EntityAnalytics" // SettingKindEyesOn ... SettingKindEyesOn SettingKind = "EyesOn" // SettingKindUeba ... SettingKindUeba SettingKind = "Ueba" )
func PossibleSettingKindValues ¶
func PossibleSettingKindValues() []SettingKind
PossibleSettingKindValues returns an array of possible values for the SettingKind const type.
type SettingList ¶
type SettingList struct { autorest.Response `json:"-"` // Value - Array of settings. Value *[]BasicSettings `json:"value,omitempty"` }
SettingList list of all the settings.
func (*SettingList) UnmarshalJSON ¶
func (sl *SettingList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SettingList struct.
type Settings ¶
type Settings struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` }
Settings the Setting.
func (Settings) AsBasicSettings ¶
func (s Settings) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for Settings.
func (Settings) AsEntityAnalytics ¶
func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool)
AsEntityAnalytics is the BasicSettings implementation for Settings.
func (Settings) AsSettings ¶
AsSettings is the BasicSettings implementation for Settings.
func (Settings) MarshalJSON ¶
MarshalJSON is the custom marshaler for Settings.
type SettingsKind ¶
type SettingsKind struct { // Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba' Kind SettingKind `json:"kind,omitempty"` }
SettingsKind describes an Azure resource with kind.
type SettingsModel ¶
type SettingsModel struct { autorest.Response `json:"-"` Value BasicSettings `json:"value,omitempty"` }
SettingsModel ...
func (*SettingsModel) UnmarshalJSON ¶
func (sm *SettingsModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SettingsModel struct.
type Source ¶
type Source string
Source enumerates the values for source.
func PossibleSourceValues ¶
func PossibleSourceValues() []Source
PossibleSourceValues returns an array of possible values for the Source const type.
type TICheckRequirements ¶
type TICheckRequirements struct { // TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties *TICheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
TICheckRequirements threat Intelligence Platforms data connector check requirements
func (TICheckRequirements) AsAADCheckRequirements ¶
func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsAATPCheckRequirements ¶
func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsASCCheckRequirements ¶
func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsDataConnectorsCheckRequirements ¶
func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsMCASCheckRequirements ¶
func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsMDATPCheckRequirements ¶
func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsOfficeATPCheckRequirements ¶
func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsTICheckRequirements ¶
func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) AsTiTaxiiCheckRequirements ¶
func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.
func (TICheckRequirements) MarshalJSON ¶
func (tcr TICheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for TICheckRequirements.
func (*TICheckRequirements) UnmarshalJSON ¶
func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct.
type TICheckRequirementsProperties ¶
type TICheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TICheckRequirementsProperties threat Intelligence Platforms data connector required properties.
type TIDataConnector ¶
type TIDataConnector struct { // TIDataConnectorProperties - Threat Intelligence Platforms data connector properties. *TIDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
TIDataConnector data connector to pull threat intelligence data from TIP products.
func (TIDataConnector) AsAADDataConnector ¶
func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsAATPDataConnector ¶
func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsASCDataConnector ¶
func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsAwsCloudTrailDataConnector ¶
func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsBasicDataConnector ¶
func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsDataConnector ¶
func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsMCASDataConnector ¶
func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsMDATPDataConnector ¶
func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsOfficeATPDataConnector ¶
func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsOfficeDataConnector ¶
func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsTIDataConnector ¶
func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsTiTaxiiDataConnector ¶
func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) MarshalJSON ¶
func (tdc TIDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for TIDataConnector.
func (*TIDataConnector) UnmarshalJSON ¶
func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.
type TIDataConnectorDataTypes ¶
type TIDataConnectorDataTypes struct { // Indicators - Data type for Threat Intelligence Platforms data connector. Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` }
TIDataConnectorDataTypes the available data types for Threat Intelligence Platforms data connector.
type TIDataConnectorDataTypesIndicators ¶
type TIDataConnectorDataTypesIndicators struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
TIDataConnectorDataTypesIndicators data type for Threat Intelligence Platforms data connector.
type TIDataConnectorProperties ¶
type TIDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TIDataConnectorProperties threat Intelligence Platforms data connector properties.
type TemplateStatus ¶
type TemplateStatus string
TemplateStatus enumerates the values for template status.
const ( // Available Alert rule template is available. Available TemplateStatus = "Available" // Installed Alert rule template installed. and can not use more then once Installed TemplateStatus = "Installed" // NotAvailable Alert rule template is not available NotAvailable TemplateStatus = "NotAvailable" )
func PossibleTemplateStatusValues ¶
func PossibleTemplateStatusValues() []TemplateStatus
PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.
