securityinsight

package
v64.1.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2022 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package securityinsight implements the Azure ARM Securityinsight service API version 2021-09-01-preview.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Constants

View Source 
const (
	// DefaultBaseURI is the default URI used for the service Securityinsight
	DefaultBaseURI = "https://management.azure.com"
)

Variables

This section is empty.

Functions

func UserAgent 

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version 

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AADCheckRequirements 

type AADCheckRequirements struct {
	// AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.
	*AADCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AADCheckRequirements represents AAD (Azure Active Directory) requirements check request.

func (AADCheckRequirements) AsAADCheckRequirements 

func (acr AADCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAATPCheckRequirements 

func (acr AADCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsASCCheckRequirements 

func (acr AADCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr AADCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAwsS3CheckRequirements 

func (acr AADCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr AADCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr AADCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsDynamics365CheckRequirements 

func (acr AADCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMCASCheckRequirements 

func (acr AADCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMDATPCheckRequirements 

func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMSTICheckRequirements 

func (acr AADCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMtpCheckRequirements 

func (acr AADCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsOfficeATPCheckRequirements 

func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsOfficeIRMCheckRequirements 

func (acr AADCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTICheckRequirements 

func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr AADCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) MarshalJSON 

func (acr AADCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADCheckRequirements.

func (*AADCheckRequirements) UnmarshalJSON 

func (acr *AADCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADCheckRequirements struct.

type AADCheckRequirementsProperties 

type AADCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AADCheckRequirementsProperties AAD (Azure Active Directory) requirements check properties.

type AADDataConnector 

type AADDataConnector struct {
	// AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
	*AADDataConnectorProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector 

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector 

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector 

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector 

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsS3DataConnector 

func (adc AADDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector 

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsCodelessAPIPollingDataConnector 

func (adc AADDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsCodelessUIDataConnector 

func (adc AADDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector 

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDynamics365DataConnector 

func (adc AADDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector 

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector 

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMSTIDataConnector 

func (adc AADDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMTPDataConnector 

func (adc AADDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeATPDataConnector 

func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector 

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeIRMDataConnector 

func (adc AADDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector 

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTiTaxiiDataConnector 

func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPCheckRequirements 

type AATPCheckRequirements struct {
	// AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.
	*AATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AATPCheckRequirements represents AATP (Azure Advanced Threat Protection) requirements check request.

func (AATPCheckRequirements) AsAADCheckRequirements 

func (acr AATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAATPCheckRequirements 

func (acr AATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsASCCheckRequirements 

func (acr AATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr AATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAwsS3CheckRequirements 

func (acr AATPCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr AATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsDynamics365CheckRequirements 

func (acr AATPCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMCASCheckRequirements 

func (acr AATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMDATPCheckRequirements 

func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMSTICheckRequirements 

func (acr AATPCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMtpCheckRequirements 

func (acr AATPCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsOfficeATPCheckRequirements 

func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsOfficeIRMCheckRequirements 

func (acr AATPCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTICheckRequirements 

func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr AATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) MarshalJSON 

func (acr AATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPCheckRequirements.

func (*AATPCheckRequirements) UnmarshalJSON 

func (acr *AATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPCheckRequirements struct.

type AATPCheckRequirementsProperties 

type AATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AATPCheckRequirementsProperties AATP (Azure Advanced Threat Protection) requirements check properties.

type AATPDataConnector 

type AATPDataConnector struct {
	// AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
	*AATPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector 

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector 

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector 

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector 

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsS3DataConnector 

func (adc AATPDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector 

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsCodelessAPIPollingDataConnector 

func (adc AATPDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsCodelessUIDataConnector 

func (adc AATPDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector 

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDynamics365DataConnector 

func (adc AATPDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector 

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector 

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMSTIDataConnector 

func (adc AATPDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMTPDataConnector 

func (adc AATPDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeATPDataConnector 

func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector 

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeIRMDataConnector 

func (adc AATPDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector 

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTiTaxiiDataConnector 

func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type APIPollingParameters 

type APIPollingParameters struct {
	// ConnectorUIConfig - Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`
	// PollingConfig - Config to describe the polling instructions
	PollingConfig *CodelessConnectorPollingConfigProperties `json:"pollingConfig,omitempty"`
}

APIPollingParameters represents Codeless API Polling data connector

type ASCCheckRequirements 

type ASCCheckRequirements struct {
	// ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.
	*ASCCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

ASCCheckRequirements represents ASC (Azure Security Center) requirements check request.

func (ASCCheckRequirements) AsAADCheckRequirements 

func (acr ASCCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAATPCheckRequirements 

func (acr ASCCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsASCCheckRequirements 

func (acr ASCCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr ASCCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAwsS3CheckRequirements 

func (acr ASCCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr ASCCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsDynamics365CheckRequirements 

func (acr ASCCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMCASCheckRequirements 

func (acr ASCCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMDATPCheckRequirements 

func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMSTICheckRequirements 

func (acr ASCCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMtpCheckRequirements 

func (acr ASCCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsOfficeATPCheckRequirements 

func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsOfficeIRMCheckRequirements 

func (acr ASCCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTICheckRequirements 

func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr ASCCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) MarshalJSON 

func (acr ASCCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCCheckRequirements.

func (*ASCCheckRequirements) UnmarshalJSON 

func (acr *ASCCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCCheckRequirements struct.

type ASCCheckRequirementsProperties 

type ASCCheckRequirementsProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCCheckRequirementsProperties ASC (Azure Security Center) requirements check properties.

type ASCDataConnector 

type ASCDataConnector struct {
	// ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
	*ASCDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector 

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector 

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector 

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector 

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsS3DataConnector 

func (adc ASCDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector 

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsCodelessAPIPollingDataConnector 

func (adc ASCDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsCodelessUIDataConnector 

func (adc ASCDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector 

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDynamics365DataConnector 

func (adc ASCDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector 

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector 

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMSTIDataConnector 

func (adc ASCDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMTPDataConnector 

func (adc ASCDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeATPDataConnector 

func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector 

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeIRMDataConnector 

func (adc ASCDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector 

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTiTaxiiDataConnector 

func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.

type AccountEntity 

type AccountEntity struct {
	// AccountEntityProperties - Account entity properties
	*AccountEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AccountEntity represents an account entity.

func (AccountEntity) AsAccountEntity 

func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsAzureResourceEntity 

func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsBasicEntity 

func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsCloudApplicationEntity 

func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsDNSEntity 

func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsEntity 

func (ae AccountEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileEntity 

func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileHashEntity 

func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHostEntity 

func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHuntingBookmark 

func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIPEntity 

func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIoTDeviceEntity 

func (ae AccountEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMailClusterEntity 

func (ae AccountEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMailMessageEntity 

func (ae AccountEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMailboxEntity 

func (ae AccountEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMalwareEntity 

func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsProcessEntity 

func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryKeyEntity 

func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryValueEntity 

func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityAlert 

func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityGroupEntity 

func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSubmissionMailEntity 

func (ae AccountEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsURLEntity 

func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) MarshalJSON 

func (ae AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntity.

func (*AccountEntity) UnmarshalJSON 

func (ae *AccountEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AccountEntity struct.

type AccountEntityProperties 

type AccountEntityProperties struct {
	// AadTenantID - READ-ONLY; The Azure Active Directory tenant id.
	AadTenantID *string `json:"aadTenantId,omitempty"`
	// AadUserID - READ-ONLY; The Azure Active Directory user id.
	AadUserID *string `json:"aadUserId,omitempty"`
	// AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty"`
	// DisplayName - READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty"`
	// ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Puid - READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty"`
	// Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty"`
	// UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty"`
	// DNSDomain - READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AccountEntityProperties account entity property bag.

func (AccountEntityProperties) MarshalJSON 

func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntityProperties.

type ActionPropertiesBase 

type ActionPropertiesBase struct {
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionPropertiesBase action property bag base.

type ActionRequest 

type ActionRequest struct {
	// ActionRequestProperties - Action properties for put request
	*ActionRequestProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ActionRequest action for alert rule.

func (ActionRequest) MarshalJSON 

func (ar ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionRequest.

func (*ActionRequest) UnmarshalJSON 

func (ar *ActionRequest) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionRequest struct.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// TriggerURI - Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionRequestProperties action property bag.

type ActionResponse 

type ActionResponse struct {
	autorest.Response `json:"-"`
	// ActionResponseProperties - Action properties for get request
	*ActionResponseProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ActionResponse action for alert rule.

func (ActionResponse) MarshalJSON 

func (ar ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionResponse.

func (*ActionResponse) UnmarshalJSON 

func (ar *ActionResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionResponse struct.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// WorkflowID - The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionResponseProperties action property bag.

type ActionType 

type ActionType string

ActionType enumerates the values for action type. 

const (
	// ActionTypeAutomationRuleAction ...
	ActionTypeAutomationRuleAction ActionType = "AutomationRuleAction"
	// ActionTypeModifyProperties ...
	ActionTypeModifyProperties ActionType = "ModifyProperties"
	// ActionTypeRunPlaybook ...
	ActionTypeRunPlaybook ActionType = "RunPlaybook"
)

func PossibleActionTypeValues 

func PossibleActionTypeValues() []ActionType

PossibleActionTypeValues returns an array of possible values for the ActionType const type.

type ActionsClient 

type ActionsClient struct {
	BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient 

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI 

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ActionsClient) CreateOrUpdate 

func (client ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)

CreateOrUpdate creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (ActionsClient) CreateOrUpdatePreparer 

func (client ActionsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (ActionsClient) CreateOrUpdateResponder 

func (client ActionsClient) CreateOrUpdateResponder(resp *http.Response) (result ActionResponse, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (ActionsClient) CreateOrUpdateSender 

func (client ActionsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (ActionsClient) Delete 

func (client ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

Delete delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (ActionsClient) DeletePreparer 

func (client ActionsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ActionsClient) DeleteResponder 

func (client ActionsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ActionsClient) DeleteSender 

func (client ActionsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ActionsClient) Get 

func (client ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)

Get gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (ActionsClient) GetPreparer 

func (client ActionsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ActionsClient) GetResponder 

func (client ActionsClient) GetResponder(resp *http.Response) (result ActionResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ActionsClient) GetSender 

func (client ActionsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ActionsClient) ListByAlertRule 

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete 

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer 

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder 

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender 

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList 

type ActionsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of actions.
	Value *[]ActionResponse `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty 

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ActionsList) MarshalJSON 

func (al ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionsList.

type ActionsListIterator 

type ActionsListIterator struct {
	// contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of ActionResponse values.

func NewActionsListIterator 

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next 

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext 

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone 

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response 

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value 

func (iter ActionsListIterator) Value() ActionResponse

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage 

type ActionsListPage struct {
	// contains filtered or unexported fields
}

ActionsListPage contains a page of ActionResponse values.

func NewActionsListPage 

func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next 

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext 

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone 

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response 

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values 

func (page ActionsListPage) Values() []ActionResponse

Values returns the slice of values for the current page or nil if there are no values.

type ActivityCustomEntityQuery 

type ActivityCustomEntityQuery struct {
	// ActivityEntityQueriesProperties - Activity entity query properties
	*ActivityEntityQueriesProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicCustomEntityQueryKindCustomEntityQuery', 'KindBasicCustomEntityQueryKindActivity'
	Kind KindBasicCustomEntityQuery `json:"kind,omitempty"`
}

ActivityCustomEntityQuery represents Activity entity query.

func (ActivityCustomEntityQuery) AsActivityCustomEntityQuery 

func (aceq ActivityCustomEntityQuery) AsActivityCustomEntityQuery() (*ActivityCustomEntityQuery, bool)

AsActivityCustomEntityQuery is the BasicCustomEntityQuery implementation for ActivityCustomEntityQuery.

func (ActivityCustomEntityQuery) AsBasicCustomEntityQuery 

func (aceq ActivityCustomEntityQuery) AsBasicCustomEntityQuery() (BasicCustomEntityQuery, bool)

AsBasicCustomEntityQuery is the BasicCustomEntityQuery implementation for ActivityCustomEntityQuery.

func (ActivityCustomEntityQuery) AsCustomEntityQuery 

func (aceq ActivityCustomEntityQuery) AsCustomEntityQuery() (*CustomEntityQuery, bool)

AsCustomEntityQuery is the BasicCustomEntityQuery implementation for ActivityCustomEntityQuery.

func (ActivityCustomEntityQuery) MarshalJSON 

func (aceq ActivityCustomEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityCustomEntityQuery.

func (*ActivityCustomEntityQuery) UnmarshalJSON 

func (aceq *ActivityCustomEntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActivityCustomEntityQuery struct.

type ActivityEntityQueriesProperties 

type ActivityEntityQueriesProperties struct {
	// Title - The entity query title
	Title *string `json:"title,omitempty"`
	// Content - The entity query content to display in timeline
	Content *string `json:"content,omitempty"`
	// Description - The entity query description
	Description *string `json:"description,omitempty"`
	// QueryDefinitions - The Activity query definitions
	QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark', 'EntityTypeMailCluster', 'EntityTypeMailMessage', 'EntityTypeMailbox', 'EntityTypeSubmissionMail'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// RequiredInputFieldsSets - List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"`
	// EntitiesFilter - The query applied only to entities matching to all filters
	EntitiesFilter map[string][]string `json:"entitiesFilter"`
	// TemplateName - The template id this activity was created from
	TemplateName *string `json:"templateName,omitempty"`
	// Enabled - Determines whether this activity is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the activity was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the activity was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
}

ActivityEntityQueriesProperties describes activity entity query properties

func (ActivityEntityQueriesProperties) MarshalJSON 

func (aeqp ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityEntityQueriesProperties.

type ActivityEntityQueriesPropertiesQueryDefinitions 

type ActivityEntityQueriesPropertiesQueryDefinitions struct {
	// Query - The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`
}

ActivityEntityQueriesPropertiesQueryDefinitions the Activity query definitions

type ActivityEntityQuery 

type ActivityEntityQuery struct {
	// ActivityEntityQueriesProperties - Activity entity query properties
	*ActivityEntityQueriesProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityQueryKindEntityQuery', 'KindBasicEntityQueryKindExpansion', 'KindBasicEntityQueryKindActivity'
	Kind KindBasicEntityQuery `json:"kind,omitempty"`
}

ActivityEntityQuery represents Activity entity query.

func (ActivityEntityQuery) AsActivityEntityQuery 

func (aeq ActivityEntityQuery) AsActivityEntityQuery() (*ActivityEntityQuery, bool)

AsActivityEntityQuery is the BasicEntityQuery implementation for ActivityEntityQuery.

func (ActivityEntityQuery) AsBasicEntityQuery 

func (aeq ActivityEntityQuery) AsBasicEntityQuery() (BasicEntityQuery, bool)

AsBasicEntityQuery is the BasicEntityQuery implementation for ActivityEntityQuery.

func (ActivityEntityQuery) AsEntityQuery 

func (aeq ActivityEntityQuery) AsEntityQuery() (*EntityQuery, bool)

AsEntityQuery is the BasicEntityQuery implementation for ActivityEntityQuery.

func (ActivityEntityQuery) AsExpansionEntityQuery 

func (aeq ActivityEntityQuery) AsExpansionEntityQuery() (*ExpansionEntityQuery, bool)

AsExpansionEntityQuery is the BasicEntityQuery implementation for ActivityEntityQuery.

func (ActivityEntityQuery) MarshalJSON 

func (aeq ActivityEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityEntityQuery.

func (*ActivityEntityQuery) UnmarshalJSON 

func (aeq *ActivityEntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActivityEntityQuery struct.

type ActivityEntityQueryTemplate 

type ActivityEntityQueryTemplate struct {
	// ActivityEntityQueryTemplateProperties - Activity entity query properties
	*ActivityEntityQueryTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityQueryTemplateKindEntityQueryTemplate', 'KindBasicEntityQueryTemplateKindActivity'
	Kind KindBasicEntityQueryTemplate `json:"kind,omitempty"`
}

ActivityEntityQueryTemplate represents Activity entity query.

func (ActivityEntityQueryTemplate) AsActivityEntityQueryTemplate 

func (aeqt ActivityEntityQueryTemplate) AsActivityEntityQueryTemplate() (*ActivityEntityQueryTemplate, bool)

AsActivityEntityQueryTemplate is the BasicEntityQueryTemplate implementation for ActivityEntityQueryTemplate.

func (ActivityEntityQueryTemplate) AsBasicEntityQueryTemplate 

func (aeqt ActivityEntityQueryTemplate) AsBasicEntityQueryTemplate() (BasicEntityQueryTemplate, bool)

AsBasicEntityQueryTemplate is the BasicEntityQueryTemplate implementation for ActivityEntityQueryTemplate.

func (ActivityEntityQueryTemplate) AsEntityQueryTemplate 

func (aeqt ActivityEntityQueryTemplate) AsEntityQueryTemplate() (*EntityQueryTemplate, bool)

AsEntityQueryTemplate is the BasicEntityQueryTemplate implementation for ActivityEntityQueryTemplate.

func (ActivityEntityQueryTemplate) MarshalJSON 

func (aeqt ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityEntityQueryTemplate.

func (*ActivityEntityQueryTemplate) UnmarshalJSON 

func (aeqt *ActivityEntityQueryTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActivityEntityQueryTemplate struct.

type ActivityEntityQueryTemplateProperties 

type ActivityEntityQueryTemplateProperties struct {
	// Title - The entity query title
	Title *string `json:"title,omitempty"`
	// Content - The entity query content to display in timeline
	Content *string `json:"content,omitempty"`
	// Description - The entity query description
	Description *string `json:"description,omitempty"`
	// QueryDefinitions - The Activity query definitions
	QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`
	// DataTypes - List of required data types for the given entity query template
	DataTypes *[]DataTypeDefinitions `json:"dataTypes,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark', 'EntityTypeMailCluster', 'EntityTypeMailMessage', 'EntityTypeMailbox', 'EntityTypeSubmissionMail'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// RequiredInputFieldsSets - List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"`
	// EntitiesFilter - The query applied only to entities matching to all filters
	EntitiesFilter map[string][]string `json:"entitiesFilter"`
}

ActivityEntityQueryTemplateProperties describes activity entity query properties

func (ActivityEntityQueryTemplateProperties) MarshalJSON 

func (aeqtp ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityEntityQueryTemplateProperties.

type ActivityEntityQueryTemplatePropertiesQueryDefinitions 

type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct {
	// Query - The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`
	// SummarizeBy - The dimensions we want to summarize the timeline results on, this is comma separated list
	SummarizeBy *string `json:"summarizeBy,omitempty"`
}

ActivityEntityQueryTemplatePropertiesQueryDefinitions the Activity query definitions

type ActivityTimelineItem 

type ActivityTimelineItem struct {
	// QueryID - The activity query id.
	QueryID *string `json:"queryId,omitempty"`
	// BucketStartTimeUTC - The grouping bucket start time.
	BucketStartTimeUTC *date.Time `json:"bucketStartTimeUTC,omitempty"`
	// BucketEndTimeUTC - The grouping bucket end time.
	BucketEndTimeUTC *date.Time `json:"bucketEndTimeUTC,omitempty"`
	// FirstActivityTimeUTC - The time of the first activity in the grouping bucket.
	FirstActivityTimeUTC *date.Time `json:"firstActivityTimeUTC,omitempty"`
	// LastActivityTimeUTC - The time of the last activity in the grouping bucket.
	LastActivityTimeUTC *date.Time `json:"lastActivityTimeUTC,omitempty"`
	// Content - The activity timeline content.
	Content *string `json:"content,omitempty"`
	// Title - The activity timeline title.
	Title *string `json:"title,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindBookmark', 'KindBasicEntityTimelineItemKindSecurityAlert'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

ActivityTimelineItem represents Activity timeline item.

func (ActivityTimelineItem) AsActivityTimelineItem 

func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBasicEntityTimelineItem 

func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBookmarkTimelineItem 

func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsEntityTimelineItem 

func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsSecurityAlertTimelineItem 

func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) MarshalJSON 

func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityTimelineItem.

type AlertDetail 

type AlertDetail string

AlertDetail enumerates the values for alert detail. 

const (
	// AlertDetailDisplayName Alert display name
	AlertDetailDisplayName AlertDetail = "DisplayName"
	// AlertDetailSeverity Alert severity
	AlertDetailSeverity AlertDetail = "Severity"
)

func PossibleAlertDetailValues 

func PossibleAlertDetailValues() []AlertDetail

PossibleAlertDetailValues returns an array of possible values for the AlertDetail const type.

type AlertDetailsOverride 

type AlertDetailsOverride struct {
	// AlertDisplayNameFormat - the format containing columns name(s) to override the alert name
	AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"`
	// AlertDescriptionFormat - the format containing columns name(s) to override the alert description
	AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"`
	// AlertTacticsColumnName - the column name to take the alert tactics from
	AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"`
	// AlertSeverityColumnName - the column name to take the alert severity from
	AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"`
}