type ThreatIntelligence ¶
type ThreatIntelligence struct { // Confidence - READ-ONLY; Confidence (must be between 0 and 1) Confidence *float64 `json:"confidence,omitempty"` // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received ProviderName *string `json:"providerName,omitempty"` // ReportLink - READ-ONLY; Report link ReportLink *string `json:"reportLink,omitempty"` // ThreatDescription - READ-ONLY; Threat description (free text) ThreatDescription *string `json:"threatDescription,omitempty"` // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") ThreatName *string `json:"threatName,omitempty"` // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") ThreatType *string `json:"threatType,omitempty"` }
ThreatIntelligence threatIntelligence property bag.
type ThreatIntelligenceAppendTags ¶
type ThreatIntelligenceAppendTags struct { // ThreatIntelligenceTags - List of tags to be appended. ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` }
ThreatIntelligenceAppendTags array of tags to be appended to the threat intelligence indicator.
type ThreatIntelligenceFilteringCriteria ¶
type ThreatIntelligenceFilteringCriteria struct { // PageSize - Page size PageSize *int32 `json:"pageSize,omitempty"` // MinConfidence - Minimum confidence. MinConfidence *int32 `json:"minConfidence,omitempty"` // MaxConfidence - Maximum confidence. MaxConfidence *int32 `json:"maxConfidence,omitempty"` // MinValidUntil - Start time for ValidUntil filter. MinValidUntil *string `json:"minValidUntil,omitempty"` // MaxValidUntil - End time for ValidUntil filter. MaxValidUntil *string `json:"maxValidUntil,omitempty"` // IncludeDisabled - Parameter to include/exclude disabled indicators. IncludeDisabled *bool `json:"includeDisabled,omitempty"` // SortBy - Columns to sort by and sorting order SortBy *[]ThreatIntelligenceSortingCriteria1 `json:"sortBy,omitempty"` // Sources - Sources of threat intelligence indicators Sources *[]string `json:"sources,omitempty"` // PatternTypes - Pattern types PatternTypes *[]string `json:"patternTypes,omitempty"` // ThreatTypes - Threat types of threat intelligence indicators ThreatTypes *[]string `json:"threatTypes,omitempty"` // Ids - Ids of threat intelligence indicators Ids *[]string `json:"ids,omitempty"` // Keywords - Keywords for searching threat intelligence indicators Keywords *[]string `json:"keywords,omitempty"` // SkipToken - Skip token. SkipToken *string `json:"skipToken,omitempty"` }
ThreatIntelligenceFilteringCriteria filtering criteria for querying threat intelligence indicators.
type ThreatIntelligenceGranularMarkingModel ¶
type ThreatIntelligenceGranularMarkingModel struct { // Language - Language granular marking model Language *string `json:"language,omitempty"` // MarkingRef - marking reference granular marking model MarkingRef *int32 `json:"markingRef,omitempty"` // Selectors - granular marking model selectors Selectors *[]string `json:"selectors,omitempty"` }
ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity
type ThreatIntelligenceIndicatorClient ¶
type ThreatIntelligenceIndicatorClient struct {
BaseClient
}
ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewThreatIntelligenceIndicatorClient ¶
func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient
NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client.
func NewThreatIntelligenceIndicatorClientWithBaseURI ¶
func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient
NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (ThreatIntelligenceIndicatorClient) AppendTags ¶
func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (result autorest.Response, err error)
AppendTags append tags to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceAppendTags - the threat intelligence append tags request body
func (ThreatIntelligenceIndicatorClient) AppendTagsPreparer ¶
func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (*http.Request, error)
AppendTagsPreparer prepares the AppendTags request.
func (ThreatIntelligenceIndicatorClient) AppendTagsResponder ¶
func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error)
AppendTagsResponder handles the response to the AppendTags request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) AppendTagsSender ¶
func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error)
AppendTagsSender sends the AppendTags request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) Create ¶
func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)
Create update a threat Intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.
func (ThreatIntelligenceIndicatorClient) CreateIndicator ¶
func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)
CreateIndicator create a new threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.
func (ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer ¶
func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)
CreateIndicatorPreparer prepares the CreateIndicator request.
func (ThreatIntelligenceIndicatorClient) CreateIndicatorResponder ¶
func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
CreateIndicatorResponder handles the response to the CreateIndicator request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) CreateIndicatorSender ¶
func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error)
CreateIndicatorSender sends the CreateIndicator request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) CreatePreparer ¶
func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)
CreatePreparer prepares the Create request.
func (ThreatIntelligenceIndicatorClient) CreateResponder ¶
func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
CreateResponder handles the response to the Create request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) CreateSender ¶
func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error)
CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) Delete ¶
func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error)
Delete delete a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.