AlertDetailsOverride settings for how to dynamically override alert static details

type AlertRule 

type AlertRule struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule 

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule 

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsFusionAlertRule 

func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMLBehaviorAnalyticsAlertRule 

func (ar AlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsNrtAlertRule 

func (ar AlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule 

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsThreatIntelligenceAlertRule 

func (ar AlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON 

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind. 

const (
	// AlertRuleKindFusion ...
	AlertRuleKindFusion AlertRuleKind = "Fusion"
	// AlertRuleKindMicrosoftSecurityIncidentCreation ...
	AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	// AlertRuleKindMLBehaviorAnalytics ...
	AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics"
	// AlertRuleKindNRT ...
	AlertRuleKindNRT AlertRuleKind = "NRT"
	// AlertRuleKindScheduled ...
	AlertRuleKindScheduled AlertRuleKind = "Scheduled"
	// AlertRuleKindThreatIntelligence ...
	AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleModel 

type AlertRuleModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON 

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate 

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate 

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate 

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (art AlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsNrtAlertRuleTemplate 

func (art AlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (art AlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON 

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// ConnectorID - The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`
	// DataTypes - The data types used by the alert rule template
	DataTypes *[]string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource alert rule template data sources

type AlertRuleTemplateModel 

type AlertRuleTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON 

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatePropertiesBase 

type AlertRuleTemplatePropertiesBase struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

AlertRuleTemplatePropertiesBase base alert rule template property bag.

func (AlertRuleTemplatePropertiesBase) MarshalJSON 

func (artpb AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatePropertiesBase.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI 

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRuleTemplatesClient) Get 

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer 

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder 

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender 

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List 

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete 

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer 

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder 

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender 

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rule templates.
	Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty 

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRuleTemplatesList) MarshalJSON 

func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator 

type AlertRuleTemplatesListIterator struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator 

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next 

func (iter *AlertRuleTemplatesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext 

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone 

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response 

func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value 

func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage 

type AlertRuleTemplatesListPage struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage 

func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next 

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext 

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone 

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response 

func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values 

func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient 

type AlertRulesClient struct {
	BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI 

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRulesClient) CreateOrUpdate 

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdatePreparer 

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder 

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender 

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete 

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeletePreparer 

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder 

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender 

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get 

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetPreparer 

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder 

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender 

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List 

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete 

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer 

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder 

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender 

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList 

type AlertRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rules.
	Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty 

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRulesList) MarshalJSON 

func (arl AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator 

type AlertRulesListIterator struct {
	// contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator 

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next 

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext 

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone 

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response 

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value 

func (iter AlertRulesListIterator) Value() BasicAlertRule

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage 

type AlertRulesListPage struct {
	// contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage 

func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next 

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext 

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone 

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response 

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values 

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity 

type AlertSeverity string

AlertSeverity enumerates the values for alert severity. 

const (
	// AlertSeverityHigh High severity
	AlertSeverityHigh AlertSeverity = "High"
	// AlertSeverityInformational Informational severity
	AlertSeverityInformational AlertSeverity = "Informational"
	// AlertSeverityLow Low severity
	AlertSeverityLow AlertSeverity = "Low"
	// AlertSeverityMedium Medium severity
	AlertSeverityMedium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertStatus 

type AlertStatus string

AlertStatus enumerates the values for alert status. 

const (
	// AlertStatusDismissed Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues 

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// Alerts - Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type Anomalies 

type Anomalies struct {
	// AnomaliesSettingsProperties - Anomalies properties
	*AnomaliesSettingsProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
	// Kind - Possible values include: 'KindBasicSettingsKindSettings', 'KindBasicSettingsKindAnomalies', 'KindBasicSettingsKindEyesOn', 'KindBasicSettingsKindEntityAnalytics', 'KindBasicSettingsKindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Anomalies settings with single toggle.

func (Anomalies) AsAnomalies 

func (a Anomalies) AsAnomalies() (*Anomalies, bool)

AsAnomalies is the BasicSettings implementation for Anomalies.

func (Anomalies) AsBasicSettings 

func (a Anomalies) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Anomalies.

func (Anomalies) AsEntityAnalytics 

func (a Anomalies) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Anomalies.

func (Anomalies) AsEyesOn 

func (a Anomalies) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Anomalies.

func (Anomalies) AsSettings 

func (a Anomalies) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Anomalies.

func (Anomalies) AsUeba 

func (a Anomalies) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Anomalies.

func (Anomalies) MarshalJSON 

func (a Anomalies) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Anomalies.

func (*Anomalies) UnmarshalJSON 

func (a *Anomalies) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Anomalies struct.

type AnomaliesSettingsProperties 

type AnomaliesSettingsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

AnomaliesSettingsProperties anomalies property bag.

func (AnomaliesSettingsProperties) MarshalJSON 

func (asp AnomaliesSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AnomaliesSettingsProperties.

type AntispamMailDirection 

type AntispamMailDirection string

AntispamMailDirection enumerates the values for antispam mail direction. 

const (
	// AntispamMailDirectionInbound Inbound
	AntispamMailDirectionInbound AntispamMailDirection = "Inbound"
	// AntispamMailDirectionIntraorg Intraorg
	AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg"
	// AntispamMailDirectionOutbound Outbound
	AntispamMailDirectionOutbound AntispamMailDirection = "Outbound"
	// AntispamMailDirectionUnknown Unknown
	AntispamMailDirectionUnknown AntispamMailDirection = "Unknown"
)

func PossibleAntispamMailDirectionValues 

func PossibleAntispamMailDirectionValues() []AntispamMailDirection

PossibleAntispamMailDirectionValues returns an array of possible values for the AntispamMailDirection const type.

type AttackTactic 

type AttackTactic string

AttackTactic enumerates the values for attack tactic. 

const (
	// AttackTacticCollection ...
	AttackTacticCollection AttackTactic = "Collection"
	// AttackTacticCommandAndControl ...
	AttackTacticCommandAndControl AttackTactic = "CommandAndControl"
	// AttackTacticCredentialAccess ...
	AttackTacticCredentialAccess AttackTactic = "CredentialAccess"
	// AttackTacticDefenseEvasion ...
	AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion"
	// AttackTacticDiscovery ...
	AttackTacticDiscovery AttackTactic = "Discovery"
	// AttackTacticExecution ...
	AttackTacticExecution AttackTactic = "Execution"
	// AttackTacticExfiltration ...
	AttackTacticExfiltration AttackTactic = "Exfiltration"
	// AttackTacticImpact ...
	AttackTacticImpact AttackTactic = "Impact"
	// AttackTacticInitialAccess ...
	AttackTacticInitialAccess AttackTactic = "InitialAccess"
	// AttackTacticLateralMovement ...
	AttackTacticLateralMovement AttackTactic = "LateralMovement"
	// AttackTacticPersistence ...
	AttackTacticPersistence AttackTactic = "Persistence"
	// AttackTacticPreAttack ...
	AttackTacticPreAttack AttackTactic = "PreAttack"
	// AttackTacticPrivilegeEscalation ...
	AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AutomationRule 

type AutomationRule struct {
	autorest.Response `json:"-"`
	// AutomationRuleProperties - Automation rule properties
	*AutomationRuleProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AutomationRule represents an automation rule.

func (AutomationRule) MarshalJSON 

func (ar AutomationRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRule.

func (*AutomationRule) UnmarshalJSON 

func (ar *AutomationRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AutomationRule struct.

type AutomationRuleAction 

type AutomationRuleAction struct {
	// Order - The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
	// ActionType - Possible values include: 'ActionTypeAutomationRuleAction', 'ActionTypeRunPlaybook', 'ActionTypeModifyProperties'
	ActionType ActionType `json:"actionType,omitempty"`
}

AutomationRuleAction describes an automation rule action

func (AutomationRuleAction) AsAutomationRuleAction 

func (ara AutomationRuleAction) AsAutomationRuleAction() (*AutomationRuleAction, bool)

AsAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleAction.

func (AutomationRuleAction) AsAutomationRuleModifyPropertiesAction 

func (ara AutomationRuleAction) AsAutomationRuleModifyPropertiesAction() (*AutomationRuleModifyPropertiesAction, bool)

AsAutomationRuleModifyPropertiesAction is the BasicAutomationRuleAction implementation for AutomationRuleAction.

func (AutomationRuleAction) AsAutomationRuleRunPlaybookAction 

func (ara AutomationRuleAction) AsAutomationRuleRunPlaybookAction() (*AutomationRuleRunPlaybookAction, bool)

AsAutomationRuleRunPlaybookAction is the BasicAutomationRuleAction implementation for AutomationRuleAction.

func (AutomationRuleAction) AsBasicAutomationRuleAction 

func (ara AutomationRuleAction) AsBasicAutomationRuleAction() (BasicAutomationRuleAction, bool)

AsBasicAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleAction.

func (AutomationRuleAction) MarshalJSON 

func (ara AutomationRuleAction) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRuleAction.

type AutomationRuleCondition 

type AutomationRuleCondition struct {
	// ConditionType - Possible values include: 'ConditionTypeAutomationRuleCondition', 'ConditionTypeProperty'
	ConditionType ConditionType `json:"conditionType,omitempty"`
}

AutomationRuleCondition describes an automation rule condition

func (AutomationRuleCondition) AsAutomationRuleCondition 

func (arc AutomationRuleCondition) AsAutomationRuleCondition() (*AutomationRuleCondition, bool)

AsAutomationRuleCondition is the BasicAutomationRuleCondition implementation for AutomationRuleCondition.

func (AutomationRuleCondition) AsAutomationRulePropertyValuesCondition 

func (arc AutomationRuleCondition) AsAutomationRulePropertyValuesCondition() (*AutomationRulePropertyValuesCondition, bool)

AsAutomationRulePropertyValuesCondition is the BasicAutomationRuleCondition implementation for AutomationRuleCondition.

func (AutomationRuleCondition) AsBasicAutomationRuleCondition 

func (arc AutomationRuleCondition) AsBasicAutomationRuleCondition() (BasicAutomationRuleCondition, bool)

AsBasicAutomationRuleCondition is the BasicAutomationRuleCondition implementation for AutomationRuleCondition.

func (AutomationRuleCondition) MarshalJSON 

func (arc AutomationRuleCondition) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRuleCondition.

type AutomationRuleModifyPropertiesAction 

type AutomationRuleModifyPropertiesAction struct {
	// ActionConfiguration - The configuration of the modify properties automation rule action
	ActionConfiguration *AutomationRuleModifyPropertiesActionActionConfiguration `json:"actionConfiguration,omitempty"`
	// Order - The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
	// ActionType - Possible values include: 'ActionTypeAutomationRuleAction', 'ActionTypeRunPlaybook', 'ActionTypeModifyProperties'
	ActionType ActionType `json:"actionType,omitempty"`
}

AutomationRuleModifyPropertiesAction describes an automation rule action to modify an object's properties

func (AutomationRuleModifyPropertiesAction) AsAutomationRuleAction 

func (armpa AutomationRuleModifyPropertiesAction) AsAutomationRuleAction() (*AutomationRuleAction, bool)

AsAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) AsAutomationRuleModifyPropertiesAction 

func (armpa AutomationRuleModifyPropertiesAction) AsAutomationRuleModifyPropertiesAction() (*AutomationRuleModifyPropertiesAction, bool)

AsAutomationRuleModifyPropertiesAction is the BasicAutomationRuleAction implementation for AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) AsAutomationRuleRunPlaybookAction 

func (armpa AutomationRuleModifyPropertiesAction) AsAutomationRuleRunPlaybookAction() (*AutomationRuleRunPlaybookAction, bool)

AsAutomationRuleRunPlaybookAction is the BasicAutomationRuleAction implementation for AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) AsBasicAutomationRuleAction 

func (armpa AutomationRuleModifyPropertiesAction) AsBasicAutomationRuleAction() (BasicAutomationRuleAction, bool)

AsBasicAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) MarshalJSON 

func (armpa AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRuleModifyPropertiesAction.

type AutomationRuleModifyPropertiesActionActionConfiguration 

type AutomationRuleModifyPropertiesActionActionConfiguration struct {
	// Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUndetermined', 'IncidentClassificationTruePositive', 'IncidentClassificationBenignPositive', 'IncidentClassificationFalsePositive'
	Classification IncidentClassification `json:"classification,omitempty"`
	// ClassificationComment - Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`
	// ClassificationReason - The classification reason the incident was closed with. Possible values include: 'IncidentClassificationReasonSuspiciousActivity', 'IncidentClassificationReasonSuspiciousButExpected', 'IncidentClassificationReasonIncorrectAlertLogic', 'IncidentClassificationReasonInaccurateData'
	ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"`
	// Labels - List of labels to add to the incident
	Labels *[]IncidentLabel `json:"labels,omitempty"`
	// Owner - Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed'
	Status IncidentStatus `json:"status,omitempty"`
}

AutomationRuleModifyPropertiesActionActionConfiguration the configuration of the modify properties automation rule action

type AutomationRuleProperties 

type AutomationRuleProperties struct {
	// DisplayName - The display name of the automation  rule
	DisplayName *string `json:"displayName,omitempty"`
	// Order - The order of execution of the automation rule
	Order *int32 `json:"order,omitempty"`
	// TriggeringLogic - The triggering logic of the automation rule
	TriggeringLogic *AutomationRuleTriggeringLogic `json:"triggeringLogic,omitempty"`
	// Actions - The actions to execute when the automation rule is triggered
	Actions *[]BasicAutomationRuleAction `json:"actions,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the automation rule was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the automation rule was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// CreatedBy - READ-ONLY; Describes the client that created the automation rule
	CreatedBy *ClientInfo `json:"createdBy,omitempty"`
	// LastModifiedBy - READ-ONLY; Describes the client that last updated the automation rule
	LastModifiedBy *ClientInfo `json:"lastModifiedBy,omitempty"`
}

AutomationRuleProperties describes automation rule properties

func (AutomationRuleProperties) MarshalJSON 

func (arp AutomationRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRuleProperties.

func (*AutomationRuleProperties) UnmarshalJSON 

func (arp *AutomationRuleProperties) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AutomationRuleProperties struct.

type AutomationRulePropertyConditionSupportedOperator 

type AutomationRulePropertyConditionSupportedOperator string

AutomationRulePropertyConditionSupportedOperator enumerates the values for automation rule property condition supported operator. 

const (
	// AutomationRulePropertyConditionSupportedOperatorContains Evaluates if the property contains at least one
	// of the condition values
	AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains"
	// AutomationRulePropertyConditionSupportedOperatorEndsWith Evaluates if the property ends with any of the
	// condition values
	AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith"
	// AutomationRulePropertyConditionSupportedOperatorEquals Evaluates if the property equals at least one of
	// the condition values
	AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals"
	// AutomationRulePropertyConditionSupportedOperatorNotContains Evaluates if the property does not contain
	// any of the condition values
	AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains"
	// AutomationRulePropertyConditionSupportedOperatorNotEndsWith Evaluates if the property does not end with
	// any of the condition values
	AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith"
	// AutomationRulePropertyConditionSupportedOperatorNotEquals Evaluates if the property does not equal any
	// of the condition values
	AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals"
	// AutomationRulePropertyConditionSupportedOperatorNotStartsWith Evaluates if the property does not start
	// with any of the condition values
	AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith"
	// AutomationRulePropertyConditionSupportedOperatorStartsWith Evaluates if the property starts with any of
	// the condition values
	AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith"
)

func PossibleAutomationRulePropertyConditionSupportedOperatorValues 

func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator

PossibleAutomationRulePropertyConditionSupportedOperatorValues returns an array of possible values for the AutomationRulePropertyConditionSupportedOperator const type.

type AutomationRulePropertyConditionSupportedProperty 

type AutomationRulePropertyConditionSupportedProperty string

AutomationRulePropertyConditionSupportedProperty enumerates the values for automation rule property condition supported property. 

const (
	// AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID The account Azure Active Directory
	// tenant id
	AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId"
	// AutomationRulePropertyConditionSupportedPropertyAccountAadUserID The account Azure Active Directory user
	// id.
	AutomationRulePropertyConditionSupportedPropertyAccountAadUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId"
	// AutomationRulePropertyConditionSupportedPropertyAccountName The account name
	AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName"
	// AutomationRulePropertyConditionSupportedPropertyAccountNTDomain The account NetBIOS domain name
	AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID The account unique identifier
	AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid"
	// AutomationRulePropertyConditionSupportedPropertyAccountPUID The account Azure Active Directory Passport
	// User ID
	AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID"
	// AutomationRulePropertyConditionSupportedPropertyAccountSid The account security identifier
	AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid"
	// AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix The account user principal name suffix
	AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID The Azure resource id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID The Azure resource
	// subscription id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID The cloud application identifier
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName The cloud application name
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName"
	// AutomationRulePropertyConditionSupportedPropertyDNSDomainName The dns record domain name
	AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName"
	// AutomationRulePropertyConditionSupportedPropertyFileDirectory The file directory full path
	AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory"
	// AutomationRulePropertyConditionSupportedPropertyFileHashValue The file hash value
	AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue"
	// AutomationRulePropertyConditionSupportedPropertyFileName The file name without path
	AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName"
	// AutomationRulePropertyConditionSupportedPropertyHostAzureID The host Azure resource id
	AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID"
	// AutomationRulePropertyConditionSupportedPropertyHostName The host name without domain
	AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName"
	// AutomationRulePropertyConditionSupportedPropertyHostNetBiosName The host NetBIOS name
	AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName"
	// AutomationRulePropertyConditionSupportedPropertyHostNTDomain The host NT domain
	AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyHostOSVersion The host operating system
	AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion"
	// AutomationRulePropertyConditionSupportedPropertyIncidentDescription The description of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription"
	// AutomationRulePropertyConditionSupportedPropertyIncidentProviderName The provider name of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName"
	// AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds The related Analytic rule
	// ids of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds"
	// AutomationRulePropertyConditionSupportedPropertyIncidentSeverity The severity of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity"
	// AutomationRulePropertyConditionSupportedPropertyIncidentStatus The status of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTactics The tactics of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTitle The title of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceID The IoT device id
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel The IoT device model
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceName The IoT device name
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem The IoT device operating system
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceType The IoT device type
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor The IoT device vendor
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor"
	// AutomationRulePropertyConditionSupportedPropertyIPAddress The IP address
	AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress"
	// AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName The mailbox display name
	AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName"
	// AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress The mailbox primary address
	AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress"
	// AutomationRulePropertyConditionSupportedPropertyMailboxUPN The mailbox user principal name
	AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction The mail message delivery
	// action
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation The mail message delivery
	// location
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender The mail message P1 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender The mail message P2 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient The mail message recipient
	AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP The mail message sender IP address
	AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSubject The mail message subject
	AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject"
	// AutomationRulePropertyConditionSupportedPropertyMalwareCategory The malware category
	AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory"
	// AutomationRulePropertyConditionSupportedPropertyMalwareName The malware name
	AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName"
	// AutomationRulePropertyConditionSupportedPropertyProcessCommandLine The process execution command line
	AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine"
	// AutomationRulePropertyConditionSupportedPropertyProcessID The process id
	AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId"
	// AutomationRulePropertyConditionSupportedPropertyRegistryKey The registry key path
	AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey"
	// AutomationRulePropertyConditionSupportedPropertyRegistryValueData The registry key value in string
	// formatted representation
	AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData"
	// AutomationRulePropertyConditionSupportedPropertyURL The url
	AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url"
)

func PossibleAutomationRulePropertyConditionSupportedPropertyValues 

func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty

PossibleAutomationRulePropertyConditionSupportedPropertyValues returns an array of possible values for the AutomationRulePropertyConditionSupportedProperty const type.

type AutomationRulePropertyValuesCondition 

type AutomationRulePropertyValuesCondition struct {
	// ConditionProperties - The configuration of the automation rule condition
	ConditionProperties *AutomationRulePropertyValuesConditionConditionProperties `json:"conditionProperties,omitempty"`
	// ConditionType - Possible values include: 'ConditionTypeAutomationRuleCondition', 'ConditionTypeProperty'
	ConditionType ConditionType `json:"conditionType,omitempty"`
}

AutomationRulePropertyValuesCondition describes an automation rule condition that evaluates a property's value

func (AutomationRulePropertyValuesCondition) AsAutomationRuleCondition 

func (arpvc AutomationRulePropertyValuesCondition) AsAutomationRuleCondition() (*AutomationRuleCondition, bool)

AsAutomationRuleCondition is the BasicAutomationRuleCondition implementation for AutomationRulePropertyValuesCondition.

func (AutomationRulePropertyValuesCondition) AsAutomationRulePropertyValuesCondition 

func (arpvc AutomationRulePropertyValuesCondition) AsAutomationRulePropertyValuesCondition() (*AutomationRulePropertyValuesCondition, bool)

AsAutomationRulePropertyValuesCondition is the BasicAutomationRuleCondition implementation for AutomationRulePropertyValuesCondition.

func (AutomationRulePropertyValuesCondition) AsBasicAutomationRuleCondition 

func (arpvc AutomationRulePropertyValuesCondition) AsBasicAutomationRuleCondition() (BasicAutomationRuleCondition, bool)

AsBasicAutomationRuleCondition is the BasicAutomationRuleCondition implementation for AutomationRulePropertyValuesCondition.

func (AutomationRulePropertyValuesCondition) MarshalJSON 

func (arpvc AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRulePropertyValuesCondition.

type AutomationRulePropertyValuesConditionConditionProperties 

type AutomationRulePropertyValuesConditionConditionProperties struct {
	// PropertyName - The property to evaluate. Possible values include: 'AutomationRulePropertyConditionSupportedPropertyIncidentTitle', 'AutomationRulePropertyConditionSupportedPropertyIncidentDescription', 'AutomationRulePropertyConditionSupportedPropertyIncidentSeverity', 'AutomationRulePropertyConditionSupportedPropertyIncidentStatus', 'AutomationRulePropertyConditionSupportedPropertyIncidentTactics', 'AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds', 'AutomationRulePropertyConditionSupportedPropertyIncidentProviderName', 'AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID', 'AutomationRulePropertyConditionSupportedPropertyAccountAadUserID', 'AutomationRulePropertyConditionSupportedPropertyAccountName', 'AutomationRulePropertyConditionSupportedPropertyAccountNTDomain', 'AutomationRulePropertyConditionSupportedPropertyAccountPUID', 'AutomationRulePropertyConditionSupportedPropertyAccountSid', 'AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID', 'AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix', 'AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID', 'AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID', 'AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID', 'AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName', 'AutomationRulePropertyConditionSupportedPropertyDNSDomainName', 'AutomationRulePropertyConditionSupportedPropertyFileDirectory', 'AutomationRulePropertyConditionSupportedPropertyFileName', 'AutomationRulePropertyConditionSupportedPropertyFileHashValue', 'AutomationRulePropertyConditionSupportedPropertyHostAzureID', 'AutomationRulePropertyConditionSupportedPropertyHostName', 'AutomationRulePropertyConditionSupportedPropertyHostNetBiosName', 'AutomationRulePropertyConditionSupportedPropertyHostNTDomain', 'AutomationRulePropertyConditionSupportedPropertyHostOSVersion', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceID', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceName', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceType', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel', 'AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem', 'AutomationRulePropertyConditionSupportedPropertyIPAddress', 'AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName', 'AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress', 'AutomationRulePropertyConditionSupportedPropertyMailboxUPN', 'AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction', 'AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation', 'AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient', 'AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP', 'AutomationRulePropertyConditionSupportedPropertyMailMessageSubject', 'AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender', 'AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender', 'AutomationRulePropertyConditionSupportedPropertyMalwareCategory', 'AutomationRulePropertyConditionSupportedPropertyMalwareName', 'AutomationRulePropertyConditionSupportedPropertyProcessCommandLine', 'AutomationRulePropertyConditionSupportedPropertyProcessID', 'AutomationRulePropertyConditionSupportedPropertyRegistryKey', 'AutomationRulePropertyConditionSupportedPropertyRegistryValueData', 'AutomationRulePropertyConditionSupportedPropertyURL'
	PropertyName AutomationRulePropertyConditionSupportedProperty `json:"propertyName,omitempty"`
	// Operator - The operator to use for evaluation the condition. Possible values include: 'AutomationRulePropertyConditionSupportedOperatorEquals', 'AutomationRulePropertyConditionSupportedOperatorNotEquals', 'AutomationRulePropertyConditionSupportedOperatorContains', 'AutomationRulePropertyConditionSupportedOperatorNotContains', 'AutomationRulePropertyConditionSupportedOperatorStartsWith', 'AutomationRulePropertyConditionSupportedOperatorNotStartsWith', 'AutomationRulePropertyConditionSupportedOperatorEndsWith', 'AutomationRulePropertyConditionSupportedOperatorNotEndsWith'
	Operator AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"`
	// PropertyValues - The values to use for evaluating the condition
	PropertyValues *[]string `json:"propertyValues,omitempty"`
}

AutomationRulePropertyValuesConditionConditionProperties the configuration of the automation rule condition

type AutomationRuleRunPlaybookAction 

type AutomationRuleRunPlaybookAction struct {
	// ActionConfiguration - The configuration of the run playbook automation rule action
	ActionConfiguration *AutomationRuleRunPlaybookActionActionConfiguration `json:"actionConfiguration,omitempty"`
	// Order - The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
	// ActionType - Possible values include: 'ActionTypeAutomationRuleAction', 'ActionTypeRunPlaybook', 'ActionTypeModifyProperties'
	ActionType ActionType `json:"actionType,omitempty"`
}

AutomationRuleRunPlaybookAction describes an automation rule action to run a playbook

func (AutomationRuleRunPlaybookAction) AsAutomationRuleAction 

func (arrpa AutomationRuleRunPlaybookAction) AsAutomationRuleAction() (*AutomationRuleAction, bool)

AsAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) AsAutomationRuleModifyPropertiesAction 

func (arrpa AutomationRuleRunPlaybookAction) AsAutomationRuleModifyPropertiesAction() (*AutomationRuleModifyPropertiesAction, bool)

AsAutomationRuleModifyPropertiesAction is the BasicAutomationRuleAction implementation for AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) AsAutomationRuleRunPlaybookAction 

func (arrpa AutomationRuleRunPlaybookAction) AsAutomationRuleRunPlaybookAction() (*AutomationRuleRunPlaybookAction, bool)

AsAutomationRuleRunPlaybookAction is the BasicAutomationRuleAction implementation for AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) AsBasicAutomationRuleAction 

func (arrpa AutomationRuleRunPlaybookAction) AsBasicAutomationRuleAction() (BasicAutomationRuleAction, bool)

AsBasicAutomationRuleAction is the BasicAutomationRuleAction implementation for AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) MarshalJSON 

func (arrpa AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRuleRunPlaybookAction.

type AutomationRuleRunPlaybookActionActionConfiguration 

type AutomationRuleRunPlaybookActionActionConfiguration struct {
	// LogicAppResourceID - The resource id of the playbook resource
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
	// TenantID - The tenant id of the playbook resource
	TenantID *string `json:"tenantId,omitempty"`
}

AutomationRuleRunPlaybookActionActionConfiguration the configuration of the run playbook automation rule action

type AutomationRuleTriggeringLogic 

type AutomationRuleTriggeringLogic struct {
	// IsEnabled - Determines whether the automation rule is enabled or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
	// ExpirationTimeUtc - Determines when the automation rule should automatically expire and be disabled.
	ExpirationTimeUtc *date.Time `json:"expirationTimeUtc,omitempty"`
	// TriggersOn - The type of object the automation rule triggers on
	TriggersOn *string `json:"triggersOn,omitempty"`
	// TriggersWhen - The type of event the automation rule triggers on
	TriggersWhen *string `json:"triggersWhen,omitempty"`
	// Conditions - The conditions to evaluate to determine if the automation rule should be triggered on a given object
	Conditions *[]BasicAutomationRuleCondition `json:"conditions,omitempty"`
}

AutomationRuleTriggeringLogic describes automation rule triggering logic

func (*AutomationRuleTriggeringLogic) UnmarshalJSON 

func (artl *AutomationRuleTriggeringLogic) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AutomationRuleTriggeringLogic struct.

type AutomationRulesClient 

type AutomationRulesClient struct {
	BaseClient
}

AutomationRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAutomationRulesClient 

func NewAutomationRulesClient(subscriptionID string) AutomationRulesClient

NewAutomationRulesClient creates an instance of the AutomationRulesClient client.

func NewAutomationRulesClientWithBaseURI 

func NewAutomationRulesClientWithBaseURI(baseURI string, subscriptionID string) AutomationRulesClient

NewAutomationRulesClientWithBaseURI creates an instance of the AutomationRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AutomationRulesClient) CreateOrUpdate 

func (client AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, automationRule AutomationRule) (result AutomationRule, err error)

CreateOrUpdate creates or updates the automation rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. automationRuleID - automation rule ID automationRule - the automation rule

func (AutomationRulesClient) CreateOrUpdatePreparer 

func (client AutomationRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, automationRule AutomationRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AutomationRulesClient) CreateOrUpdateResponder 

func (client AutomationRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AutomationRule, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AutomationRulesClient) CreateOrUpdateSender 

func (client AutomationRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AutomationRulesClient) Delete 

func (client AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string) (result autorest.Response, err error)

Delete delete the automation rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. automationRuleID - automation rule ID

func (AutomationRulesClient) DeletePreparer 

func (client AutomationRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AutomationRulesClient) DeleteResponder 

func (client AutomationRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AutomationRulesClient) DeleteSender 

func (client AutomationRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AutomationRulesClient) Get 

func (client AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string) (result AutomationRule, err error)

Get gets the automation rule. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. automationRuleID - automation rule ID

func (AutomationRulesClient) GetPreparer 

func (client AutomationRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AutomationRulesClient) GetResponder 

func (client AutomationRulesClient) GetResponder(resp *http.Response) (result AutomationRule, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AutomationRulesClient) GetSender 

func (client AutomationRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AutomationRulesClient) List 

func (client AutomationRulesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AutomationRulesListPage, err error)

List gets all automation rules. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (AutomationRulesClient) ListComplete 

func (client AutomationRulesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AutomationRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AutomationRulesClient) ListPreparer 

func (client AutomationRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AutomationRulesClient) ListResponder 

func (client AutomationRulesClient) ListResponder(resp *http.Response) (result AutomationRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AutomationRulesClient) ListSender 

func (client AutomationRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AutomationRulesList 

type AutomationRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of automation rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of automation rules.
	Value *[]AutomationRule `json:"value,omitempty"`
}

AutomationRulesList list all the automation rules.

func (AutomationRulesList) IsEmpty 

func (arl AutomationRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AutomationRulesList) MarshalJSON 

func (arl AutomationRulesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AutomationRulesList.

type AutomationRulesListIterator 

type AutomationRulesListIterator struct {
	// contains filtered or unexported fields
}

AutomationRulesListIterator provides access to a complete listing of AutomationRule values.

func NewAutomationRulesListIterator 

func NewAutomationRulesListIterator(page AutomationRulesListPage) AutomationRulesListIterator

Creates a new instance of the AutomationRulesListIterator type.

func (*AutomationRulesListIterator) Next 

func (iter *AutomationRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AutomationRulesListIterator) NextWithContext 

func (iter *AutomationRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AutomationRulesListIterator) NotDone 

func (iter AutomationRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AutomationRulesListIterator) Response 

func (iter AutomationRulesListIterator) Response() AutomationRulesList

Response returns the raw server response from the last page request.

func (AutomationRulesListIterator) Value 

func (iter AutomationRulesListIterator) Value() AutomationRule

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AutomationRulesListPage 

type AutomationRulesListPage struct {
	// contains filtered or unexported fields
}

AutomationRulesListPage contains a page of AutomationRule values.

func NewAutomationRulesListPage 

func NewAutomationRulesListPage(cur AutomationRulesList, getNextPage func(context.Context, AutomationRulesList) (AutomationRulesList, error)) AutomationRulesListPage

Creates a new instance of the AutomationRulesListPage type.

func (*AutomationRulesListPage) Next 

func (page *AutomationRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AutomationRulesListPage) NextWithContext 

func (page *AutomationRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AutomationRulesListPage) NotDone 

func (page AutomationRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AutomationRulesListPage) Response 

func (page AutomationRulesListPage) Response() AutomationRulesList

Response returns the raw server response from the last page request.

func (AutomationRulesListPage) Values 

func (page AutomationRulesListPage) Values() []AutomationRule

Values returns the slice of values for the current page or nil if there are no values.

type Availability 

type Availability struct {
	// Status - The connector Availability Status
	Status *int32 `json:"status,omitempty"`
	// IsPreview - Set connector as preview
	IsPreview *bool `json:"isPreview,omitempty"`
}

Availability connector Availability Status

type AwsCloudTrailCheckRequirements 

type AwsCloudTrailCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request.

func (AwsCloudTrailCheckRequirements) AsAADCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsASCCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAwsS3CheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsDynamics365CheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMCASCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMSTICheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMtpCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsOfficeIRMCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTICheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) MarshalJSON 

func (actcr AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailCheckRequirements.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector 

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsS3DataConnector 

func (actdc AwsCloudTrailDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector 

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsCodelessAPIPollingDataConnector 

func (actdc AwsCloudTrailDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsCodelessUIDataConnector 

func (actdc AwsCloudTrailDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector 

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDynamics365DataConnector 

func (actdc AwsCloudTrailDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMSTIDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMTPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeIRMDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector 

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTiTaxiiDataConnector 

func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type AwsS3CheckRequirements 

type AwsS3CheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AwsS3CheckRequirements amazon Web Services S3 requirements check request.

func (AwsS3CheckRequirements) AsAADCheckRequirements 

func (ascr AwsS3CheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsAATPCheckRequirements 

func (ascr AwsS3CheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsASCCheckRequirements 

func (ascr AwsS3CheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsAwsCloudTrailCheckRequirements 

func (ascr AwsS3CheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsAwsS3CheckRequirements 

func (ascr AwsS3CheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (ascr AwsS3CheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsDataConnectorsCheckRequirements 

func (ascr AwsS3CheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsDynamics365CheckRequirements 

func (ascr AwsS3CheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsMCASCheckRequirements 

func (ascr AwsS3CheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsMDATPCheckRequirements 

func (ascr AwsS3CheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsMSTICheckRequirements 

func (ascr AwsS3CheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsMtpCheckRequirements 

func (ascr AwsS3CheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsOfficeATPCheckRequirements 

func (ascr AwsS3CheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsOfficeIRMCheckRequirements 

func (ascr AwsS3CheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsTICheckRequirements 

func (ascr AwsS3CheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) AsTiTaxiiCheckRequirements 

func (ascr AwsS3CheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsS3CheckRequirements.

func (AwsS3CheckRequirements) MarshalJSON 

func (ascr AwsS3CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsS3CheckRequirements.

type AwsS3DataConnector 

type AwsS3DataConnector struct {
	// AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties.
	*AwsS3DataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AwsS3DataConnector represents Amazon Web Services S3 data connector.

func (AwsS3DataConnector) AsAADDataConnector 

func (asdc AwsS3DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsAATPDataConnector 

func (asdc AwsS3DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsASCDataConnector 

func (asdc AwsS3DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsAwsCloudTrailDataConnector 

func (asdc AwsS3DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsAwsS3DataConnector 

func (asdc AwsS3DataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsBasicDataConnector 

func (asdc AwsS3DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsCodelessAPIPollingDataConnector 

func (asdc AwsS3DataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsCodelessUIDataConnector 

func (asdc AwsS3DataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsDataConnector 

func (asdc AwsS3DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsDynamics365DataConnector 

func (asdc AwsS3DataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsMCASDataConnector 

func (asdc AwsS3DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsMDATPDataConnector 

func (asdc AwsS3DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsMSTIDataConnector 

func (asdc AwsS3DataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsMTPDataConnector 

func (asdc AwsS3DataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsOfficeATPDataConnector 

func (asdc AwsS3DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsOfficeDataConnector 

func (asdc AwsS3DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsOfficeIRMDataConnector 

func (asdc AwsS3DataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsTIDataConnector 

func (asdc AwsS3DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) AsTiTaxiiDataConnector 

func (asdc AwsS3DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsS3DataConnector.

func (AwsS3DataConnector) MarshalJSON 

func (asdc AwsS3DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsS3DataConnector.

func (*AwsS3DataConnector) UnmarshalJSON 

func (asdc *AwsS3DataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsS3DataConnector struct.

type AwsS3DataConnectorDataTypes 

type AwsS3DataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsS3DataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsS3DataConnectorDataTypes the available data types for Amazon Web Services S3 data connector.

type AwsS3DataConnectorDataTypesLogs 

type AwsS3DataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsS3DataConnectorDataTypesLogs logs data type.

type AwsS3DataConnectorProperties 

type AwsS3DataConnectorProperties struct {
	// DestinationTable - The logs destination table name in LogAnalytics.
	DestinationTable *string `json:"destinationTable,omitempty"`
	// SqsUrls - The AWS sqs urls for the connector.
	SqsUrls *[]string `json:"sqsUrls,omitempty"`
	// RoleArn - The Aws Role Arn that is used to access the Aws account.
	RoleArn *string `json:"roleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsS3DataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsS3DataConnectorProperties amazon Web Services S3 data connector properties.

type AzureEntityResource 

type AzureEntityResource struct {
	// Etag - READ-ONLY; Resource Etag.
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AzureEntityResource the resource model definition for an Azure Resource Manager resource with an etag.

func (AzureEntityResource) MarshalJSON 

func (aer AzureEntityResource) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureEntityResource.

type AzureResourceEntity 

type AzureResourceEntity struct {
	// AzureResourceEntityProperties - AzureResource entity properties
	*AzureResourceEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

AzureResourceEntity represents an azure resource entity.

func (AzureResourceEntity) AsAccountEntity 

func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsAzureResourceEntity 

func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsBasicEntity 

func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsCloudApplicationEntity 

func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsDNSEntity 

func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsEntity 

func (are AzureResourceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileEntity 

func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileHashEntity 

func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHostEntity 

func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHuntingBookmark 

func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIPEntity 

func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIoTDeviceEntity 

func (are AzureResourceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMailClusterEntity 

func (are AzureResourceEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMailMessageEntity 

func (are AzureResourceEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMailboxEntity 

func (are AzureResourceEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMalwareEntity 

func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsProcessEntity 

func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryKeyEntity 

func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryValueEntity 

func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityAlert 

func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityGroupEntity 

func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSubmissionMailEntity 

func (are AzureResourceEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsURLEntity 

func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON 

func (are AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON 

func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.

type AzureResourceEntityProperties 

type AzureResourceEntityProperties struct {
	// ResourceID - READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty"`
	// SubscriptionID - READ-ONLY; The subscription id of the resource
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AzureResourceEntityProperties azureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON 

func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntityProperties.

type BaseClient 

type BaseClient struct {
	autorest.Client
	BaseURI        string
	SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New 

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI 

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

type BasicAlertRule 

type BasicAlertRule interface {
	AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)
	AsFusionAlertRule() (*FusionAlertRule, bool)
	AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)
	AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
	AsScheduledAlertRule() (*ScheduledAlertRule, bool)
	AsNrtAlertRule() (*NrtAlertRule, bool)
	AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate 

type BasicAlertRuleTemplate interface {
	AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)
	AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
	AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)
	AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
	AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
	AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)
	AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicAutomationRuleAction 

type BasicAutomationRuleAction interface {
	AsAutomationRuleRunPlaybookAction() (*AutomationRuleRunPlaybookAction, bool)
	AsAutomationRuleModifyPropertiesAction() (*AutomationRuleModifyPropertiesAction, bool)
	AsAutomationRuleAction() (*AutomationRuleAction, bool)
}

BasicAutomationRuleAction describes an automation rule action

type BasicAutomationRuleCondition 

type BasicAutomationRuleCondition interface {
	AsAutomationRulePropertyValuesCondition() (*AutomationRulePropertyValuesCondition, bool)
	AsAutomationRuleCondition() (*AutomationRuleCondition, bool)
}

BasicAutomationRuleCondition describes an automation rule condition

type BasicCustomEntityQuery 

type BasicCustomEntityQuery interface {
	AsActivityCustomEntityQuery() (*ActivityCustomEntityQuery, bool)
	AsCustomEntityQuery() (*CustomEntityQuery, bool)
}

BasicCustomEntityQuery specific entity query that supports put requests.

type BasicDataConnector 

type BasicDataConnector interface {
	AsAADDataConnector() (*AADDataConnector, bool)
	AsMSTIDataConnector() (*MSTIDataConnector, bool)
	AsMTPDataConnector() (*MTPDataConnector, bool)
	AsAATPDataConnector() (*AATPDataConnector, bool)
	AsASCDataConnector() (*ASCDataConnector, bool)
	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
	AsAwsS3DataConnector() (*AwsS3DataConnector, bool)
	AsMCASDataConnector() (*MCASDataConnector, bool)
	AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)
	AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
	AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)
	AsMDATPDataConnector() (*MDATPDataConnector, bool)
	AsOfficeDataConnector() (*OfficeDataConnector, bool)
	AsTIDataConnector() (*TIDataConnector, bool)
	AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
	AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)
	AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)
	AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector

type BasicDataConnectorsCheckRequirements 

type BasicDataConnectorsCheckRequirements interface {
	AsAADCheckRequirements() (*AADCheckRequirements, bool)
	AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
	AsASCCheckRequirements() (*ASCCheckRequirements, bool)
	AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
	AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)
	AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)
	AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
	AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
	AsMSTICheckRequirements() (*MSTICheckRequirements, bool)
	AsMtpCheckRequirements() (*MtpCheckRequirements, bool)
	AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
	AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)
	AsTICheckRequirements() (*TICheckRequirements, bool)
	AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
	AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
}

BasicDataConnectorsCheckRequirements data connector requirements properties.