func (ThreatIntelligenceIndicatorClient) DeletePreparer ¶
func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (ThreatIntelligenceIndicatorClient) DeleteResponder ¶
func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) DeleteSender ¶
func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error)
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) Get ¶
func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceInformationModel, err error)
Get view a threat intelligence indicator by name. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.
func (ThreatIntelligenceIndicatorClient) GetPreparer ¶
func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)
GetPreparer prepares the Get request.
func (ThreatIntelligenceIndicatorClient) GetResponder ¶
func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) GetSender ¶
func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error)
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) QueryIndicators ¶
func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListPage, err error)
QueryIndicators query threat intelligence indicators as per filtering criteria. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceFilteringCriteria - filtering criteria for querying threat intelligence indicators.
func (ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete ¶
func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListIterator, err error)
QueryIndicatorsComplete enumerates all values, automatically crossing page boundaries as required.
func (ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer ¶
func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (*http.Request, error)
QueryIndicatorsPreparer prepares the QueryIndicators request.
func (ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder ¶
func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)
QueryIndicatorsResponder handles the response to the QueryIndicators request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) QueryIndicatorsSender ¶
func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error)
QueryIndicatorsSender sends the QueryIndicators request. The method will close the http.Response Body if it receives an error.
func (ThreatIntelligenceIndicatorClient) ReplaceTags ¶
func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)
ReplaceTags replace tags added to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceReplaceTags - tags in the threat intelligence indicator to be replaced.
func (ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer ¶
func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)
ReplaceTagsPreparer prepares the ReplaceTags request.
func (ThreatIntelligenceIndicatorClient) ReplaceTagsResponder ¶
func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)
ReplaceTagsResponder handles the response to the ReplaceTags request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorClient) ReplaceTagsSender ¶
func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error)
ReplaceTagsSender sends the ReplaceTags request. The method will close the http.Response Body if it receives an error.
type ThreatIntelligenceIndicatorMetricsClient ¶
type ThreatIntelligenceIndicatorMetricsClient struct {
BaseClient
}
ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewThreatIntelligenceIndicatorMetricsClient ¶
func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient
NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient client.
func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI ¶
func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient
NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (ThreatIntelligenceIndicatorMetricsClient) List ¶
func (client ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result ThreatIntelligenceMetricsList, err error)
List get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (ThreatIntelligenceIndicatorMetricsClient) ListPreparer ¶
func (client ThreatIntelligenceIndicatorMetricsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (ThreatIntelligenceIndicatorMetricsClient) ListResponder ¶
func (client ThreatIntelligenceIndicatorMetricsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceMetricsList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorMetricsClient) ListSender ¶
func (client ThreatIntelligenceIndicatorMetricsClient) ListSender(req *http.Request) (*http.Response, error)
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type ThreatIntelligenceIndicatorModel ¶
type ThreatIntelligenceIndicatorModel struct { // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator' Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"` }
ThreatIntelligenceIndicatorModel threat intelligence indicator entity.
func (ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation ¶
func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)
AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.
func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel ¶
func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.
func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation ¶
func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.
func (ThreatIntelligenceIndicatorModel) MarshalJSON ¶
func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel.
func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON ¶
func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct.
type ThreatIntelligenceIndicatorModelForRequestBody ¶
type ThreatIntelligenceIndicatorModelForRequestBody struct { // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` // Kind - The kind of the entity. Kind *string `json:"kind,omitempty"` }
ThreatIntelligenceIndicatorModelForRequestBody threat intelligence indicator entity used in request body.
func (ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON ¶
func (tiimfrb ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModelForRequestBody.
func (*ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON ¶
func (tiimfrb *ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModelForRequestBody struct.