type BasicEntity 

type BasicEntity interface {
	AsURLEntity() (*URLEntity, bool)
	AsSubmissionMailEntity() (*SubmissionMailEntity, bool)
	AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
	AsSecurityAlert() (*SecurityAlert, bool)
	AsRegistryValueEntity() (*RegistryValueEntity, bool)
	AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
	AsProcessEntity() (*ProcessEntity, bool)
	AsMalwareEntity() (*MalwareEntity, bool)
	AsMailMessageEntity() (*MailMessageEntity, bool)
	AsMailClusterEntity() (*MailClusterEntity, bool)
	AsMailboxEntity() (*MailboxEntity, bool)
	AsIPEntity() (*IPEntity, bool)
	AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
	AsHuntingBookmark() (*HuntingBookmark, bool)
	AsHostEntity() (*HostEntity, bool)
	AsFileHashEntity() (*FileHashEntity, bool)
	AsFileEntity() (*FileEntity, bool)
	AsDNSEntity() (*DNSEntity, bool)
	AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
	AsAzureResourceEntity() (*AzureResourceEntity, bool)
	AsAccountEntity() (*AccountEntity, bool)
	AsEntity() (*Entity, bool)
}

BasicEntity specific entity.

type BasicEntityQuery 

type BasicEntityQuery interface {
	AsExpansionEntityQuery() (*ExpansionEntityQuery, bool)
	AsActivityEntityQuery() (*ActivityEntityQuery, bool)
	AsEntityQuery() (*EntityQuery, bool)
}

BasicEntityQuery specific entity query.

type BasicEntityQueryItem 

type BasicEntityQueryItem interface {
	AsInsightQueryItem() (*InsightQueryItem, bool)
	AsEntityQueryItem() (*EntityQueryItem, bool)
}

BasicEntityQueryItem an abstract Query item for entity

type BasicEntityQueryTemplate 

type BasicEntityQueryTemplate interface {
	AsActivityEntityQueryTemplate() (*ActivityEntityQueryTemplate, bool)
	AsEntityQueryTemplate() (*EntityQueryTemplate, bool)
}

BasicEntityQueryTemplate specific entity query template.

type BasicEntityTimelineItem 

type BasicEntityTimelineItem interface {
	AsActivityTimelineItem() (*ActivityTimelineItem, bool)
	AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
	AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
	AsEntityTimelineItem() (*EntityTimelineItem, bool)
}

BasicEntityTimelineItem entity timeline Item.

type BasicSettings 

type BasicSettings interface {
	AsAnomalies() (*Anomalies, bool)
	AsEyesOn() (*EyesOn, bool)
	AsEntityAnalytics() (*EntityAnalytics, bool)
	AsUeba() (*Ueba, bool)
	AsSettings() (*Settings, bool)
}

BasicSettings the Setting.

type BasicThreatIntelligenceInformation 

type BasicThreatIntelligenceInformation interface {
	AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
	AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
}

BasicThreatIntelligenceInformation threat intelligence information object.

type Bookmark 

type Bookmark struct {
	autorest.Response `json:"-"`
	// BookmarkProperties - Bookmark properties
	*BookmarkProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON 

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON 

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkClient 

type BookmarkClient struct {
	BaseClient
}

BookmarkClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkClient 

func NewBookmarkClient(subscriptionID string) BookmarkClient

NewBookmarkClient creates an instance of the BookmarkClient client.

func NewBookmarkClientWithBaseURI 

func NewBookmarkClientWithBaseURI(baseURI string, subscriptionID string) BookmarkClient

NewBookmarkClientWithBaseURI creates an instance of the BookmarkClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkClient) Expand 

func (client BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (result BookmarkExpandResponse, err error)

Expand expand an bookmark Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID parameters - the parameters required to execute an expand operation on the given bookmark.

func (BookmarkClient) ExpandPreparer 

func (client BookmarkClient) ExpandPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (BookmarkClient) ExpandResponder 

func (client BookmarkClient) ExpandResponder(resp *http.Response) (result BookmarkExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (BookmarkClient) ExpandSender 

func (client BookmarkClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

type BookmarkExpandParameters 

type BookmarkExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

BookmarkExpandParameters the parameters required to execute an expand operation on the given bookmark.

type BookmarkExpandResponse 

type BookmarkExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *BookmarkExpandResponseValue `json:"value,omitempty"`
}

BookmarkExpandResponse the entity expansion result operation response.

type BookmarkExpandResponseValue 

type BookmarkExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
	// Edges - Array of expansion result connected entities
	Edges *[]ConnectedEntity `json:"edges,omitempty"`
}

BookmarkExpandResponseValue the expansion result values.

func (*BookmarkExpandResponseValue) UnmarshalJSON 

func (ber *BookmarkExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for BookmarkExpandResponseValue struct.

type BookmarkList 

type BookmarkList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of bookmarks.
	Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty 

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (BookmarkList) MarshalJSON 

func (bl BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkList.

type BookmarkListIterator 

type BookmarkListIterator struct {
	// contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator 

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next 

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext 

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone 

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response 

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value 

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage 

type BookmarkListPage struct {
	// contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage 

func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next 

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext 

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone 

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response 

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values 

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties 

type BookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// EventTime - The bookmark event time
	EventTime *date.Time `json:"eventTime,omitempty"`
	// QueryStartTime - The start time for the query
	QueryStartTime *date.Time `json:"queryStartTime,omitempty"`
	// QueryEndTime - The end time for the query
	QueryEndTime *date.Time `json:"queryEndTime,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarkRelationsClient 

type BookmarkRelationsClient struct {
	BaseClient
}

BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkRelationsClient 

func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.

func NewBookmarkRelationsClientWithBaseURI 

func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkRelationsClient) CreateOrUpdate 

func (client BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdate creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relation - the relation model

func (BookmarkRelationsClient) CreateOrUpdatePreparer 

func (client BookmarkRelationsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarkRelationsClient) CreateOrUpdateResponder 

func (client BookmarkRelationsClient) CreateOrUpdateResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) CreateOrUpdateSender 

func (client BookmarkRelationsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) Delete 

func (client BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)

Delete delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) DeletePreparer 

func (client BookmarkRelationsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarkRelationsClient) DeleteResponder 

func (client BookmarkRelationsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) DeleteSender 

func (client BookmarkRelationsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) Get 

func (client BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string) (result Relation, err error)

Get gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) GetPreparer 

func (client BookmarkRelationsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarkRelationsClient) GetResponder 

func (client BookmarkRelationsClient) GetResponder(resp *http.Response) (result Relation, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) GetSender 

func (client BookmarkRelationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) List 

func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (BookmarkRelationsClient) ListComplete 

func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarkRelationsClient) ListPreparer 

func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarkRelationsClient) ListResponder 

func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) ListSender 

func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type BookmarkTimelineItem 

type BookmarkTimelineItem struct {
	// AzureResourceID - The bookmark azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// DisplayName - The bookmark display name.
	DisplayName *string `json:"displayName,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// EndTimeUtc - The bookmark end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - The bookmark start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// EventTime - The bookmark event time.
	EventTime *date.Time `json:"eventTime,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindBookmark', 'KindBasicEntityTimelineItemKindSecurityAlert'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

BookmarkTimelineItem represents bookmark timeline item.

func (BookmarkTimelineItem) AsActivityTimelineItem 

func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBasicEntityTimelineItem 

func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBookmarkTimelineItem 

func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsEntityTimelineItem 

func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsSecurityAlertTimelineItem 

func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) MarshalJSON 

func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkTimelineItem.

type BookmarksClient 

type BookmarksClient struct {
	BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI 

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarksClient) CreateOrUpdate 

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer 

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder 

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender 

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete 

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer 

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder 

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender 

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get 

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer 

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder 

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender 

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List 

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete 

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer 

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder 

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender 

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ClientInfo 

type ClientInfo struct {
	// Email - The email of the client.
	Email *string `json:"email,omitempty"`
	// Name - The name of the client.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the client.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo information on the client (user or application) that made some action

type CloudApplicationEntity 

type CloudApplicationEntity struct {
	// CloudApplicationEntityProperties - CloudApplication entity properties
	*CloudApplicationEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

CloudApplicationEntity represents a cloud application entity.

func (CloudApplicationEntity) AsAccountEntity 

func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsAzureResourceEntity 

func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsBasicEntity 

func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsCloudApplicationEntity 

func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsDNSEntity 

func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsEntity 

func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileEntity 

func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileHashEntity 

func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHostEntity 

func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHuntingBookmark 

func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIPEntity 

func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIoTDeviceEntity 

func (cae CloudApplicationEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMailClusterEntity 

func (cae CloudApplicationEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMailMessageEntity 

func (cae CloudApplicationEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMailboxEntity 

func (cae CloudApplicationEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMalwareEntity 

func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsProcessEntity 

func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryKeyEntity 

func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryValueEntity 

func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityAlert 

func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityGroupEntity 

func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSubmissionMailEntity 

func (cae CloudApplicationEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsURLEntity 

func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON 

func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON 

func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.

type CloudApplicationEntityProperties 

type CloudApplicationEntityProperties struct {
	// AppID - READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty"`
	// AppName - READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty"`
	// InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

CloudApplicationEntityProperties cloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON 

func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.

type CloudError 

type CloudError struct {
	// Error - Error data
	Error *CloudErrorBody `json:"error,omitempty"`
}

CloudError error response structure.

type CloudErrorBody 

type CloudErrorBody struct {
	// Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody error details.

func (CloudErrorBody) MarshalJSON 

func (ceb CloudErrorBody) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudErrorBody.

type CodelessAPIPollingDataConnector 

type CodelessAPIPollingDataConnector struct {
	// APIPollingParameters - Codeless poling data connector properties
	*APIPollingParameters `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

CodelessAPIPollingDataConnector represents Codeless API Polling data connector.

func (CodelessAPIPollingDataConnector) AsAADDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsAATPDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsASCDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsAwsCloudTrailDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsAwsS3DataConnector 

func (capdc CodelessAPIPollingDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsBasicDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsCodelessAPIPollingDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsCodelessUIDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsDynamics365DataConnector 

func (capdc CodelessAPIPollingDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsMCASDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsMDATPDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsMSTIDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsMTPDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsOfficeATPDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsOfficeDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsOfficeIRMDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsTIDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) AsTiTaxiiDataConnector 

func (capdc CodelessAPIPollingDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) MarshalJSON 

func (capdc CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CodelessAPIPollingDataConnector.

func (*CodelessAPIPollingDataConnector) UnmarshalJSON 

func (capdc *CodelessAPIPollingDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CodelessAPIPollingDataConnector struct.

type CodelessConnectorPollingAuthProperties 

type CodelessConnectorPollingAuthProperties struct {
	// AuthType - The authentication type
	AuthType *string `json:"authType,omitempty"`
	// APIKeyName - The header name which the token is sent with
	APIKeyName *string `json:"apiKeyName,omitempty"`
	// APIKeyIdentifier - A prefix send in the header before the actual token
	APIKeyIdentifier *string `json:"apiKeyIdentifier,omitempty"`
	// IsAPIKeyInPostPayload - Marks if the key should sent in header
	IsAPIKeyInPostPayload *string `json:"isApiKeyInPostPayload,omitempty"`
	// FlowName - Describes the flow name, for example 'AuthCode' for Oauth 2.0
	FlowName *string `json:"flowName,omitempty"`
	// TokenEndpoint - The endpoint used to issue a token, used in Oauth 2.0 flow
	TokenEndpoint *string `json:"tokenEndpoint,omitempty"`
	// AuthorizationEndpoint - The endpoint used to authorize the user, used in Oauth 2.0 flow
	AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"`
	// AuthorizationEndpointQueryParameters - The query parameters used in authorization request, used in Oauth 2.0 flow
	AuthorizationEndpointQueryParameters interface{} `json:"authorizationEndpointQueryParameters,omitempty"`
	// RedirectionEndpoint - The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow
	RedirectionEndpoint *string `json:"redirectionEndpoint,omitempty"`
	// TokenEndpointHeaders - The query headers used in token request, used in Oauth 2.0 flow
	TokenEndpointHeaders interface{} `json:"tokenEndpointHeaders,omitempty"`
	// TokenEndpointQueryParameters - The query parameters used in token request, used in Oauth 2.0 flow
	TokenEndpointQueryParameters interface{} `json:"tokenEndpointQueryParameters,omitempty"`
	// IsClientSecretInHeader - Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow
	IsClientSecretInHeader *bool `json:"isClientSecretInHeader,omitempty"`
	// Scope - The OAuth token scope
	Scope *string `json:"scope,omitempty"`
}

CodelessConnectorPollingAuthProperties describe the authentication properties needed to successfully authenticate with the server

type CodelessConnectorPollingConfigProperties 

type CodelessConnectorPollingConfigProperties struct {
	// IsActive - The poller active status
	IsActive *bool `json:"isActive,omitempty"`
	// Auth - Describe the authentication type of the poller
	Auth *CodelessConnectorPollingAuthProperties `json:"auth,omitempty"`
	// Request - Describe the poll request config parameters of the poller
	Request *CodelessConnectorPollingRequestProperties `json:"request,omitempty"`
	// Paging - Describe the poll request paging config of the poller
	Paging *CodelessConnectorPollingPagingProperties `json:"paging,omitempty"`
	// Response - Describe the response config parameters of the poller
	Response *CodelessConnectorPollingResponseProperties `json:"response,omitempty"`
}

CodelessConnectorPollingConfigProperties config to describe the polling config for API poller connector

type CodelessConnectorPollingPagingProperties 

type CodelessConnectorPollingPagingProperties struct {
	// PagingType - Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'
	PagingType *string `json:"pagingType,omitempty"`
	// NextPageParaName - Defines the name of a next page attribute
	NextPageParaName *string `json:"nextPageParaName,omitempty"`
	// NextPageTokenJSONPath - Defines the path to a next page token JSON
	NextPageTokenJSONPath *string `json:"nextPageTokenJsonPath,omitempty"`
	// PageCountAttributePath - Defines the path to a page count attribute
	PageCountAttributePath *string `json:"pageCountAttributePath,omitempty"`
	// PageTotalCountAttributePath - Defines the path to a page total count attribute
	PageTotalCountAttributePath *string `json:"pageTotalCountAttributePath,omitempty"`
	// PageTimeStampAttributePath - Defines the path to a paging time stamp attribute
	PageTimeStampAttributePath *string `json:"pageTimeStampAttributePath,omitempty"`
	// SearchTheLatestTimeStampFromEventsList - Determines whether to search for the latest time stamp in the events list
	SearchTheLatestTimeStampFromEventsList *string `json:"searchTheLatestTimeStampFromEventsList,omitempty"`
	// PageSizeParaName - Defines the name of the page size parameter
	PageSizeParaName *string `json:"pageSizeParaName,omitempty"`
	// PageSize - Defines the paging size
	PageSize *int32 `json:"pageSize,omitempty"`
}

CodelessConnectorPollingPagingProperties describe the properties needed to make a pagination call

type CodelessConnectorPollingRequestProperties 

type CodelessConnectorPollingRequestProperties struct {
	// APIEndpoint - Describe the endpoint we should pull the data from
	APIEndpoint *string `json:"apiEndpoint,omitempty"`
	// RateLimitQPS - Defines the rate limit QPS
	RateLimitQPS *int32 `json:"rateLimitQps,omitempty"`
	// QueryWindowInMin - The window interval we will use the pull the data
	QueryWindowInMin *int32 `json:"queryWindowInMin,omitempty"`
	// HTTPMethod - The http method type we will use in the poll request, GET or POST
	HTTPMethod *string `json:"httpMethod,omitempty"`
	// QueryTimeFormat - The time format will be used the query events in a specific window
	QueryTimeFormat *string `json:"queryTimeFormat,omitempty"`
	// RetryCount - Describe the amount of time we should try and poll the data in case of failure
	RetryCount *int32 `json:"retryCount,omitempty"`
	// TimeoutInSeconds - The number of seconds we will consider as a request timeout
	TimeoutInSeconds *int32 `json:"timeoutInSeconds,omitempty"`
	// Headers - Describe the headers sent in the poll request
	Headers interface{} `json:"headers,omitempty"`
	// QueryParameters - Describe the query parameters sent in the poll request
	QueryParameters interface{} `json:"queryParameters,omitempty"`
	// QueryParametersTemplate - For advanced scenarios for example user name/password embedded in nested JSON payload
	QueryParametersTemplate *string `json:"queryParametersTemplate,omitempty"`
	// StartTimeAttributeName - This will be used the query events from a start of the time window
	StartTimeAttributeName *string `json:"startTimeAttributeName,omitempty"`
	// EndTimeAttributeName - This will be used the query events from the end of the time window
	EndTimeAttributeName *string `json:"endTimeAttributeName,omitempty"`
}

CodelessConnectorPollingRequestProperties describe the request properties needed to successfully pull from the server

type CodelessConnectorPollingResponseProperties 

type CodelessConnectorPollingResponseProperties struct {
	// EventsJSONPaths - Describes the path we should extract the data in the response
	EventsJSONPaths *[]string `json:"eventsJsonPaths,omitempty"`
	// SuccessStatusJSONPath - Describes the path we should extract the status code in the response
	SuccessStatusJSONPath *string `json:"successStatusJsonPath,omitempty"`
	// SuccessStatusValue - Describes the path we should extract the status value in the response
	SuccessStatusValue *string `json:"successStatusValue,omitempty"`
	// IsGzipCompressed - Describes if the data in the response is Gzip
	IsGzipCompressed *bool `json:"isGzipCompressed,omitempty"`
}

CodelessConnectorPollingResponseProperties describes the response from the external server

type CodelessParameters 

type CodelessParameters struct {
	// ConnectorUIConfig - Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`
}

CodelessParameters represents Codeless UI data connector

type CodelessUIConnectorConfigProperties 

type CodelessUIConnectorConfigProperties struct {
	// Title - Connector blade title
	Title *string `json:"title,omitempty"`
	// Publisher - Connector publisher name
	Publisher *string `json:"publisher,omitempty"`
	// DescriptionMarkdown - Connector description
	DescriptionMarkdown *string `json:"descriptionMarkdown,omitempty"`
	// CustomImage - An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery
	CustomImage *string `json:"customImage,omitempty"`
	// GraphQueriesTableName - Name of the table the connector will insert the data to
	GraphQueriesTableName *string `json:"graphQueriesTableName,omitempty"`
	// GraphQueries - The graph query to show the current data status
	GraphQueries *[]CodelessUIConnectorConfigPropertiesGraphQueriesItem `json:"graphQueries,omitempty"`
	// SampleQueries - The sample queries for the connector
	SampleQueries *[]CodelessUIConnectorConfigPropertiesSampleQueriesItem `json:"sampleQueries,omitempty"`
	// DataTypes - Data types to check for last data received
	DataTypes *[]CodelessUIConnectorConfigPropertiesDataTypesItem `json:"dataTypes,omitempty"`
	// ConnectivityCriteria - Define the way the connector check connectivity
	ConnectivityCriteria *[]CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem `json:"connectivityCriteria,omitempty"`
	// Availability - Connector Availability Status
	Availability *Availability `json:"availability,omitempty"`
	// Permissions - Permissions required for the connector
	Permissions *Permissions `json:"permissions,omitempty"`
	// InstructionSteps - Instruction steps to enable the connector
	InstructionSteps *[]CodelessUIConnectorConfigPropertiesInstructionStepsItem `json:"instructionSteps,omitempty"`
}

CodelessUIConnectorConfigProperties config to describe the instructions blade

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem 

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct {
	// Type - type of connectivity. Possible values include: 'ConnectivityTypeIsConnectedQuery'
	Type ConnectivityType `json:"type,omitempty"`
	// Value - Queries for checking connectivity
	Value *[]string `json:"value,omitempty"`
}

CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem ...

type CodelessUIConnectorConfigPropertiesDataTypesItem 

type CodelessUIConnectorConfigPropertiesDataTypesItem struct {
	// Name - Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
	Name *string `json:"name,omitempty"`
	// LastDataReceivedQuery - Query for indicate last data received
	LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"`
}

CodelessUIConnectorConfigPropertiesDataTypesItem ...

type CodelessUIConnectorConfigPropertiesGraphQueriesItem 

type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct {
	// MetricName - the metric that the query is checking
	MetricName *string `json:"metricName,omitempty"`
	// Legend - The legend for the graph
	Legend *string `json:"legend,omitempty"`
	// BaseQuery - The base query for the graph
	BaseQuery *string `json:"baseQuery,omitempty"`
}

CodelessUIConnectorConfigPropertiesGraphQueriesItem ...

type CodelessUIConnectorConfigPropertiesInstructionStepsItem 

type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct {
	// Title - Instruction step title
	Title *string `json:"title,omitempty"`
	// Description - Instruction step description
	Description *string `json:"description,omitempty"`
	// Instructions - Instruction step details
	Instructions *[]InstructionStepsInstructionsItem `json:"instructions,omitempty"`
}

CodelessUIConnectorConfigPropertiesInstructionStepsItem ...

type CodelessUIConnectorConfigPropertiesSampleQueriesItem 

type CodelessUIConnectorConfigPropertiesSampleQueriesItem struct {
	// Description - The sample query description
	Description *string `json:"description,omitempty"`
	// Query - the sample query
	Query *string `json:"query,omitempty"`
}

CodelessUIConnectorConfigPropertiesSampleQueriesItem ...

type CodelessUIDataConnector 

type CodelessUIDataConnector struct {
	// CodelessParameters - Codeless UI data connector properties
	*CodelessParameters `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

CodelessUIDataConnector represents Codeless UI data connector.

func (CodelessUIDataConnector) AsAADDataConnector 

func (cudc CodelessUIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsAATPDataConnector 

func (cudc CodelessUIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsASCDataConnector 

func (cudc CodelessUIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsAwsCloudTrailDataConnector 

func (cudc CodelessUIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsAwsS3DataConnector 

func (cudc CodelessUIDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsBasicDataConnector 

func (cudc CodelessUIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsCodelessAPIPollingDataConnector 

func (cudc CodelessUIDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsCodelessUIDataConnector 

func (cudc CodelessUIDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsDataConnector 

func (cudc CodelessUIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsDynamics365DataConnector 

func (cudc CodelessUIDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsMCASDataConnector 

func (cudc CodelessUIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsMDATPDataConnector 

func (cudc CodelessUIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsMSTIDataConnector 

func (cudc CodelessUIDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsMTPDataConnector 

func (cudc CodelessUIDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsOfficeATPDataConnector 

func (cudc CodelessUIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsOfficeDataConnector 

func (cudc CodelessUIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsOfficeIRMDataConnector 

func (cudc CodelessUIDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsTIDataConnector 

func (cudc CodelessUIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) AsTiTaxiiDataConnector 

func (cudc CodelessUIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for CodelessUIDataConnector.

func (CodelessUIDataConnector) MarshalJSON 

func (cudc CodelessUIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CodelessUIDataConnector.

func (*CodelessUIDataConnector) UnmarshalJSON 

func (cudc *CodelessUIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CodelessUIDataConnector struct.

type ConditionType 

type ConditionType string

ConditionType enumerates the values for condition type. 

const (
	// ConditionTypeAutomationRuleCondition ...
	ConditionTypeAutomationRuleCondition ConditionType = "AutomationRuleCondition"
	// ConditionTypeProperty ...
	ConditionTypeProperty ConditionType = "Property"
)

func PossibleConditionTypeValues 

func PossibleConditionTypeValues() []ConditionType

PossibleConditionTypeValues returns an array of possible values for the ConditionType const type.

type ConfidenceLevel 

type ConfidenceLevel string

ConfidenceLevel enumerates the values for confidence level. 

const (
	// ConfidenceLevelHigh High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
	// attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues 

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus 

type ConfidenceScoreStatus string

ConfidenceScoreStatus enumerates the values for confidence score status. 

const (
	// ConfidenceScoreStatusFinal Final score was calculated and available
	ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final"
	// ConfidenceScoreStatusInProcess No score was set yet and calculation is in progress
	ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess"
	// ConfidenceScoreStatusNotApplicable Score will not be calculated for this alert as it is not supported by
	// virtual analyst
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	// ConfidenceScoreStatusNotFinal Score is calculated and shown as part of the alert, but may be updated
	// again at a later time following the processing of additional data
	ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues 

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.

type ConnectAuthKind 

type ConnectAuthKind string

ConnectAuthKind enumerates the values for connect auth kind. 

const (
	// ConnectAuthKindAPIKey ...
	ConnectAuthKindAPIKey ConnectAuthKind = "APIKey"
	// ConnectAuthKindBasic ...
	ConnectAuthKindBasic ConnectAuthKind = "Basic"
	// ConnectAuthKindOAuth2 ...
	ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2"
)

func PossibleConnectAuthKindValues 

func PossibleConnectAuthKindValues() []ConnectAuthKind

PossibleConnectAuthKindValues returns an array of possible values for the ConnectAuthKind const type.

type ConnectedEntity 

type ConnectedEntity struct {
	// TargetEntityID - Entity Id of the connected entity
	TargetEntityID *string `json:"targetEntityId,omitempty"`
	// AdditionalData - key-value pairs for a connected entity mapping
	AdditionalData interface{} `json:"additionalData,omitempty"`
}

ConnectedEntity expansion result connected entities

type ConnectivityCriteria 

type ConnectivityCriteria struct {
	// Type - type of connectivity. Possible values include: 'ConnectivityTypeIsConnectedQuery'
	Type ConnectivityType `json:"type,omitempty"`
	// Value - Queries for checking connectivity
	Value *[]string `json:"value,omitempty"`
}

ConnectivityCriteria setting for the connector check connectivity

type ConnectivityType 

type ConnectivityType string

ConnectivityType enumerates the values for connectivity type. 

const (
	// ConnectivityTypeIsConnectedQuery ...
	ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery"
)

func PossibleConnectivityTypeValues 

func PossibleConnectivityTypeValues() []ConnectivityType

PossibleConnectivityTypeValues returns an array of possible values for the ConnectivityType const type.

type ConnectorInstructionModelBase 

type ConnectorInstructionModelBase struct {
	// Parameters - The parameters for the setting
	Parameters interface{} `json:"parameters,omitempty"`
	// Type - The kind of the setting. Possible values include: 'SettingTypeCopyableLabel', 'SettingTypeInstructionStepsGroup', 'SettingTypeInfoMessage'
	Type SettingType `json:"type,omitempty"`
}

ConnectorInstructionModelBase instruction step details

type ContentPathMap 

type ContentPathMap struct {
	// ContentType - Content type. Possible values include: 'ContentTypeAnalyticRule', 'ContentTypeWorkbook'
	ContentType ContentType `json:"contentType,omitempty"`
	// Path - The path to the content.
	Path *string `json:"path,omitempty"`
}

ContentPathMap the mapping of content type to a repo path.

type ContentType 

type ContentType string

ContentType enumerates the values for content type. 

const (
	// ContentTypeAnalyticRule ...
	ContentTypeAnalyticRule ContentType = "AnalyticRule"
	// ContentTypeWorkbook ...
	ContentTypeWorkbook ContentType = "Workbook"
)

func PossibleContentTypeValues 

func PossibleContentTypeValues() []ContentType

PossibleContentTypeValues returns an array of possible values for the ContentType const type.

type CreatedByType 

type CreatedByType string

CreatedByType enumerates the values for created by type. 

const (
	// CreatedByTypeApplication ...
	CreatedByTypeApplication CreatedByType = "Application"
	// CreatedByTypeKey ...
	CreatedByTypeKey CreatedByType = "Key"
	// CreatedByTypeManagedIdentity ...
	CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
	// CreatedByTypeUser ...
	CreatedByTypeUser CreatedByType = "User"
)

func PossibleCreatedByTypeValues 

func PossibleCreatedByTypeValues() []CreatedByType

PossibleCreatedByTypeValues returns an array of possible values for the CreatedByType const type.

type CustomEntityQuery 

type CustomEntityQuery struct {
	// Kind - Possible values include: 'KindBasicCustomEntityQueryKindCustomEntityQuery', 'KindBasicCustomEntityQueryKindActivity'
	Kind KindBasicCustomEntityQuery `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

CustomEntityQuery specific entity query that supports put requests.

func (CustomEntityQuery) AsActivityCustomEntityQuery 

func (ceq CustomEntityQuery) AsActivityCustomEntityQuery() (*ActivityCustomEntityQuery, bool)

AsActivityCustomEntityQuery is the BasicCustomEntityQuery implementation for CustomEntityQuery.

func (CustomEntityQuery) AsBasicCustomEntityQuery 

func (ceq CustomEntityQuery) AsBasicCustomEntityQuery() (BasicCustomEntityQuery, bool)

AsBasicCustomEntityQuery is the BasicCustomEntityQuery implementation for CustomEntityQuery.

func (CustomEntityQuery) AsCustomEntityQuery 

func (ceq CustomEntityQuery) AsCustomEntityQuery() (*CustomEntityQuery, bool)

AsCustomEntityQuery is the BasicCustomEntityQuery implementation for CustomEntityQuery.

func (CustomEntityQuery) MarshalJSON 

func (ceq CustomEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CustomEntityQuery.

type CustomEntityQueryKind 

type CustomEntityQueryKind string

CustomEntityQueryKind enumerates the values for custom entity query kind. 

const (
	// CustomEntityQueryKindActivity ...
	CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity"
)

func PossibleCustomEntityQueryKindValues 

func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind

PossibleCustomEntityQueryKindValues returns an array of possible values for the CustomEntityQueryKind const type.

type Customs 

type Customs struct {
	// Name - Customs permissions name
	Name *string `json:"name,omitempty"`
	// Description - Customs permissions description
	Description *string `json:"description,omitempty"`
}

Customs customs permissions required for the connector

type CustomsPermission 

type CustomsPermission struct {
	// Name - Customs permissions name
	Name *string `json:"name,omitempty"`
	// Description - Customs permissions description
	Description *string `json:"description,omitempty"`
}

CustomsPermission customs permissions required for the connector

type DNSEntity 

type DNSEntity struct {
	// DNSEntityProperties - Dns entity properties
	*DNSEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

DNSEntity represents a dns entity.

func (DNSEntity) AsAccountEntity 

func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsAzureResourceEntity 

func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsBasicEntity 

func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsCloudApplicationEntity 

func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsDNSEntity 

func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsEntity 

func (de DNSEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileEntity 

func (de DNSEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileHashEntity 

func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHostEntity 

func (de DNSEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHuntingBookmark 

func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIPEntity 

func (de DNSEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIoTDeviceEntity 

func (de DNSEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMailClusterEntity 

func (de DNSEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMailMessageEntity 

func (de DNSEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMailboxEntity 

func (de DNSEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMalwareEntity 

func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsProcessEntity 

func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryKeyEntity 

func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryValueEntity 

func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityAlert 

func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityGroupEntity 

func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSubmissionMailEntity 

func (de DNSEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsURLEntity 

func (de DNSEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) MarshalJSON 

func (de DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntity.

func (*DNSEntity) UnmarshalJSON 

func (de *DNSEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DNSEntity struct.

type DNSEntityProperties 

type DNSEntityProperties struct {
	// DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"`
	// DomainName - READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty"`
	// HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"`
	// IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

DNSEntityProperties dns entity property bag.

func (DNSEntityProperties) MarshalJSON 

func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntityProperties.

type DataConnector 

type DataConnector struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

DataConnector data connector

func (DataConnector) AsAADDataConnector 

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector 

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector 

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector 

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsS3DataConnector 

func (dc DataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector 

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsCodelessAPIPollingDataConnector 

func (dc DataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsCodelessUIDataConnector 

func (dc DataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector 

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDynamics365DataConnector 

func (dc DataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector 

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector 

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMSTIDataConnector 

func (dc DataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMTPDataConnector 

func (dc DataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeATPDataConnector 

func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector 

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeIRMDataConnector 

func (dc DataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector 

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTiTaxiiDataConnector 

func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON 

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorAuthorizationState 

type DataConnectorAuthorizationState string

DataConnectorAuthorizationState enumerates the values for data connector authorization state. 

const (
	// DataConnectorAuthorizationStateInvalid ...
	DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid"
	// DataConnectorAuthorizationStateValid ...
	DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid"
)

func PossibleDataConnectorAuthorizationStateValues 

func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState

PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.

type DataConnectorConnectBody 

type DataConnectorConnectBody struct {
	// Kind - The authentication kind used to poll the data. Possible values include: 'ConnectAuthKindBasic', 'ConnectAuthKindOAuth2', 'ConnectAuthKindAPIKey'
	Kind ConnectAuthKind `json:"kind,omitempty"`
	// APIKey - The API key of the audit server.
	APIKey *string `json:"apiKey,omitempty"`
	// ClientSecret - The client secret of the OAuth 2.0 application.
	ClientSecret *string `json:"clientSecret,omitempty"`
	// ClientID - The client id of the OAuth 2.0 application.
	ClientID *string `json:"clientId,omitempty"`
	// AuthorizationCode - The authorization code used in OAuth 2.0 code flow to issue a token.
	AuthorizationCode *string `json:"authorizationCode,omitempty"`
	// UserName - The user name in the audit log server.
	UserName *string `json:"userName,omitempty"`
	// Password - The user password in the audit log server.
	Password                     *string        `json:"password,omitempty"`
	RequestConfigUserInputValues *[]interface{} `json:"requestConfigUserInputValues,omitempty"`
}

DataConnectorConnectBody represents Codeless API Polling data connector.

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind. 

const (
	// DataConnectorKindAmazonWebServicesCloudTrail ...
	DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
	// DataConnectorKindAmazonWebServicesS3 ...
	DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3"
	// DataConnectorKindAPIPolling ...
	DataConnectorKindAPIPolling DataConnectorKind = "APIPolling"
	// DataConnectorKindAzureActiveDirectory ...
	DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
	// DataConnectorKindAzureAdvancedThreatProtection ...
	DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
	// DataConnectorKindAzureSecurityCenter ...
	DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
	// DataConnectorKindDynamics365 ...
	DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365"
	// DataConnectorKindGenericUI ...
	DataConnectorKindGenericUI DataConnectorKind = "GenericUI"
	// DataConnectorKindMicrosoftCloudAppSecurity ...
	DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
	// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	// DataConnectorKindMicrosoftThreatIntelligence ...
	DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence"
	// DataConnectorKindMicrosoftThreatProtection ...
	DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection"
	// DataConnectorKindOffice365 ...
	DataConnectorKindOffice365 DataConnectorKind = "Office365"
	// DataConnectorKindOfficeATP ...
	DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP"
	// DataConnectorKindOfficeIRM ...
	DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM"
	// DataConnectorKindThreatIntelligence ...
	DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
	// DataConnectorKindThreatIntelligenceTaxii ...
	DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorLicenseState 

type DataConnectorLicenseState string

DataConnectorLicenseState enumerates the values for data connector license state. 

const (
	// DataConnectorLicenseStateInvalid ...
	DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
	// DataConnectorLicenseStateUnknown ...
	DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
	// DataConnectorLicenseStateValid ...
	DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid"
)

func PossibleDataConnectorLicenseStateValues 

func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState

PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.

type DataConnectorList 

type DataConnectorList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of data connectors.
	Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty 

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (DataConnectorList) MarshalJSON 

func (dcl DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator 

type DataConnectorListIterator struct {
	// contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator 

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next 

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext 

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone 

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response 

func (iter DataConnectorListIterator) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value 

func (iter DataConnectorListIterator) Value() BasicDataConnector

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage 

type DataConnectorListPage struct {
	// contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage 

func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next 

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext 

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone 

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response 

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values 

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel 

type DataConnectorModel struct {
	autorest.Response `json:"-"`
	Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON 

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorRequirementsState 

type DataConnectorRequirementsState struct {
	autorest.Response `json:"-"`
	// AuthorizationState - Authorization state for this connector. Possible values include: 'DataConnectorAuthorizationStateValid', 'DataConnectorAuthorizationStateInvalid'
	AuthorizationState DataConnectorAuthorizationState `json:"authorizationState,omitempty"`
	// LicenseState - License state for this connector. Possible values include: 'DataConnectorLicenseStateValid', 'DataConnectorLicenseStateInvalid', 'DataConnectorLicenseStateUnknown'
	LicenseState DataConnectorLicenseState `json:"licenseState,omitempty"`
}

DataConnectorRequirementsState data connector requirements status.

type DataConnectorTenantID 

type DataConnectorTenantID struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties 

type DataConnectorWithAlertsProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsCheckRequirements 

type DataConnectorsCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

DataConnectorsCheckRequirements data connector requirements properties.

func (DataConnectorsCheckRequirements) AsAADCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsASCCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAwsS3CheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsDynamics365CheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMCASCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMDATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMSTICheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMtpCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsOfficeIRMCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTICheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) MarshalJSON 

func (dccr DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorsCheckRequirements.

type DataConnectorsCheckRequirementsClient 

type DataConnectorsCheckRequirementsClient struct {
	BaseClient
}

DataConnectorsCheckRequirementsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsCheckRequirementsClient 

func NewDataConnectorsCheckRequirementsClient(subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClient creates an instance of the DataConnectorsCheckRequirementsClient client.

func NewDataConnectorsCheckRequirementsClientWithBaseURI 

func NewDataConnectorsCheckRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClientWithBaseURI creates an instance of the DataConnectorsCheckRequirementsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsCheckRequirementsClient) Post 

func (client DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (result DataConnectorRequirementsState, err error)

Post get requirements state for a data connector type. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorsCheckRequirements - the parameters for requirements check message

func (DataConnectorsCheckRequirementsClient) PostPreparer 

func (client DataConnectorsCheckRequirementsClient) PostPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (*http.Request, error)

PostPreparer prepares the Post request.

func (DataConnectorsCheckRequirementsClient) PostResponder 

func (client DataConnectorsCheckRequirementsClient) PostResponder(resp *http.Response) (result DataConnectorRequirementsState, err error)

PostResponder handles the response to the Post request. The method always closes the http.Response Body.

func (DataConnectorsCheckRequirementsClient) PostSender 

func (client DataConnectorsCheckRequirementsClient) PostSender(req *http.Request) (*http.Response, error)

PostSender sends the Post request. The method will close the http.Response Body if it receives an error.

type DataConnectorsClient 

type DataConnectorsClient struct {
	BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI 

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsClient) Connect 

func (client DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody) (result autorest.Response, err error)

Connect connects a data connector. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID connectBody - the data connector

func (DataConnectorsClient) ConnectPreparer 

func (client DataConnectorsClient) ConnectPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody) (*http.Request, error)

ConnectPreparer prepares the Connect request.

func (DataConnectorsClient) ConnectResponder 

func (client DataConnectorsClient) ConnectResponder(resp *http.Response) (result autorest.Response, err error)

ConnectResponder handles the response to the Connect request. The method always closes the http.Response Body.

func (DataConnectorsClient) ConnectSender 

func (client DataConnectorsClient) ConnectSender(req *http.Request) (*http.Response, error)

ConnectSender sends the Connect request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) CreateOrUpdate 

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer 

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder 

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender 

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete 

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer 

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder 

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender 

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Disconnect 

func (client DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Disconnect disconnect a data connector. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DisconnectPreparer 

func (client DataConnectorsClient) DisconnectPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error)

DisconnectPreparer prepares the Disconnect request.

func (DataConnectorsClient) DisconnectResponder 

func (client DataConnectorsClient) DisconnectResponder(resp *http.Response) (result autorest.Response, err error)

DisconnectResponder handles the response to the Disconnect request. The method always closes the http.Response Body.

func (DataConnectorsClient) DisconnectSender 

func (client DataConnectorsClient) DisconnectSender(req *http.Request) (*http.Response, error)

DisconnectSender sends the Disconnect request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get 

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer 

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder 

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender 

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List 

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete 

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer 

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder 

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender 

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeDefinitions 

type DataTypeDefinitions struct {
	// DataType - The data type name
	DataType *string `json:"dataType,omitempty"`
}

DataTypeDefinitions the data type definition

type DataTypeState 

type DataTypeState string

DataTypeState enumerates the values for data type state. 

const (
	// DataTypeStateDisabled ...
	DataTypeStateDisabled DataTypeState = "Disabled"
	// DataTypeStateEnabled ...
	DataTypeStateEnabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type DeliveryAction 

type DeliveryAction string

DeliveryAction enumerates the values for delivery action. 

const (
	// DeliveryActionBlocked Blocked
	DeliveryActionBlocked DeliveryAction = "Blocked"
	// DeliveryActionDelivered Delivered
	DeliveryActionDelivered DeliveryAction = "Delivered"
	// DeliveryActionDeliveredAsSpam DeliveredAsSpam
	DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam"
	// DeliveryActionReplaced Replaced
	DeliveryActionReplaced DeliveryAction = "Replaced"
	// DeliveryActionUnknown Unknown
	DeliveryActionUnknown DeliveryAction = "Unknown"
)

func PossibleDeliveryActionValues 

func PossibleDeliveryActionValues() []DeliveryAction

PossibleDeliveryActionValues returns an array of possible values for the DeliveryAction const type.

type DeliveryLocation 

type DeliveryLocation string

DeliveryLocation enumerates the values for delivery location. 

const (
	// DeliveryLocationDeletedFolder DeletedFolder
	DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder"
	// DeliveryLocationDropped Dropped
	DeliveryLocationDropped DeliveryLocation = "Dropped"
	// DeliveryLocationExternal External
	DeliveryLocationExternal DeliveryLocation = "External"
	// DeliveryLocationFailed Failed
	DeliveryLocationFailed DeliveryLocation = "Failed"
	// DeliveryLocationForwarded Forwarded
	DeliveryLocationForwarded DeliveryLocation = "Forwarded"
	// DeliveryLocationInbox Inbox
	DeliveryLocationInbox DeliveryLocation = "Inbox"
	// DeliveryLocationJunkFolder JunkFolder
	DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder"
	// DeliveryLocationQuarantine Quarantine
	DeliveryLocationQuarantine DeliveryLocation = "Quarantine"
	// DeliveryLocationUnknown Unknown
	DeliveryLocationUnknown DeliveryLocation = "Unknown"
)

func PossibleDeliveryLocationValues 

func PossibleDeliveryLocationValues() []DeliveryLocation

PossibleDeliveryLocationValues returns an array of possible values for the DeliveryLocation const type.