type ThreatIntelligenceIndicatorProperties ¶
type ThreatIntelligenceIndicatorProperties struct { // ThreatIntelligenceTags - List of tags ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"` // LastUpdatedTimeUtc - Last updated time in UTC LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` // Source - Source of a threat intelligence entity Source *string `json:"source,omitempty"` // DisplayName - Display name of a threat intelligence entity DisplayName *string `json:"displayName,omitempty"` // Description - Description of a threat intelligence entity Description *string `json:"description,omitempty"` // IndicatorTypes - Indicator types of threat intelligence entities IndicatorTypes *[]string `json:"indicatorTypes,omitempty"` // Pattern - Pattern of a threat intelligence entity Pattern *string `json:"pattern,omitempty"` // PatternType - Pattern type of a threat intelligence entity PatternType *string `json:"patternType,omitempty"` // KillChainPhases - Kill chain phases KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"` // ExternalID - External ID of threat intelligence entity ExternalID *string `json:"externalId,omitempty"` // CreatedByRef - Created by reference of threat intelligence entity CreatedByRef *string `json:"createdByRef,omitempty"` // ExternalReferences - External References ExternalReferences *[]string `json:"externalReferences,omitempty"` // GranularMarkings - Granular Markings GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"` // Revoked - Is threat intelligence entity revoked Revoked *bool `json:"revoked,omitempty"` // Confidence - Confidence of threat intelligence entity Confidence *int32 `json:"confidence,omitempty"` // Labels - Labels of threat intelligence entity Labels *[]string `json:"labels,omitempty"` // ThreatTypes - Threat types ThreatTypes *[]string `json:"threatTypes,omitempty"` // ValidFrom - Valid from ValidFrom *string `json:"validFrom,omitempty"` // ValidUntil - Valid until ValidUntil *string `json:"validUntil,omitempty"` // Created - Created by Created *string `json:"created,omitempty"` // Modified - Modified by Modified *string `json:"modified,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties
func (ThreatIntelligenceIndicatorProperties) MarshalJSON ¶
func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties.
type ThreatIntelligenceIndicatorsClient ¶
type ThreatIntelligenceIndicatorsClient struct {
BaseClient
}
ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewThreatIntelligenceIndicatorsClient ¶
func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient
NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client.
func NewThreatIntelligenceIndicatorsClientWithBaseURI ¶
func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient
NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (ThreatIntelligenceIndicatorsClient) List ¶
func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListPage, err error)
List get all threat intelligence indicators. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. orderby - sorts the results. Optional.
func (ThreatIntelligenceIndicatorsClient) ListComplete ¶
func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (ThreatIntelligenceIndicatorsClient) ListPreparer ¶
func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error)
ListPreparer prepares the List request.
func (ThreatIntelligenceIndicatorsClient) ListResponder ¶
func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (ThreatIntelligenceIndicatorsClient) ListSender ¶
func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error)
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type ThreatIntelligenceInformation ¶
type ThreatIntelligenceInformation struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator' Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"` }
ThreatIntelligenceInformation threat intelligence information object.
func (ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation ¶
func (tii ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)
AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.
func (ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel ¶
func (tii ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.
func (ThreatIntelligenceInformation) AsThreatIntelligenceInformation ¶
func (tii ThreatIntelligenceInformation) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.
func (ThreatIntelligenceInformation) MarshalJSON ¶
func (tii ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ThreatIntelligenceInformation.
type ThreatIntelligenceInformationList ¶
type ThreatIntelligenceInformationList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of information objects. NextLink *string `json:"nextLink,omitempty"` // Value - Array of threat intelligence information objects. Value *[]BasicThreatIntelligenceInformation `json:"value,omitempty"` }
ThreatIntelligenceInformationList list of all the threat intelligence information objects.
func (ThreatIntelligenceInformationList) IsEmpty ¶
func (tiil ThreatIntelligenceInformationList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (ThreatIntelligenceInformationList) MarshalJSON ¶
func (tiil ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ThreatIntelligenceInformationList.
func (*ThreatIntelligenceInformationList) UnmarshalJSON ¶
func (tiil *ThreatIntelligenceInformationList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationList struct.
type ThreatIntelligenceInformationListIterator ¶
type ThreatIntelligenceInformationListIterator struct {
// contains filtered or unexported fields
}
ThreatIntelligenceInformationListIterator provides access to a complete listing of ThreatIntelligenceInformation values.
func NewThreatIntelligenceInformationListIterator ¶
func NewThreatIntelligenceInformationListIterator(page ThreatIntelligenceInformationListPage) ThreatIntelligenceInformationListIterator
Creates a new instance of the ThreatIntelligenceInformationListIterator type.
func (*ThreatIntelligenceInformationListIterator) Next ¶
func (iter *ThreatIntelligenceInformationListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ThreatIntelligenceInformationListIterator) NextWithContext ¶
func (iter *ThreatIntelligenceInformationListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (ThreatIntelligenceInformationListIterator) NotDone ¶
func (iter ThreatIntelligenceInformationListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (ThreatIntelligenceInformationListIterator) Response ¶
func (iter ThreatIntelligenceInformationListIterator) Response() ThreatIntelligenceInformationList
Response returns the raw server response from the last page request.
func (ThreatIntelligenceInformationListIterator) Value ¶
func (iter ThreatIntelligenceInformationListIterator) Value() BasicThreatIntelligenceInformation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type ThreatIntelligenceInformationListPage ¶
type ThreatIntelligenceInformationListPage struct {
// contains filtered or unexported fields
}
ThreatIntelligenceInformationListPage contains a page of BasicThreatIntelligenceInformation values.