type DomainWhoisClient 

type DomainWhoisClient struct {
	BaseClient
}

DomainWhoisClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDomainWhoisClient 

func NewDomainWhoisClient(subscriptionID string) DomainWhoisClient

NewDomainWhoisClient creates an instance of the DomainWhoisClient client.

func NewDomainWhoisClientWithBaseURI 

func NewDomainWhoisClientWithBaseURI(baseURI string, subscriptionID string) DomainWhoisClient

NewDomainWhoisClientWithBaseURI creates an instance of the DomainWhoisClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DomainWhoisClient) Get 

func (client DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string) (result EnrichmentDomainWhois, err error)

Get get whois information for a single domain name Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. domain - domain name to be enriched

func (DomainWhoisClient) GetPreparer 

func (client DomainWhoisClient) GetPreparer(ctx context.Context, resourceGroupName string, domain string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DomainWhoisClient) GetResponder 

func (client DomainWhoisClient) GetResponder(resp *http.Response) (result EnrichmentDomainWhois, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DomainWhoisClient) GetSender 

func (client DomainWhoisClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type Dynamics365CheckRequirements 

type Dynamics365CheckRequirements struct {
	// Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties.
	*Dynamics365CheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

Dynamics365CheckRequirements represents Dynamics365 requirements check request.

func (Dynamics365CheckRequirements) AsAADCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsAATPCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsASCCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsAwsCloudTrailCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsAwsS3CheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsDataConnectorsCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsDynamics365CheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsMCASCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsMDATPCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsMSTICheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsMtpCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsOfficeATPCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsOfficeIRMCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsTICheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) AsTiTaxiiCheckRequirements 

func (d3cr Dynamics365CheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) MarshalJSON 

func (d3cr Dynamics365CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Dynamics365CheckRequirements.

func (*Dynamics365CheckRequirements) UnmarshalJSON 

func (d3cr *Dynamics365CheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Dynamics365CheckRequirements struct.

type Dynamics365CheckRequirementsProperties 

type Dynamics365CheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365CheckRequirementsProperties dynamics365 requirements check properties.

type Dynamics365DataConnector 

type Dynamics365DataConnector struct {
	// Dynamics365DataConnectorProperties - Dynamics365 data connector properties.
	*Dynamics365DataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Dynamics365DataConnector represents Dynamics365 data connector.

func (Dynamics365DataConnector) AsAADDataConnector 

func (d3dc Dynamics365DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsAATPDataConnector 

func (d3dc Dynamics365DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsASCDataConnector 

func (d3dc Dynamics365DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsAwsCloudTrailDataConnector 

func (d3dc Dynamics365DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsAwsS3DataConnector 

func (d3dc Dynamics365DataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsBasicDataConnector 

func (d3dc Dynamics365DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsCodelessAPIPollingDataConnector 

func (d3dc Dynamics365DataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsCodelessUIDataConnector 

func (d3dc Dynamics365DataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsDataConnector 

func (d3dc Dynamics365DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsDynamics365DataConnector 

func (d3dc Dynamics365DataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsMCASDataConnector 

func (d3dc Dynamics365DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsMDATPDataConnector 

func (d3dc Dynamics365DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsMSTIDataConnector 

func (d3dc Dynamics365DataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsMTPDataConnector 

func (d3dc Dynamics365DataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsOfficeATPDataConnector 

func (d3dc Dynamics365DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsOfficeDataConnector 

func (d3dc Dynamics365DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsOfficeIRMDataConnector 

func (d3dc Dynamics365DataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsTIDataConnector 

func (d3dc Dynamics365DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) AsTiTaxiiDataConnector 

func (d3dc Dynamics365DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for Dynamics365DataConnector.

func (Dynamics365DataConnector) MarshalJSON 

func (d3dc Dynamics365DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Dynamics365DataConnector.

func (*Dynamics365DataConnector) UnmarshalJSON 

func (d3dc *Dynamics365DataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Dynamics365DataConnector struct.

type Dynamics365DataConnectorDataTypes 

type Dynamics365DataConnectorDataTypes struct {
	// Dynamics365CdsActivities - Common Data Service data type connection.
	Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities `json:"dynamics365CdsActivities,omitempty"`
}

Dynamics365DataConnectorDataTypes the available data types for Dynamics365 data connector.

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities 

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

Dynamics365DataConnectorDataTypesDynamics365CdsActivities common Data Service data type connection.

type Dynamics365DataConnectorProperties 

type Dynamics365DataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *Dynamics365DataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365DataConnectorProperties dynamics365 data connector properties.

type ElevationToken 

type ElevationToken string

ElevationToken enumerates the values for elevation token. 

const (
	// ElevationTokenDefault Default elevation token
	ElevationTokenDefault ElevationToken = "Default"
	// ElevationTokenFull Full elevation token
	ElevationTokenFull ElevationToken = "Full"
	// ElevationTokenLimited Limited elevation token
	ElevationTokenLimited ElevationToken = "Limited"
)

func PossibleElevationTokenValues 

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.

type EnrichmentDomainWhois 

type EnrichmentDomainWhois struct {
	autorest.Response `json:"-"`
	// Domain - The domain for this whois record
	Domain *string `json:"domain,omitempty"`
	// Server - The hostname of this registrar's whois server
	Server *string `json:"server,omitempty"`
	// Created - The timestamp at which this record was created
	Created *date.Time `json:"created,omitempty"`
	// Updated - The timestamp at which this record was last updated
	Updated *date.Time `json:"updated,omitempty"`
	// Expires - The timestamp at which this record will expire
	Expires *date.Time `json:"expires,omitempty"`
	// ParsedWhois - The whois record for a given domain
	ParsedWhois *EnrichmentDomainWhoisDetails `json:"parsedWhois,omitempty"`
}

EnrichmentDomainWhois whois information for a given domain and associated metadata

type EnrichmentDomainWhoisContact 

type EnrichmentDomainWhoisContact struct {
	// Name - The name of this contact
	Name *string `json:"name,omitempty"`
	// Org - The organization for this contact
	Org *string `json:"org,omitempty"`
	// Street - A list describing the street address for this contact
	Street *[]string `json:"street,omitempty"`
	// City - The city for this contact
	City *string `json:"city,omitempty"`
	// State - The state for this contact
	State *string `json:"state,omitempty"`
	// Postal - The postal code for this contact
	Postal *string `json:"postal,omitempty"`
	// Country - The country for this contact
	Country *string `json:"country,omitempty"`
	// Phone - The phone number for this contact
	Phone *string `json:"phone,omitempty"`
	// Fax - The fax number for this contact
	Fax *string `json:"fax,omitempty"`
	// Email - The email address for this contact
	Email *string `json:"email,omitempty"`
}

EnrichmentDomainWhoisContact an individual contact associated with this domain

type EnrichmentDomainWhoisContacts 

type EnrichmentDomainWhoisContacts struct {
	// Admin - The admin contact for this whois record
	Admin *EnrichmentDomainWhoisContact `json:"admin,omitempty"`
	// Billing - The billing contact for this whois record
	Billing *EnrichmentDomainWhoisContact `json:"billing,omitempty"`
	// Registrant - The registrant contact for this whois record
	Registrant *EnrichmentDomainWhoisContact `json:"registrant,omitempty"`
	// Tech - The technical contact for this whois record
	Tech *EnrichmentDomainWhoisContact `json:"tech,omitempty"`
}

EnrichmentDomainWhoisContacts the set of contacts associated with this domain

type EnrichmentDomainWhoisDetails 

type EnrichmentDomainWhoisDetails struct {
	// Registrar - The registrar associated with this domain
	Registrar *EnrichmentDomainWhoisRegistrarDetails `json:"registrar,omitempty"`
	// Contacts - The set of contacts associated with this domain
	Contacts *EnrichmentDomainWhoisContacts `json:"contacts,omitempty"`
	// NameServers - A list of name servers associated with this domain
	NameServers *[]string `json:"nameServers,omitempty"`
	// Statuses - The set of status flags for this whois record
	Statuses *[]string `json:"statuses,omitempty"`
}

EnrichmentDomainWhoisDetails the whois record for a given domain

type EnrichmentDomainWhoisRegistrarDetails 

type EnrichmentDomainWhoisRegistrarDetails struct {
	// Name - The name of this registrar
	Name *string `json:"name,omitempty"`
	// AbuseContactEmail - This registrar's abuse contact email
	AbuseContactEmail *string `json:"abuseContactEmail,omitempty"`
	// AbuseContactPhone - This registrar's abuse contact phone number
	AbuseContactPhone *string `json:"abuseContactPhone,omitempty"`
	// IanaID - This registrar's Internet Assigned Numbers Authority id
	IanaID *string `json:"ianaId,omitempty"`
	// URL - This registrar's URL
	URL *string `json:"url,omitempty"`
	// WhoisServer - The hostname of this registrar's whois server
	WhoisServer *string `json:"whoisServer,omitempty"`
}

EnrichmentDomainWhoisRegistrarDetails the registrar associated with this domain

type EnrichmentIPGeodata 

type EnrichmentIPGeodata struct {
	autorest.Response `json:"-"`
	// Asn - The autonomous system number associated with this IP address
	Asn *string `json:"asn,omitempty"`
	// Carrier - The name of the carrier for this IP address
	Carrier *string `json:"carrier,omitempty"`
	// City - The city this IP address is located in
	City *string `json:"city,omitempty"`
	// CityCf - A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100
	CityCf *int32 `json:"cityCf,omitempty"`
	// Continent - The continent this IP address is located on
	Continent *string `json:"continent,omitempty"`
	// Country - The county this IP address is located in
	Country *string `json:"country,omitempty"`
	// CountryCf - A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100
	CountryCf *int32 `json:"countryCf,omitempty"`
	// IPAddr - The dotted-decimal or colon-separated string representation of the IP address
	IPAddr *string `json:"ipAddr,omitempty"`
	// IPRoutingType - A description of the connection type of this IP address
	IPRoutingType *string `json:"ipRoutingType,omitempty"`
	// Latitude - The latitude of this IP address
	Latitude *string `json:"latitude,omitempty"`
	// Longitude - The longitude of this IP address
	Longitude *string `json:"longitude,omitempty"`
	// Organization - The name of the organization for this IP address
	Organization *string `json:"organization,omitempty"`
	// OrganizationType - The type of the organization for this IP address
	OrganizationType *string `json:"organizationType,omitempty"`
	// Region - The geographic region this IP address is located in
	Region *string `json:"region,omitempty"`
	// State - The state this IP address is located in
	State *string `json:"state,omitempty"`
	// StateCf - A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100
	StateCf *int32 `json:"stateCf,omitempty"`
	// StateCode - The abbreviated name for the state this IP address is located in
	StateCode *string `json:"stateCode,omitempty"`
}

EnrichmentIPGeodata geodata information for a given IP address

type EntitiesClient 

type EntitiesClient struct {
	BaseClient
}

EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesClient 

func NewEntitiesClient(subscriptionID string) EntitiesClient

NewEntitiesClient creates an instance of the EntitiesClient client.

func NewEntitiesClientWithBaseURI 

func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient

NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesClient) Expand 

func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)

Expand expands an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.

func (EntitiesClient) ExpandPreparer 

func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (EntitiesClient) ExpandResponder 

func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (EntitiesClient) ExpandSender 

func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Get 

func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string) (result EntityModel, err error)

Get gets an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) GetInsights 

func (client EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters) (result EntityGetInsightsResponse, err error)

GetInsights execute Insights for an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute insights on the given entity.

func (EntitiesClient) GetInsightsPreparer 

func (client EntitiesClient) GetInsightsPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters) (*http.Request, error)

GetInsightsPreparer prepares the GetInsights request.

func (EntitiesClient) GetInsightsResponder 

func (client EntitiesClient) GetInsightsResponder(resp *http.Response) (result EntityGetInsightsResponse, err error)

GetInsightsResponder handles the response to the GetInsights request. The method always closes the http.Response Body.

func (EntitiesClient) GetInsightsSender 

func (client EntitiesClient) GetInsightsSender(req *http.Request) (*http.Response, error)

GetInsightsSender sends the GetInsights request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) GetPreparer 

func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntitiesClient) GetResponder 

func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntitiesClient) GetSender 

func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) List 

func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result EntityListPage, err error)

List gets all entities. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (EntitiesClient) ListComplete 

func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result EntityListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesClient) ListPreparer 

func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesClient) ListResponder 

func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesClient) ListSender 

func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Queries 

func (client EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string) (result GetQueriesResponse, err error)

Queries get Insights and Activities for an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) QueriesPreparer 

func (client EntitiesClient) QueriesPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string) (*http.Request, error)

QueriesPreparer prepares the Queries request.

func (EntitiesClient) QueriesResponder 

func (client EntitiesClient) QueriesResponder(resp *http.Response) (result GetQueriesResponse, err error)

QueriesResponder handles the response to the Queries request. The method always closes the http.Response Body.

func (EntitiesClient) QueriesSender 

func (client EntitiesClient) QueriesSender(req *http.Request) (*http.Response, error)

QueriesSender sends the Queries request. The method will close the http.Response Body if it receives an error.

type EntitiesGetTimelineClient 

type EntitiesGetTimelineClient struct {
	BaseClient
}

EntitiesGetTimelineClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesGetTimelineClient 

func NewEntitiesGetTimelineClient(subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClient creates an instance of the EntitiesGetTimelineClient client.

func NewEntitiesGetTimelineClientWithBaseURI 

func NewEntitiesGetTimelineClientWithBaseURI(baseURI string, subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClientWithBaseURI creates an instance of the EntitiesGetTimelineClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesGetTimelineClient) List 

func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters) (result EntityTimelineResponse, err error)

List timeline for an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an timeline operation on the given entity.

func (EntitiesGetTimelineClient) ListPreparer 

func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesGetTimelineClient) ListResponder 

func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesGetTimelineClient) ListSender 

func (client EntitiesGetTimelineClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntitiesRelationsClient 

type EntitiesRelationsClient struct {
	BaseClient
}

EntitiesRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesRelationsClient 

func NewEntitiesRelationsClient(subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClient creates an instance of the EntitiesRelationsClient client.

func NewEntitiesRelationsClientWithBaseURI 

func NewEntitiesRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClientWithBaseURI creates an instance of the EntitiesRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesRelationsClient) List 

func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all relations of an entity. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (EntitiesRelationsClient) ListComplete 

func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesRelationsClient) ListPreparer 

func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesRelationsClient) ListResponder 

func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesRelationsClient) ListSender 

func (client EntitiesRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Entity 

type Entity struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Entity specific entity.

func (Entity) AsAccountEntity 

func (e Entity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for Entity.

func (Entity) AsAzureResourceEntity 

func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for Entity.

func (Entity) AsBasicEntity 

func (e Entity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for Entity.

func (Entity) AsCloudApplicationEntity 

func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for Entity.

func (Entity) AsDNSEntity 

func (e Entity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for Entity.

func (Entity) AsEntity 

func (e Entity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileEntity 

func (e Entity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileHashEntity 

func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for Entity.

func (Entity) AsHostEntity 

func (e Entity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for Entity.

func (Entity) AsHuntingBookmark 

func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for Entity.

func (Entity) AsIPEntity 

func (e Entity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for Entity.

func (Entity) AsIoTDeviceEntity 

func (e Entity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for Entity.

func (Entity) AsMailClusterEntity 

func (e Entity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for Entity.

func (Entity) AsMailMessageEntity 

func (e Entity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for Entity.

func (Entity) AsMailboxEntity 

func (e Entity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for Entity.

func (Entity) AsMalwareEntity 

func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for Entity.

func (Entity) AsProcessEntity 

func (e Entity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryKeyEntity 

func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryValueEntity 

func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for Entity.

func (Entity) AsSecurityAlert 

func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for Entity.

func (Entity) AsSecurityGroupEntity 

func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for Entity.

func (Entity) AsSubmissionMailEntity 

func (e Entity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for Entity.

func (Entity) AsURLEntity 

func (e Entity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for Entity.

func (Entity) MarshalJSON 

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Entity.

type EntityAnalytics 

type EntityAnalytics struct {
	// EntityAnalyticsProperties - EntityAnalytics properties
	*EntityAnalyticsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicSettingsKindSettings', 'KindBasicSettingsKindAnomalies', 'KindBasicSettingsKindEyesOn', 'KindBasicSettingsKindEntityAnalytics', 'KindBasicSettingsKindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

EntityAnalytics settings with single toggle.

func (EntityAnalytics) AsAnomalies 

func (ea EntityAnalytics) AsAnomalies() (*Anomalies, bool)

AsAnomalies is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsBasicSettings 

func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEntityAnalytics 

func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEyesOn 

func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsSettings 

func (ea EntityAnalytics) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsUeba 

func (ea EntityAnalytics) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) MarshalJSON 

func (ea EntityAnalytics) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityAnalytics.

func (*EntityAnalytics) UnmarshalJSON 

func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct.

type EntityAnalyticsProperties 

type EntityAnalyticsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EntityAnalyticsProperties entityAnalytics property bag.

func (EntityAnalyticsProperties) MarshalJSON 

func (eap EntityAnalyticsProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityAnalyticsProperties.

type EntityCommonProperties 

type EntityCommonProperties struct {
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

EntityCommonProperties entity common property bag.

func (EntityCommonProperties) MarshalJSON 

func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityCommonProperties.

type EntityEdges 

type EntityEdges struct {
	// TargetEntityID - The target entity Id.
	TargetEntityID *string `json:"targetEntityId,omitempty"`
	// AdditionalData - A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
}

EntityEdges the edge that connects the entity to the other entity.

func (EntityEdges) MarshalJSON 

func (ee EntityEdges) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityEdges.

type EntityExpandParameters 

type EntityExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

EntityExpandParameters the parameters required to execute an expand operation on the given entity.

type EntityExpandResponse 

type EntityExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse the entity expansion result operation response.

type EntityExpandResponseValue 

type EntityExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
	// Edges - Array of edges that connects the entity to the list of entities.
	Edges *[]EntityEdges `json:"edges,omitempty"`
}

EntityExpandResponseValue the expansion result values.

func (*EntityExpandResponseValue) UnmarshalJSON 

func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.

type EntityGetInsightsParameters 

type EntityGetInsightsParameters struct {
	// StartTime - The start timeline date, so the results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
	// EndTime - The end timeline date, so the results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// AddDefaultExtendedTimeRange - Indicates if query time range should be extended with default time range of the query. Default value is false
	AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"`
	// InsightQueryIds - List of Insights Query Id. If empty, default value is all insights of this entity
	InsightQueryIds *[]uuid.UUID `json:"insightQueryIds,omitempty"`
}

EntityGetInsightsParameters the parameters required to execute insights operation on the given entity.

type EntityGetInsightsResponse 

type EntityGetInsightsResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the get insights operation results.
	MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"`
	// Value - The insights result values.
	Value *[]EntityInsightItem `json:"value,omitempty"`
}

EntityGetInsightsResponse the Get Insights result operation response.

type EntityInsightItem 

type EntityInsightItem struct {
	// QueryID - The query id of the insight
	QueryID *string `json:"queryId,omitempty"`
	// QueryTimeInterval - The Time interval that the query actually executed on.
	QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"`
	// TableQueryResults - Query results for table insights query.
	TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"`
	// ChartQueryResults - Query results for table insights query.
	ChartQueryResults *[]InsightsTableResult `json:"chartQueryResults,omitempty"`
}

EntityInsightItem entity insight Item.

type EntityInsightItemQueryTimeInterval 

type EntityInsightItemQueryTimeInterval struct {
	// StartTime - Insight query start time
	StartTime *date.Time `json:"startTime,omitempty"`
	// EndTime - Insight query end time
	EndTime *date.Time `json:"endTime,omitempty"`
}

EntityInsightItemQueryTimeInterval the Time interval that the query actually executed on.

type EntityKind 

type EntityKind string

EntityKind enumerates the values for entity kind. 

const (
	// EntityKindAccount Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIoTDevice Entity represents IoT device in the system.
	EntityKindIoTDevice EntityKind = "IoTDevice"
	// EntityKindIP Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindMailbox Entity represents mailbox in the system.
	EntityKindMailbox EntityKind = "Mailbox"
	// EntityKindMailCluster Entity represents mail cluster in the system.
	EntityKindMailCluster EntityKind = "MailCluster"
	// EntityKindMailMessage Entity represents mail message in the system.
	EntityKindMailMessage EntityKind = "MailMessage"
	// EntityKindMalware Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindProcess Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindSubmissionMail Entity represents submission mail in the system.
	EntityKindSubmissionMail EntityKind = "SubmissionMail"
	// EntityKindURL Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues 

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns an array of possible values for the EntityKind const type.

type EntityList 

type EntityList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entities.
	Value *[]BasicEntity `json:"value,omitempty"`
}

EntityList list of all the entities.

func (EntityList) IsEmpty 

func (el EntityList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityList) MarshalJSON 

func (el EntityList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityList.