func NewThreatIntelligenceInformationListPage ¶
func NewThreatIntelligenceInformationListPage(cur ThreatIntelligenceInformationList, getNextPage func(context.Context, ThreatIntelligenceInformationList) (ThreatIntelligenceInformationList, error)) ThreatIntelligenceInformationListPage
Creates a new instance of the ThreatIntelligenceInformationListPage type.
func (*ThreatIntelligenceInformationListPage) Next ¶
func (page *ThreatIntelligenceInformationListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ThreatIntelligenceInformationListPage) NextWithContext ¶
func (page *ThreatIntelligenceInformationListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (ThreatIntelligenceInformationListPage) NotDone ¶
func (page ThreatIntelligenceInformationListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (ThreatIntelligenceInformationListPage) Response ¶
func (page ThreatIntelligenceInformationListPage) Response() ThreatIntelligenceInformationList
Response returns the raw server response from the last page request.
func (ThreatIntelligenceInformationListPage) Values ¶
func (page ThreatIntelligenceInformationListPage) Values() []BasicThreatIntelligenceInformation
Values returns the slice of values for the current page or nil if there are no values.
type ThreatIntelligenceInformationModel ¶
type ThreatIntelligenceInformationModel struct { autorest.Response `json:"-"` Value BasicThreatIntelligenceInformation `json:"value,omitempty"` }
ThreatIntelligenceInformationModel ...
func (*ThreatIntelligenceInformationModel) UnmarshalJSON ¶
func (tiim *ThreatIntelligenceInformationModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationModel struct.
type ThreatIntelligenceKillChainPhase ¶
type ThreatIntelligenceKillChainPhase struct { // KillChainName - Kill chainName name KillChainName *string `json:"killChainName,omitempty"` // PhaseName - Phase name PhaseName *int32 `json:"phaseName,omitempty"` }
ThreatIntelligenceKillChainPhase describes threat kill chain phase entity
type ThreatIntelligenceMetric ¶
type ThreatIntelligenceMetric struct { // LastUpdatedTimeUtc - Last updated indicator metric LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"` // ThreatTypeMetrics - Threat type metrics ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"` // PatternTypeMetrics - Pattern type metrics PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"` // SourceMetrics - Source metrics SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"` }
ThreatIntelligenceMetric describes threat intelligence metric
type ThreatIntelligenceMetricEntity ¶
type ThreatIntelligenceMetricEntity struct { // MetricName - Metric name MetricName *string `json:"metricName,omitempty"` // MetricValue - Metric value MetricValue *int32 `json:"metricValue,omitempty"` }
ThreatIntelligenceMetricEntity describes threat intelligence metric entity
type ThreatIntelligenceMetrics ¶
type ThreatIntelligenceMetrics struct { // Properties - Threat intelligence metrics. Properties *ThreatIntelligenceMetric `json:"properties,omitempty"` }
ThreatIntelligenceMetrics threat intelligence metrics.
type ThreatIntelligenceMetricsList ¶
type ThreatIntelligenceMetricsList struct { autorest.Response `json:"-"` // Value - Array of threat intelligence metric fields (type/threat type/source). Value *[]ThreatIntelligenceMetrics `json:"value,omitempty"` }
ThreatIntelligenceMetricsList list of all the threat intelligence metric fields (type/threat type/source).
type ThreatIntelligenceResourceKind ¶
type ThreatIntelligenceResourceKind string
ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind.
const ( // Indicator Entity represents threat intelligence indicator in the system. Indicator ThreatIntelligenceResourceKind = "indicator" )
func PossibleThreatIntelligenceResourceKindValues ¶
func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind
PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type.
type ThreatIntelligenceResourceKind1 ¶
type ThreatIntelligenceResourceKind1 struct { // Kind - The kind of the entity. Kind *string `json:"kind,omitempty"` }
ThreatIntelligenceResourceKind1 describes an entity with kind.
type ThreatIntelligenceSortingCriteria ¶
type ThreatIntelligenceSortingCriteria string
ThreatIntelligenceSortingCriteria enumerates the values for threat intelligence sorting criteria.
const ( // Ascending ... Ascending ThreatIntelligenceSortingCriteria = "ascending" // Descending ... Descending ThreatIntelligenceSortingCriteria = "descending" // Unsorted ... Unsorted ThreatIntelligenceSortingCriteria = "unsorted" )
func PossibleThreatIntelligenceSortingCriteriaValues ¶
func PossibleThreatIntelligenceSortingCriteriaValues() []ThreatIntelligenceSortingCriteria
PossibleThreatIntelligenceSortingCriteriaValues returns an array of possible values for the ThreatIntelligenceSortingCriteria const type.