func (*EntityList) UnmarshalJSON 

func (el *EntityList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityList struct.

type EntityListIterator 

type EntityListIterator struct {
	// contains filtered or unexported fields
}

EntityListIterator provides access to a complete listing of Entity values.

func NewEntityListIterator 

func NewEntityListIterator(page EntityListPage) EntityListIterator

Creates a new instance of the EntityListIterator type.

func (*EntityListIterator) Next 

func (iter *EntityListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListIterator) NextWithContext 

func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityListIterator) NotDone 

func (iter EntityListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityListIterator) Response 

func (iter EntityListIterator) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListIterator) Value 

func (iter EntityListIterator) Value() BasicEntity

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityListPage 

type EntityListPage struct {
	// contains filtered or unexported fields
}

EntityListPage contains a page of BasicEntity values.

func NewEntityListPage 

func NewEntityListPage(cur EntityList, getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage

Creates a new instance of the EntityListPage type.

func (*EntityListPage) Next 

func (page *EntityListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListPage) NextWithContext 

func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityListPage) NotDone 

func (page EntityListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityListPage) Response 

func (page EntityListPage) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListPage) Values 

func (page EntityListPage) Values() []BasicEntity

Values returns the slice of values for the current page or nil if there are no values.

type EntityMapping 

type EntityMapping struct {
	// EntityType - Possible values include: 'EntityMappingTypeAccount', 'EntityMappingTypeHost', 'EntityMappingTypeIP', 'EntityMappingTypeMalware', 'EntityMappingTypeFile', 'EntityMappingTypeProcess', 'EntityMappingTypeCloudApplication', 'EntityMappingTypeDNS', 'EntityMappingTypeAzureResource', 'EntityMappingTypeFileHash', 'EntityMappingTypeRegistryKey', 'EntityMappingTypeRegistryValue', 'EntityMappingTypeSecurityGroup', 'EntityMappingTypeURL', 'EntityMappingTypeMailbox', 'EntityMappingTypeMailCluster', 'EntityMappingTypeMailMessage', 'EntityMappingTypeSubmissionMail'
	EntityType EntityMappingType `json:"entityType,omitempty"`
	// FieldMappings - array of field mappings for the given entity mapping
	FieldMappings *[]FieldMapping `json:"fieldMappings,omitempty"`
}

EntityMapping single entity mapping for the alert rule

type EntityMappingType 

type EntityMappingType string

EntityMappingType enumerates the values for entity mapping type. 

const (
	// EntityMappingTypeAccount User account entity type
	EntityMappingTypeAccount EntityMappingType = "Account"
	// EntityMappingTypeAzureResource Azure resource entity type
	EntityMappingTypeAzureResource EntityMappingType = "AzureResource"
	// EntityMappingTypeCloudApplication Cloud app entity type
	EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication"
	// EntityMappingTypeDNS DNS entity type
	EntityMappingTypeDNS EntityMappingType = "DNS"
	// EntityMappingTypeFile System file entity type
	EntityMappingTypeFile EntityMappingType = "File"
	// EntityMappingTypeFileHash File-hash entity type
	EntityMappingTypeFileHash EntityMappingType = "FileHash"
	// EntityMappingTypeHost Host entity type
	EntityMappingTypeHost EntityMappingType = "Host"
	// EntityMappingTypeIP IP address entity type
	EntityMappingTypeIP EntityMappingType = "IP"
	// EntityMappingTypeMailbox Mailbox entity type
	EntityMappingTypeMailbox EntityMappingType = "Mailbox"
	// EntityMappingTypeMailCluster Mail cluster entity type
	EntityMappingTypeMailCluster EntityMappingType = "MailCluster"
	// EntityMappingTypeMailMessage Mail message entity type
	EntityMappingTypeMailMessage EntityMappingType = "MailMessage"
	// EntityMappingTypeMalware Malware entity type
	EntityMappingTypeMalware EntityMappingType = "Malware"
	// EntityMappingTypeProcess Process entity type
	EntityMappingTypeProcess EntityMappingType = "Process"
	// EntityMappingTypeRegistryKey Registry key entity type
	EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey"
	// EntityMappingTypeRegistryValue Registry value entity type
	EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue"
	// EntityMappingTypeSecurityGroup Security group entity type
	EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup"
	// EntityMappingTypeSubmissionMail Submission mail entity type
	EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail"
	// EntityMappingTypeURL URL entity type
	EntityMappingTypeURL EntityMappingType = "URL"
)

func PossibleEntityMappingTypeValues 

func PossibleEntityMappingTypeValues() []EntityMappingType

PossibleEntityMappingTypeValues returns an array of possible values for the EntityMappingType const type.

type EntityModel 

type EntityModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntity `json:"value,omitempty"`
}

EntityModel ...

func (*EntityModel) UnmarshalJSON 

func (em *EntityModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityModel struct.

type EntityQueriesClient 

type EntityQueriesClient struct {
	BaseClient
}

EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueriesClient 

func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient

NewEntityQueriesClient creates an instance of the EntityQueriesClient client.

func NewEntityQueriesClientWithBaseURI 

func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient

NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityQueriesClient) CreateOrUpdate 

func (client EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery BasicCustomEntityQuery) (result EntityQueryModel, err error)

CreateOrUpdate creates or updates the entity query. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityQueryID - entity query ID entityQuery - the entity query we want to create or update

func (EntityQueriesClient) CreateOrUpdatePreparer 

func (client EntityQueriesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery BasicCustomEntityQuery) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (EntityQueriesClient) CreateOrUpdateResponder 

func (client EntityQueriesClient) CreateOrUpdateResponder(resp *http.Response) (result EntityQueryModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (EntityQueriesClient) CreateOrUpdateSender 

func (client EntityQueriesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) Delete 

func (client EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string) (result autorest.Response, err error)

Delete delete the entity query. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) DeletePreparer 

func (client EntityQueriesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (EntityQueriesClient) DeleteResponder 

func (client EntityQueriesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (EntityQueriesClient) DeleteSender 

func (client EntityQueriesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) Get 

func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string) (result EntityQueryModel, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) GetPreparer 

func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueriesClient) GetResponder 

func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQueryModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueriesClient) GetSender 

func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) List 

func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (result EntityQueryListPage, err error)

List gets all entity queries. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. kind - the entity query kind we want to fetch

func (EntityQueriesClient) ListComplete 

func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (result EntityQueryListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueriesClient) ListPreparer 

func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueriesClient) ListResponder 

func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueriesClient) ListSender 

func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityQuery 

type EntityQuery struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicEntityQueryKindEntityQuery', 'KindBasicEntityQueryKindExpansion', 'KindBasicEntityQueryKindActivity'
	Kind KindBasicEntityQuery `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

EntityQuery specific entity query.

func (EntityQuery) AsActivityEntityQuery 

func (eq EntityQuery) AsActivityEntityQuery() (*ActivityEntityQuery, bool)

AsActivityEntityQuery is the BasicEntityQuery implementation for EntityQuery.

func (EntityQuery) AsBasicEntityQuery 

func (eq EntityQuery) AsBasicEntityQuery() (BasicEntityQuery, bool)

AsBasicEntityQuery is the BasicEntityQuery implementation for EntityQuery.

func (EntityQuery) AsEntityQuery 

func (eq EntityQuery) AsEntityQuery() (*EntityQuery, bool)

AsEntityQuery is the BasicEntityQuery implementation for EntityQuery.

func (EntityQuery) AsExpansionEntityQuery 

func (eq EntityQuery) AsExpansionEntityQuery() (*ExpansionEntityQuery, bool)

AsExpansionEntityQuery is the BasicEntityQuery implementation for EntityQuery.

func (EntityQuery) MarshalJSON 

func (eq EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQuery.

type EntityQueryItem 

type EntityQueryItem struct {
	// ID - READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty"`
	// Name - Query Template ARM Name
	Name *string `json:"name,omitempty"`
	// Type - ARM Type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityQueryItemKindEntityQueryItem', 'KindBasicEntityQueryItemKindInsight'
	Kind KindBasicEntityQueryItem `json:"kind,omitempty"`
}

EntityQueryItem an abstract Query item for entity

func (EntityQueryItem) AsBasicEntityQueryItem 

func (eqi EntityQueryItem) AsBasicEntityQueryItem() (BasicEntityQueryItem, bool)

AsBasicEntityQueryItem is the BasicEntityQueryItem implementation for EntityQueryItem.

func (EntityQueryItem) AsEntityQueryItem 

func (eqi EntityQueryItem) AsEntityQueryItem() (*EntityQueryItem, bool)

AsEntityQueryItem is the BasicEntityQueryItem implementation for EntityQueryItem.

func (EntityQueryItem) AsInsightQueryItem 

func (eqi EntityQueryItem) AsInsightQueryItem() (*InsightQueryItem, bool)

AsInsightQueryItem is the BasicEntityQueryItem implementation for EntityQueryItem.

func (EntityQueryItem) MarshalJSON 

func (eqi EntityQueryItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryItem.

type EntityQueryItemProperties 

type EntityQueryItemProperties struct {
	// DataTypes - Data types for template
	DataTypes *[]EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"`
	// InputEntityType - The type of the entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark', 'EntityTypeMailCluster', 'EntityTypeMailMessage', 'EntityTypeMailbox', 'EntityTypeSubmissionMail'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// RequiredInputFieldsSets - Data types for template
	RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"`
	// EntitiesFilter - The query applied only to entities matching to all filters
	EntitiesFilter interface{} `json:"entitiesFilter,omitempty"`
}

EntityQueryItemProperties an properties abstract Query item for entity

type EntityQueryItemPropertiesDataTypesItem 

type EntityQueryItemPropertiesDataTypesItem struct {
	// DataType - Data type name
	DataType *string `json:"dataType,omitempty"`
}

EntityQueryItemPropertiesDataTypesItem ...

type EntityQueryKind 

type EntityQueryKind string

EntityQueryKind enumerates the values for entity query kind. 

const (
	// EntityQueryKindActivity ...
	EntityQueryKindActivity EntityQueryKind = "Activity"
	// EntityQueryKindExpansion ...
	EntityQueryKindExpansion EntityQueryKind = "Expansion"
	// EntityQueryKindInsight ...
	EntityQueryKindInsight EntityQueryKind = "Insight"
)

func PossibleEntityQueryKindValues 

func PossibleEntityQueryKindValues() []EntityQueryKind

PossibleEntityQueryKindValues returns an array of possible values for the EntityQueryKind const type.

type EntityQueryList 

type EntityQueryList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entity queries.
	Value *[]BasicEntityQuery `json:"value,omitempty"`
}

EntityQueryList list of all the entity queries.

func (EntityQueryList) IsEmpty 

func (eql EntityQueryList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityQueryList) MarshalJSON 

func (eql EntityQueryList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryList.

func (*EntityQueryList) UnmarshalJSON 

func (eql *EntityQueryList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQueryList struct.

type EntityQueryListIterator 

type EntityQueryListIterator struct {
	// contains filtered or unexported fields
}

EntityQueryListIterator provides access to a complete listing of EntityQuery values.

func NewEntityQueryListIterator 

func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator

Creates a new instance of the EntityQueryListIterator type.

func (*EntityQueryListIterator) Next 

func (iter *EntityQueryListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListIterator) NextWithContext 

func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryListIterator) NotDone 

func (iter EntityQueryListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryListIterator) Response 

func (iter EntityQueryListIterator) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListIterator) Value 

func (iter EntityQueryListIterator) Value() BasicEntityQuery

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryListPage 

type EntityQueryListPage struct {
	// contains filtered or unexported fields
}

EntityQueryListPage contains a page of BasicEntityQuery values.

func NewEntityQueryListPage 

func NewEntityQueryListPage(cur EntityQueryList, getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage

Creates a new instance of the EntityQueryListPage type.

func (*EntityQueryListPage) Next 

func (page *EntityQueryListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListPage) NextWithContext 

func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryListPage) NotDone 

func (page EntityQueryListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryListPage) Response 

func (page EntityQueryListPage) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListPage) Values 

func (page EntityQueryListPage) Values() []BasicEntityQuery

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryModel 

type EntityQueryModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntityQuery `json:"value,omitempty"`
}

EntityQueryModel ...

func (*EntityQueryModel) UnmarshalJSON 

func (eqm *EntityQueryModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQueryModel struct.

type EntityQueryTemplate 

type EntityQueryTemplate struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicEntityQueryTemplateKindEntityQueryTemplate', 'KindBasicEntityQueryTemplateKindActivity'
	Kind KindBasicEntityQueryTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

EntityQueryTemplate specific entity query template.

func (EntityQueryTemplate) AsActivityEntityQueryTemplate 

func (eqt EntityQueryTemplate) AsActivityEntityQueryTemplate() (*ActivityEntityQueryTemplate, bool)

AsActivityEntityQueryTemplate is the BasicEntityQueryTemplate implementation for EntityQueryTemplate.

func (EntityQueryTemplate) AsBasicEntityQueryTemplate 

func (eqt EntityQueryTemplate) AsBasicEntityQueryTemplate() (BasicEntityQueryTemplate, bool)

AsBasicEntityQueryTemplate is the BasicEntityQueryTemplate implementation for EntityQueryTemplate.

func (EntityQueryTemplate) AsEntityQueryTemplate 

func (eqt EntityQueryTemplate) AsEntityQueryTemplate() (*EntityQueryTemplate, bool)

AsEntityQueryTemplate is the BasicEntityQueryTemplate implementation for EntityQueryTemplate.

func (EntityQueryTemplate) MarshalJSON 

func (eqt EntityQueryTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryTemplate.

type EntityQueryTemplateKind 

type EntityQueryTemplateKind string

EntityQueryTemplateKind enumerates the values for entity query template kind. 

const (
	// EntityQueryTemplateKindActivity ...
	EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity"
)

func PossibleEntityQueryTemplateKindValues 

func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind

PossibleEntityQueryTemplateKindValues returns an array of possible values for the EntityQueryTemplateKind const type.

type EntityQueryTemplateList 

type EntityQueryTemplateList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entity query templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entity query templates.
	Value *[]BasicEntityQueryTemplate `json:"value,omitempty"`
}

EntityQueryTemplateList list of all the entity query templates.

func (EntityQueryTemplateList) IsEmpty 

func (eqtl EntityQueryTemplateList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityQueryTemplateList) MarshalJSON 

func (eqtl EntityQueryTemplateList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryTemplateList.

func (*EntityQueryTemplateList) UnmarshalJSON 

func (eqtl *EntityQueryTemplateList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQueryTemplateList struct.

type EntityQueryTemplateListIterator 

type EntityQueryTemplateListIterator struct {
	// contains filtered or unexported fields
}

EntityQueryTemplateListIterator provides access to a complete listing of EntityQueryTemplate values.

func NewEntityQueryTemplateListIterator 

func NewEntityQueryTemplateListIterator(page EntityQueryTemplateListPage) EntityQueryTemplateListIterator

Creates a new instance of the EntityQueryTemplateListIterator type.

func (*EntityQueryTemplateListIterator) Next 

func (iter *EntityQueryTemplateListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryTemplateListIterator) NextWithContext 

func (iter *EntityQueryTemplateListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryTemplateListIterator) NotDone 

func (iter EntityQueryTemplateListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryTemplateListIterator) Response 

func (iter EntityQueryTemplateListIterator) Response() EntityQueryTemplateList

Response returns the raw server response from the last page request.

func (EntityQueryTemplateListIterator) Value 

func (iter EntityQueryTemplateListIterator) Value() BasicEntityQueryTemplate

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryTemplateListPage 

type EntityQueryTemplateListPage struct {
	// contains filtered or unexported fields
}

EntityQueryTemplateListPage contains a page of BasicEntityQueryTemplate values.

func NewEntityQueryTemplateListPage 

func NewEntityQueryTemplateListPage(cur EntityQueryTemplateList, getNextPage func(context.Context, EntityQueryTemplateList) (EntityQueryTemplateList, error)) EntityQueryTemplateListPage

Creates a new instance of the EntityQueryTemplateListPage type.

func (*EntityQueryTemplateListPage) Next 

func (page *EntityQueryTemplateListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryTemplateListPage) NextWithContext 

func (page *EntityQueryTemplateListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryTemplateListPage) NotDone 

func (page EntityQueryTemplateListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryTemplateListPage) Response 

func (page EntityQueryTemplateListPage) Response() EntityQueryTemplateList

Response returns the raw server response from the last page request.

func (EntityQueryTemplateListPage) Values 

func (page EntityQueryTemplateListPage) Values() []BasicEntityQueryTemplate

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryTemplateModel 

type EntityQueryTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntityQueryTemplate `json:"value,omitempty"`
}

EntityQueryTemplateModel ...

func (*EntityQueryTemplateModel) UnmarshalJSON 

func (eqtm *EntityQueryTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQueryTemplateModel struct.

type EntityQueryTemplatesClient 

type EntityQueryTemplatesClient struct {
	BaseClient
}

EntityQueryTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueryTemplatesClient 

func NewEntityQueryTemplatesClient(subscriptionID string) EntityQueryTemplatesClient

NewEntityQueryTemplatesClient creates an instance of the EntityQueryTemplatesClient client.

func NewEntityQueryTemplatesClientWithBaseURI 

func NewEntityQueryTemplatesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueryTemplatesClient

NewEntityQueryTemplatesClientWithBaseURI creates an instance of the EntityQueryTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityQueryTemplatesClient) Get 

func (client EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string) (result EntityQueryTemplateModel, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityQueryTemplateID - entity query template ID

func (EntityQueryTemplatesClient) GetPreparer 

func (client EntityQueryTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueryTemplatesClient) GetResponder 

func (client EntityQueryTemplatesClient) GetResponder(resp *http.Response) (result EntityQueryTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueryTemplatesClient) GetSender 

func (client EntityQueryTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueryTemplatesClient) List 

func (client EntityQueryTemplatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (result EntityQueryTemplateListPage, err error)

List gets all entity query templates. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. kind - the entity template query kind we want to fetch

func (EntityQueryTemplatesClient) ListComplete 

func (client EntityQueryTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (result EntityQueryTemplateListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueryTemplatesClient) ListPreparer 

func (client EntityQueryTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, kind string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueryTemplatesClient) ListResponder 

func (client EntityQueryTemplatesClient) ListResponder(resp *http.Response) (result EntityQueryTemplateList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueryTemplatesClient) ListSender 

func (client EntityQueryTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityRelationsClient 

type EntityRelationsClient struct {
	BaseClient
}

EntityRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityRelationsClient 

func NewEntityRelationsClient(subscriptionID string) EntityRelationsClient

NewEntityRelationsClient creates an instance of the EntityRelationsClient client.

func NewEntityRelationsClientWithBaseURI 

func NewEntityRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntityRelationsClient

NewEntityRelationsClientWithBaseURI creates an instance of the EntityRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityRelationsClient) GetRelation 

func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string) (result Relation, err error)

GetRelation gets an entity relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. entityID - entity ID relationName - relation Name

func (EntityRelationsClient) GetRelationPreparer 

func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (EntityRelationsClient) GetRelationResponder 

func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (EntityRelationsClient) GetRelationSender 

func (client EntityRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

type EntityTimelineItem 

type EntityTimelineItem struct {
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindBookmark', 'KindBasicEntityTimelineItemKindSecurityAlert'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

EntityTimelineItem entity timeline Item.

func (EntityTimelineItem) AsActivityTimelineItem 

func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBasicEntityTimelineItem 

func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBookmarkTimelineItem 

func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsEntityTimelineItem 

func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsSecurityAlertTimelineItem 

func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) MarshalJSON 

func (eti EntityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityTimelineItem.

type EntityTimelineKind 

type EntityTimelineKind string

EntityTimelineKind enumerates the values for entity timeline kind. 

const (
	// EntityTimelineKindActivity activity
	EntityTimelineKindActivity EntityTimelineKind = "Activity"
	// EntityTimelineKindBookmark bookmarks
	EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
	// EntityTimelineKindSecurityAlert security alerts
	EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)

func PossibleEntityTimelineKindValues 

func PossibleEntityTimelineKindValues() []EntityTimelineKind

PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.

type EntityTimelineParameters 

type EntityTimelineParameters struct {
	// Kinds - Array of timeline Item kinds.
	Kinds *[]EntityTimelineKind `json:"kinds,omitempty"`
	// StartTime - The start timeline date, so the results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
	// EndTime - The end timeline date, so the results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// NumberOfBucket - The number of bucket for timeline queries aggregation.
	NumberOfBucket *int32 `json:"numberOfBucket,omitempty"`
}

EntityTimelineParameters the parameters required to execute s timeline operation on the given entity.

type EntityTimelineResponse 

type EntityTimelineResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the timeline operation results.
	MetaData *TimelineResultsMetadata `json:"metaData,omitempty"`
	// Value - The timeline result values.
	Value *[]BasicEntityTimelineItem `json:"value,omitempty"`
}

EntityTimelineResponse the entity timeline result operation response.

func (*EntityTimelineResponse) UnmarshalJSON 

func (etr *EntityTimelineResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityTimelineResponse struct.