type ThreatIntelligenceSortingCriteria1 ¶
type ThreatIntelligenceSortingCriteria1 struct { // ItemKey - Column name ItemKey *string `json:"itemKey,omitempty"` // SortOrder - Sorting order (ascending/descending/unsorted). Possible values include: 'Unsorted', 'Ascending', 'Descending' SortOrder ThreatIntelligenceSortingCriteria `json:"sortOrder,omitempty"` }
ThreatIntelligenceSortingCriteria1 list of available columns for sorting
type TiTaxiiCheckRequirements ¶
type TiTaxiiCheckRequirements struct { // TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties. *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` // Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii' Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"` }
TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements
func (TiTaxiiCheckRequirements) AsAADCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)
AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsAATPCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsASCCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)
AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)
AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsMCASCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsMDATPCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsTICheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)
AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements ¶
func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) MarshalJSON ¶
func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements.
func (*TiTaxiiCheckRequirements) UnmarshalJSON ¶
func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct.
type TiTaxiiCheckRequirementsProperties ¶
type TiTaxiiCheckRequirementsProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties.
type TiTaxiiDataConnector ¶
type TiTaxiiDataConnector struct { // TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties. *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii' Kind KindBasicDataConnector `json:"kind,omitempty"` }
TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server
func (TiTaxiiDataConnector) AsAADDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsAATPDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsASCDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsAwsCloudTrailDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsBasicDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsMCASDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsMDATPDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsOfficeATPDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsOfficeDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsTIDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) AsTiTaxiiDataConnector ¶
func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.
func (TiTaxiiDataConnector) MarshalJSON ¶
func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for TiTaxiiDataConnector.
func (*TiTaxiiDataConnector) UnmarshalJSON ¶
func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct.
type TiTaxiiDataConnectorDataTypes ¶
type TiTaxiiDataConnectorDataTypes struct { // TaxiiClient - Data type for TAXII connector. TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` }
TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector.
type TiTaxiiDataConnectorDataTypesTaxiiClient ¶
type TiTaxiiDataConnectorDataTypesTaxiiClient struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector.
type TiTaxiiDataConnectorProperties ¶
type TiTaxiiDataConnectorProperties struct { // WorkspaceID - The workspace id. WorkspaceID *string `json:"workspaceId,omitempty"` // FriendlyName - The friendly name for the TAXII server. FriendlyName *string `json:"friendlyName,omitempty"` // TaxiiServer - The API root for the TAXII server. TaxiiServer *string `json:"taxiiServer,omitempty"` // CollectionID - The collection id of the TAXII server. CollectionID *string `json:"collectionId,omitempty"` // UserName - The userName for the TAXII server. UserName *string `json:"userName,omitempty"` // Password - The password for the TAXII server. Password *string `json:"password,omitempty"` // DataTypes - The available data types for Threat Intelligence TAXII data connector. DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties.
type TimelineAggregation ¶
type TimelineAggregation struct { // Count - the total items found for a kind Count *int32 `json:"count,omitempty"` // Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert' Kind EntityTimelineKind `json:"kind,omitempty"` }
TimelineAggregation timeline aggregation information per kind
type TimelineError ¶
type TimelineError struct { // Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert' Kind EntityTimelineKind `json:"kind,omitempty"` // QueryID - the query id QueryID *string `json:"queryId,omitempty"` // ErrorMessage - the error message ErrorMessage *string `json:"errorMessage,omitempty"` }
TimelineError timeline Query Errors.
type TimelineResultsMetadata ¶
type TimelineResultsMetadata struct { // TotalCount - the total items found for the timeline request TotalCount *int32 `json:"totalCount,omitempty"` // Aggregations - timeline aggregation per kind Aggregations *[]TimelineAggregation `json:"aggregations,omitempty"` // Errors - information about the failure queries Errors *[]TimelineError `json:"errors,omitempty"` }
TimelineResultsMetadata expansion result metadata.
type TriggerOperator ¶
type TriggerOperator string
TriggerOperator enumerates the values for trigger operator.
const ( // Equal ... Equal TriggerOperator = "Equal" // GreaterThan ... GreaterThan TriggerOperator = "GreaterThan" // LessThan ... LessThan TriggerOperator = "LessThan" // NotEqual ... NotEqual TriggerOperator = "NotEqual" )
func PossibleTriggerOperatorValues ¶
func PossibleTriggerOperatorValues() []TriggerOperator
PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.
type URLEntity ¶
type URLEntity struct { // URLEntityProperties - Url entity properties *URLEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice' Kind KindBasicEntity `json:"kind,omitempty"` }
URLEntity represents a url entity.
func (URLEntity) AsAccountEntity ¶
func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsAzureResourceEntity ¶
func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsBasicEntity ¶
func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsCloudApplicationEntity ¶
func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsFileEntity ¶
func (ue URLEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsFileHashEntity ¶
func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsHostEntity ¶
func (ue URLEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsHuntingBookmark ¶
func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool)
AsHuntingBookmark is the BasicEntity implementation for URLEntity.
func (URLEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsIoTDeviceEntity ¶
func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
AsIoTDeviceEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsMalwareEntity ¶
func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsProcessEntity ¶
func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsRegistryKeyEntity ¶
func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsRegistryValueEntity ¶
func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsSecurityAlert ¶
func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for URLEntity.
func (URLEntity) AsSecurityGroupEntity ¶
func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for URLEntity.
func (*URLEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for URLEntity struct.
type URLEntityProperties ¶
type URLEntityProperties struct { // URL - READ-ONLY; A full URL the entity points to URL *string `json:"url,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
URLEntityProperties url entity property bag.
func (URLEntityProperties) MarshalJSON ¶
func (uep URLEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for URLEntityProperties.
type Ueba ¶
type Ueba struct { // UebaProperties - Ueba properties *UebaProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba' Kind KindBasicSettings `json:"kind,omitempty"` }
Ueba settings with single toggle.
func (Ueba) AsBasicSettings ¶
func (u Ueba) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for Ueba.
func (Ueba) AsEntityAnalytics ¶
func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool)
AsEntityAnalytics is the BasicSettings implementation for Ueba.
func (Ueba) AsSettings ¶
AsSettings is the BasicSettings implementation for Ueba.
func (Ueba) MarshalJSON ¶
MarshalJSON is the custom marshaler for Ueba.
func (*Ueba) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Ueba struct.
type UebaDataSources ¶
type UebaDataSources string
UebaDataSources enumerates the values for ueba data sources.
const ( // AuditLogs ... AuditLogs UebaDataSources = "AuditLogs" // AzureActivity ... AzureActivity UebaDataSources = "AzureActivity" // SecurityEvent ... SecurityEvent UebaDataSources = "SecurityEvent" // SigninLogs ... SigninLogs UebaDataSources = "SigninLogs" )
func PossibleUebaDataSourcesValues ¶
func PossibleUebaDataSourcesValues() []UebaDataSources
PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type.
type UebaProperties ¶
type UebaProperties struct { // DataSources - The relevant data sources that enriched by ueba DataSources *[]UebaDataSources `json:"dataSources,omitempty"` }
UebaProperties ueba property bag.
type UserInfo ¶
type UserInfo struct { // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` // ObjectID - The object id of the user. ObjectID *uuid.UUID `json:"objectId,omitempty"` }
UserInfo user information that made some action
func (UserInfo) MarshalJSON ¶
MarshalJSON is the custom marshaler for UserInfo.
type Watchlist ¶
type Watchlist struct { autorest.Response `json:"-"` // WatchlistProperties - Watchlist properties *WatchlistProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Watchlist represents a Watchlist in Azure Security Insights.
func (Watchlist) MarshalJSON ¶
MarshalJSON is the custom marshaler for Watchlist.
func (*Watchlist) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Watchlist struct.
type WatchlistList ¶
type WatchlistList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of watchlists. NextLink *string `json:"nextLink,omitempty"` // Value - Array of watchlist. Value *[]Watchlist `json:"value,omitempty"` }
WatchlistList list all the watchlists.
func (WatchlistList) IsEmpty ¶
func (wl WatchlistList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (WatchlistList) MarshalJSON ¶
func (wl WatchlistList) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for WatchlistList.
type WatchlistListIterator ¶
type WatchlistListIterator struct {
// contains filtered or unexported fields
}
WatchlistListIterator provides access to a complete listing of Watchlist values.
func NewWatchlistListIterator ¶
func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator
Creates a new instance of the WatchlistListIterator type.
func (*WatchlistListIterator) Next ¶
func (iter *WatchlistListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*WatchlistListIterator) NextWithContext ¶
func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (WatchlistListIterator) NotDone ¶
func (iter WatchlistListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (WatchlistListIterator) Response ¶
func (iter WatchlistListIterator) Response() WatchlistList
Response returns the raw server response from the last page request.
func (WatchlistListIterator) Value ¶
func (iter WatchlistListIterator) Value() Watchlist
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type WatchlistListPage ¶
type WatchlistListPage struct {
// contains filtered or unexported fields
}
WatchlistListPage contains a page of Watchlist values.
func NewWatchlistListPage ¶
func NewWatchlistListPage(cur WatchlistList, getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage
Creates a new instance of the WatchlistListPage type.
func (*WatchlistListPage) Next ¶
func (page *WatchlistListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*WatchlistListPage) NextWithContext ¶
func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (WatchlistListPage) NotDone ¶
func (page WatchlistListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (WatchlistListPage) Response ¶
func (page WatchlistListPage) Response() WatchlistList
Response returns the raw server response from the last page request.
func (WatchlistListPage) Values ¶
func (page WatchlistListPage) Values() []Watchlist
Values returns the slice of values for the current page or nil if there are no values.
type WatchlistProperties ¶
type WatchlistProperties struct { // WatchlistID - The id (a Guid) of the watchlist WatchlistID *string `json:"watchlistId,omitempty"` // DisplayName - The display name of the watchlist DisplayName *string `json:"displayName,omitempty"` // Provider - The provider of the watchlist Provider *string `json:"provider,omitempty"` // Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage' Source Source `json:"source,omitempty"` // Created - The time the watchlist was created Created *date.Time `json:"created,omitempty"` // Updated - The last time the watchlist was updated Updated *date.Time `json:"updated,omitempty"` // CreatedBy - Describes a user that created the watchlist CreatedBy *UserInfo `json:"createdBy,omitempty"` // UpdatedBy - Describes a user that updated the watchlist UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // Description - A description of the watchlist Description *string `json:"description,omitempty"` // WatchlistType - The type of the watchlist WatchlistType *string `json:"watchlistType,omitempty"` // WatchlistAlias - The alias of the watchlist WatchlistAlias *string `json:"watchlistAlias,omitempty"` // IsDeleted - A flag that indicates if the watchlist is deleted or not IsDeleted *bool `json:"isDeleted,omitempty"` // Labels - List of labels relevant to this watchlist Labels *[]string `json:"labels,omitempty"` // DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format) DefaultDuration *string `json:"defaultDuration,omitempty"` // TenantID - The tenantId where the watchlist belongs to TenantID *string `json:"tenantId,omitempty"` // NumberOfLinesToSkip - The number of lines in a csv/tsv content to skip before the header NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"` // RawContent - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint RawContent *string `json:"rawContent,omitempty"` // ContentType - The content type of the raw content. Example : text/csv or text/tsv ContentType *string `json:"contentType,omitempty"` }
WatchlistProperties describes watchlist properties
type WatchlistsClient ¶
type WatchlistsClient struct {
BaseClient
}
WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewWatchlistsClient ¶
func NewWatchlistsClient(subscriptionID string) WatchlistsClient
NewWatchlistsClient creates an instance of the WatchlistsClient client.
func NewWatchlistsClientWithBaseURI ¶
func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient
NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).
func (WatchlistsClient) Create ¶
func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error)
Create creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlist - the watchlist
func (WatchlistsClient) CreatePreparer ¶
func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error)
CreatePreparer prepares the Create request.
func (WatchlistsClient) CreateResponder ¶
func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error)
CreateResponder handles the response to the Create request. The method always closes the http.Response Body.
func (WatchlistsClient) CreateSender ¶
CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.
func (WatchlistsClient) Delete ¶
func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error)
Delete delete a watchlist. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias
func (WatchlistsClient) DeletePreparer ¶
func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (WatchlistsClient) DeleteResponder ¶
func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (WatchlistsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (WatchlistsClient) Get ¶
func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error)
Get gets a watchlist, without its watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias
func (WatchlistsClient) GetPreparer ¶
func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)
GetPreparer prepares the Get request.
func (WatchlistsClient) GetResponder ¶
func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (WatchlistsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (WatchlistsClient) List ¶
func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error)
List gets all watchlists, without watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (WatchlistsClient) ListComplete ¶
func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (WatchlistsClient) ListPreparer ¶
func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (WatchlistsClient) ListResponder ¶
func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (WatchlistsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
Source Files ¶
- actions.go
- alertrules.go
- alertruletemplates.go
- bookmark.go
- bookmarkrelations.go
- bookmarks.go
- casecomments.go
- caserelations.go
- cases.go
- casesaggregations.go
- client.go
- comments.go
- dataconnectors.go
- dataconnectorscheckrequirements.go
- entities.go
- entitiesgettimeline.go
- entitiesrelations.go
- entityqueries.go
- entityrelations.go
- enums.go
- incidentcomments.go
- incidentrelations.go
- incidents.go
- models.go
- officeconsents.go
- operations.go
- productsettings.go
- threatintelligenceindicator.go
- threatintelligenceindicatormetrics.go
- threatintelligenceindicators.go
- version.go
- watchlists.go