type EntityType 

type EntityType string

EntityType enumerates the values for entity type. 

const (
	// EntityTypeAccount Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIoTDevice Entity represents IoT device in the system.
	EntityTypeIoTDevice EntityType = "IoTDevice"
	// EntityTypeIP Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeMailbox Entity represents mailbox in the system.
	EntityTypeMailbox EntityType = "Mailbox"
	// EntityTypeMailCluster Entity represents mail cluster in the system.
	EntityTypeMailCluster EntityType = "MailCluster"
	// EntityTypeMailMessage Entity represents mail message in the system.
	EntityTypeMailMessage EntityType = "MailMessage"
	// EntityTypeMalware Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeProcess Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeSubmissionMail Entity represents submission mail in the system.
	EntityTypeSubmissionMail EntityType = "SubmissionMail"
	// EntityTypeURL Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues 

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns an array of possible values for the EntityType const type.

type ErrorAdditionalInfo 

type ErrorAdditionalInfo struct {
	// Type - READ-ONLY; The additional info type.
	Type *string `json:"type,omitempty"`
	// Info - READ-ONLY; The additional info.
	Info interface{} `json:"info,omitempty"`
}

ErrorAdditionalInfo the resource management error additional info.

func (ErrorAdditionalInfo) MarshalJSON 

func (eai ErrorAdditionalInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ErrorAdditionalInfo.

type ErrorDetail 

type ErrorDetail struct {
	// Code - READ-ONLY; The error code.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; The error message.
	Message *string `json:"message,omitempty"`
	// Target - READ-ONLY; The error target.
	Target *string `json:"target,omitempty"`
	// Details - READ-ONLY; The error details.
	Details *[]ErrorDetail `json:"details,omitempty"`
	// AdditionalInfo - READ-ONLY; The error additional info.
	AdditionalInfo *[]ErrorAdditionalInfo `json:"additionalInfo,omitempty"`
}

ErrorDetail the error detail.

func (ErrorDetail) MarshalJSON 

func (ed ErrorDetail) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ErrorDetail.

type ErrorResponse 

type ErrorResponse struct {
	// Error - The error object.
	Error *ErrorDetail `json:"error,omitempty"`
}

ErrorResponse common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

type EventGroupingAggregationKind 

type EventGroupingAggregationKind string

EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. 

const (
	// EventGroupingAggregationKindAlertPerResult ...
	EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	// EventGroupingAggregationKindSingleAlert ...
	EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues 

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.

type EventGroupingSettings 

type EventGroupingSettings struct {
	// AggregationKind - Possible values include: 'EventGroupingAggregationKindSingleAlert', 'EventGroupingAggregationKindAlertPerResult'
	AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}

EventGroupingSettings event grouping settings property bag.

type ExpansionEntityQueriesProperties 

type ExpansionEntityQueriesProperties struct {
	// DataSources - List of the data sources that are required to run the query
	DataSources *[]string `json:"dataSources,omitempty"`
	// DisplayName - The query display name
	DisplayName *string `json:"displayName,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark', 'EntityTypeMailCluster', 'EntityTypeMailMessage', 'EntityTypeMailbox', 'EntityTypeSubmissionMail'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// InputFields - List of the fields of the source entity that are required to run the query
	InputFields *[]string `json:"inputFields,omitempty"`
	// OutputEntityTypes - List of the desired output types to be constructed from the result
	OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"`
	// QueryTemplate - The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

ExpansionEntityQueriesProperties describes expansion entity query properties

type ExpansionEntityQuery 

type ExpansionEntityQuery struct {
	// ExpansionEntityQueriesProperties - Expansion entity query properties
	*ExpansionEntityQueriesProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityQueryKindEntityQuery', 'KindBasicEntityQueryKindExpansion', 'KindBasicEntityQueryKindActivity'
	Kind KindBasicEntityQuery `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ExpansionEntityQuery represents Expansion entity query.

func (ExpansionEntityQuery) AsActivityEntityQuery 

func (eeq ExpansionEntityQuery) AsActivityEntityQuery() (*ActivityEntityQuery, bool)

AsActivityEntityQuery is the BasicEntityQuery implementation for ExpansionEntityQuery.

func (ExpansionEntityQuery) AsBasicEntityQuery 

func (eeq ExpansionEntityQuery) AsBasicEntityQuery() (BasicEntityQuery, bool)

AsBasicEntityQuery is the BasicEntityQuery implementation for ExpansionEntityQuery.

func (ExpansionEntityQuery) AsEntityQuery 

func (eeq ExpansionEntityQuery) AsEntityQuery() (*EntityQuery, bool)

AsEntityQuery is the BasicEntityQuery implementation for ExpansionEntityQuery.

func (ExpansionEntityQuery) AsExpansionEntityQuery 

func (eeq ExpansionEntityQuery) AsExpansionEntityQuery() (*ExpansionEntityQuery, bool)

AsExpansionEntityQuery is the BasicEntityQuery implementation for ExpansionEntityQuery.

func (ExpansionEntityQuery) MarshalJSON 

func (eeq ExpansionEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ExpansionEntityQuery.

func (*ExpansionEntityQuery) UnmarshalJSON 

func (eeq *ExpansionEntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ExpansionEntityQuery struct.

type ExpansionResultAggregation 

type ExpansionResultAggregation struct {
	// AggregationType - The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`
	// Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`
	// DisplayName - The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark', 'EntityKindMailCluster', 'EntityKindMailMessage', 'EntityKindMailbox', 'EntityKindSubmissionMail'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

ExpansionResultAggregation information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata 

type ExpansionResultsMetadata struct {
	// Aggregations - Information of the aggregated nodes in the expansion result.
	Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata expansion result metadata.

type EyesOn 

type EyesOn struct {
	// EyesOnSettingsProperties - EyesOn properties
	*EyesOnSettingsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicSettingsKindSettings', 'KindBasicSettingsKindAnomalies', 'KindBasicSettingsKindEyesOn', 'KindBasicSettingsKindEntityAnalytics', 'KindBasicSettingsKindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

EyesOn settings with single toggle.

func (EyesOn) AsAnomalies 

func (eo EyesOn) AsAnomalies() (*Anomalies, bool)

AsAnomalies is the BasicSettings implementation for EyesOn.

func (EyesOn) AsBasicSettings 

func (eo EyesOn) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEntityAnalytics 

func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEyesOn 

func (eo EyesOn) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EyesOn.

func (EyesOn) AsSettings 

func (eo EyesOn) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsUeba 

func (eo EyesOn) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EyesOn.

func (EyesOn) MarshalJSON 

func (eo EyesOn) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EyesOn.

func (*EyesOn) UnmarshalJSON 

func (eo *EyesOn) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EyesOn struct.

type EyesOnSettingsProperties 

type EyesOnSettingsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EyesOnSettingsProperties eyesOn property bag.

func (EyesOnSettingsProperties) MarshalJSON 

func (eosp EyesOnSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EyesOnSettingsProperties.

type FieldMapping 

type FieldMapping struct {
	// Identifier - the V3 identifier of the entity
	Identifier *string `json:"identifier,omitempty"`
	// ColumnName - the column name to be mapped to the identifier
	ColumnName *string `json:"columnName,omitempty"`
}

FieldMapping a single field mapping of the mapped entity

type FileEntity 

type FileEntity struct {
	// FileEntityProperties - File entity properties
	*FileEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

FileEntity represents a file entity.

func (FileEntity) AsAccountEntity 

func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsAzureResourceEntity 

func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsBasicEntity 

func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsCloudApplicationEntity 

func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsDNSEntity 

func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsEntity 

func (fe FileEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileEntity 

func (fe FileEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileHashEntity 

func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHostEntity 

func (fe FileEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHuntingBookmark 

func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIPEntity 

func (fe FileEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIoTDeviceEntity 

func (fe FileEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMailClusterEntity 

func (fe FileEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMailMessageEntity 

func (fe FileEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMailboxEntity 

func (fe FileEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMalwareEntity 

func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsProcessEntity 

func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryKeyEntity 

func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryValueEntity 

func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityAlert 

func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityGroupEntity 

func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSubmissionMailEntity 

func (fe FileEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsURLEntity 

func (fe FileEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) MarshalJSON 

func (fe FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntity.

func (*FileEntity) UnmarshalJSON 

func (fe *FileEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileEntity struct.

type FileEntityProperties 

type FileEntityProperties struct {
	// Directory - READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty"`
	// FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"`
	// FileName - READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileEntityProperties file entity property bag.

func (FileEntityProperties) MarshalJSON 

func (fep FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntityProperties.

type FileHashAlgorithm 

type FileHashAlgorithm string

FileHashAlgorithm enumerates the values for file hash algorithm. 

const (
	// FileHashAlgorithmMD5 MD5 hash type
	FileHashAlgorithmMD5 FileHashAlgorithm = "MD5"
	// FileHashAlgorithmSHA1 SHA1 hash type
	FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1"
	// FileHashAlgorithmSHA256 SHA256 hash type
	FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256"
	// FileHashAlgorithmSHA256AC SHA256 Authenticode hash type
	FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC"
	// FileHashAlgorithmUnknown Unknown hash algorithm
	FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues 

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.

type FileHashEntity 

type FileHashEntity struct {
	// FileHashEntityProperties - FileHash entity properties
	*FileHashEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

FileHashEntity represents a file hash entity.

func (FileHashEntity) AsAccountEntity 

func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsAzureResourceEntity 

func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsBasicEntity 

func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsCloudApplicationEntity 

func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsDNSEntity 

func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsEntity 

func (fhe FileHashEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileEntity 

func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileHashEntity 

func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHostEntity 

func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHuntingBookmark 

func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIPEntity 

func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIoTDeviceEntity 

func (fhe FileHashEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMailClusterEntity 

func (fhe FileHashEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMailMessageEntity 

func (fhe FileHashEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMailboxEntity 

func (fhe FileHashEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMalwareEntity 

func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsProcessEntity 

func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryKeyEntity 

func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryValueEntity 

func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityAlert 

func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityGroupEntity 

func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSubmissionMailEntity 

func (fhe FileHashEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsURLEntity 

func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) MarshalJSON 

func (fhe FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntity.

func (*FileHashEntity) UnmarshalJSON 

func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.

type FileHashEntityProperties 

type FileHashEntityProperties struct {
	// Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'FileHashAlgorithmUnknown', 'FileHashAlgorithmMD5', 'FileHashAlgorithmSHA1', 'FileHashAlgorithmSHA256', 'FileHashAlgorithmSHA256AC'
	Algorithm FileHashAlgorithm `json:"algorithm,omitempty"`
	// HashValue - READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileHashEntityProperties fileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON 

func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntityProperties.

type FusionAlertRule 

type FusionAlertRule struct {
	// FusionAlertRuleProperties - Fusion alert rule properties
	*FusionAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

FusionAlertRule represents Fusion alert rule.

func (FusionAlertRule) AsAlertRule 

func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsBasicAlertRule 

func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsFusionAlertRule 

func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (far FusionAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsNrtAlertRule 

func (far FusionAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsScheduledAlertRule 

func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsThreatIntelligenceAlertRule 

func (far FusionAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (far FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (far *FusionAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleProperties fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// FusionAlertRuleTemplateProperties - Fusion alert rule template properties
	*FusionAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

FusionAlertRuleTemplate represents Fusion alert rule template.

func (FusionAlertRuleTemplate) AsAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

FusionAlertRuleTemplateProperties fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (fart FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties.

type GeoLocation 

type GeoLocation struct {
	// Asn - READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty"`
	// City - READ-ONLY; City name
	City *string `json:"city,omitempty"`
	// CountryCode - READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty"`
	// CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty"`
	// Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty"`
	// Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty"`
	// State - READ-ONLY; State name
	State *string `json:"state,omitempty"`
}

GeoLocation the geo-location context attached to the ip entity

func (GeoLocation) MarshalJSON 

func (gl GeoLocation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for GeoLocation.

type GetInsightsError 

type GetInsightsError struct {
	// Kind - the query kind
	Kind *string `json:"kind,omitempty"`
	// QueryID - the query id
	QueryID *string `json:"queryId,omitempty"`
	// ErrorMessage - the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`
}

GetInsightsError getInsights Query Errors.

type GetInsightsResultsMetadata 

type GetInsightsResultsMetadata struct {
	// TotalCount - the total items found for the insights request
	TotalCount *int32 `json:"totalCount,omitempty"`
	// Errors - information about the failed queries
	Errors *[]GetInsightsError `json:"errors,omitempty"`
}

GetInsightsResultsMetadata get Insights result metadata.

type GetQueriesResponse 

type GetQueriesResponse struct {
	autorest.Response `json:"-"`
	// Value - The query result values.
	Value *[]BasicEntityQueryItem `json:"value,omitempty"`
}

GetQueriesResponse retrieve queries for entity result operation response.

func (*GetQueriesResponse) UnmarshalJSON 

func (gqr *GetQueriesResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for GetQueriesResponse struct.

type GraphQueries 

type GraphQueries struct {
	// MetricName - the metric that the query is checking
	MetricName *string `json:"metricName,omitempty"`
	// Legend - The legend for the graph
	Legend *string `json:"legend,omitempty"`
	// BaseQuery - The base query for the graph
	BaseQuery *string `json:"baseQuery,omitempty"`
}

GraphQueries the graph query to show the current data status

type GroupingConfiguration 

type GroupingConfiguration struct {
	// Enabled - Grouping enabled
	Enabled *bool `json:"enabled,omitempty"`
	// ReopenClosedIncident - Re-open closed matching incidents
	ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"`
	// LookbackDuration - Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string `json:"lookbackDuration,omitempty"`
	// MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. Possible values include: 'MatchingMethodAllEntities', 'MatchingMethodAnyAlert', 'MatchingMethodSelected'
	MatchingMethod MatchingMethod `json:"matchingMethod,omitempty"`
	// GroupByEntities - A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
	GroupByEntities *[]EntityMappingType `json:"groupByEntities,omitempty"`
	// GroupByAlertDetails - A list of alert details to group by (when matchingMethod is Selected)
	GroupByAlertDetails *[]AlertDetail `json:"groupByAlertDetails,omitempty"`
	// GroupByCustomDetails - A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
	GroupByCustomDetails *[]string `json:"groupByCustomDetails,omitempty"`
}

GroupingConfiguration grouping configuration property bag.

type HostEntity 

type HostEntity struct {
	// HostEntityProperties - Host entity properties
	*HostEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

HostEntity represents a host entity.

func (HostEntity) AsAccountEntity 

func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsAzureResourceEntity 

func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsBasicEntity 

func (he HostEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsCloudApplicationEntity 

func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsDNSEntity 

func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsEntity 

func (he HostEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileEntity 

func (he HostEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileHashEntity 

func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHostEntity 

func (he HostEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHuntingBookmark 

func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIPEntity 

func (he HostEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIoTDeviceEntity 

func (he HostEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMailClusterEntity 

func (he HostEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMailMessageEntity 

func (he HostEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMailboxEntity 

func (he HostEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMalwareEntity 

func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsProcessEntity 

func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryKeyEntity 

func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryValueEntity 

func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityAlert 

func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityGroupEntity 

func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSubmissionMailEntity 

func (he HostEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsURLEntity 

func (he HostEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) MarshalJSON 

func (he HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntity.

func (*HostEntity) UnmarshalJSON 

func (he *HostEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HostEntity struct.

type HostEntityProperties 

type HostEntityProperties struct {
	// AzureID - READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty"`
	// DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// HostName - READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NetBiosName - READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty"`
	// NtDomain - READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty"`
	// OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty"`
	// OsFamily - The operating system type. Possible values include: 'OSFamilyLinux', 'OSFamilyWindows', 'OSFamilyAndroid', 'OSFamilyIOS', 'OSFamilyUnknown'
	OsFamily OSFamily `json:"osFamily,omitempty"`
	// OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
	OsVersion *string `json:"osVersion,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HostEntityProperties host entity property bag.

func (HostEntityProperties) MarshalJSON 

func (hep HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntityProperties.

type HuntingBookmark 

type HuntingBookmark struct {
	// HuntingBookmarkProperties - HuntingBookmark entity properties
	*HuntingBookmarkProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

HuntingBookmark represents a Hunting bookmark entity.

func (HuntingBookmark) AsAccountEntity 

func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsAzureResourceEntity 

func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsBasicEntity 

func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsCloudApplicationEntity 

func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsDNSEntity 

func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsEntity 

func (hb HuntingBookmark) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileEntity 

func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileHashEntity 

func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHostEntity 

func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHuntingBookmark 

func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIPEntity 

func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIoTDeviceEntity 

func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMailClusterEntity 

func (hb HuntingBookmark) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMailMessageEntity 

func (hb HuntingBookmark) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMailboxEntity 

func (hb HuntingBookmark) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMalwareEntity 

func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsProcessEntity 

func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryKeyEntity 

func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryValueEntity 

func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityAlert 

func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityGroupEntity 

func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSubmissionMailEntity 

func (hb HuntingBookmark) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsURLEntity 

func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) MarshalJSON 

func (hb HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON 

func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct.

type HuntingBookmarkProperties 

type HuntingBookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// EventTime - The time of the event
	EventTime *date.Time `json:"eventTime,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HuntingBookmarkProperties describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON 

func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmarkProperties.

type IPEntity 

type IPEntity struct {
	// IPEntityProperties - Ip entity properties
	*IPEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

IPEntity represents an ip entity.

func (IPEntity) AsAccountEntity 

func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsAzureResourceEntity 

func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsBasicEntity 

func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsCloudApplicationEntity 

func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsDNSEntity 

func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsEntity 

func (ie IPEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileEntity 

func (ie IPEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileHashEntity 

func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHostEntity 

func (ie IPEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHuntingBookmark 

func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIPEntity 

func (ie IPEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIoTDeviceEntity 

func (ie IPEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMailClusterEntity 

func (ie IPEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMailMessageEntity 

func (ie IPEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMailboxEntity 

func (ie IPEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMalwareEntity 

func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsProcessEntity 

func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryKeyEntity 

func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryValueEntity 

func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityAlert 

func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityGroupEntity 

func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSubmissionMailEntity 

func (ie IPEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsURLEntity 

func (ie IPEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) MarshalJSON 

func (ie IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntity.

func (*IPEntity) UnmarshalJSON 

func (ie *IPEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IPEntity struct.

type IPEntityProperties 

type IPEntityProperties struct {
	// Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty"`
	// Location - The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IPEntityProperties ip entity property bag.

func (IPEntityProperties) MarshalJSON 

func (iep IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntityProperties.

type IPGeodataClient 

type IPGeodataClient struct {
	BaseClient
}

IPGeodataClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIPGeodataClient 

func NewIPGeodataClient(subscriptionID string) IPGeodataClient

NewIPGeodataClient creates an instance of the IPGeodataClient client.

func NewIPGeodataClientWithBaseURI 

func NewIPGeodataClientWithBaseURI(baseURI string, subscriptionID string) IPGeodataClient

NewIPGeodataClientWithBaseURI creates an instance of the IPGeodataClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IPGeodataClient) Get 

func (client IPGeodataClient) Get(ctx context.Context, resourceGroupName string, IPAddress string) (result EnrichmentIPGeodata, err error)

Get get geodata for a single IP address Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. IPAddress - IP address (v4 or v6) to be enriched

func (IPGeodataClient) GetPreparer 

func (client IPGeodataClient) GetPreparer(ctx context.Context, resourceGroupName string, IPAddress string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IPGeodataClient) GetResponder 

func (client IPGeodataClient) GetResponder(resp *http.Response) (result EnrichmentIPGeodata, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IPGeodataClient) GetSender 

func (client IPGeodataClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type Incident 

type Incident struct {
	autorest.Response `json:"-"`
	// IncidentProperties - Incident properties
	*IncidentProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Incident represents an incident in Azure Security Insights.

func (Incident) MarshalJSON 

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Incident.

func (*Incident) UnmarshalJSON 

func (i *Incident) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Incident struct.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// AlertsCount - READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty"`
	// BookmarksCount - READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty"`
	// CommentsCount - READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty"`
	// AlertProductNames - READ-ONLY; List of product names of alerts in the incident
	AlertProductNames *[]string `json:"alertProductNames,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with incident
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

IncidentAdditionalData incident additional data property bag.

func (IncidentAdditionalData) MarshalJSON 

func (iad IncidentAdditionalData) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentAdditionalData.

type IncidentAlertList 

type IncidentAlertList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident alerts.
	Value *[]SecurityAlert `json:"value,omitempty"`
}

IncidentAlertList list of incident alerts.

type IncidentBookmarkList 

type IncidentBookmarkList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident bookmarks.
	Value *[]HuntingBookmark `json:"value,omitempty"`
}

IncidentBookmarkList list of incident bookmarks.

type IncidentClassification 

type IncidentClassification string

IncidentClassification enumerates the values for incident classification. 

const (
	// IncidentClassificationBenignPositive Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason enumerates the values for incident classification reason. 

const (
	// IncidentClassificationReasonInaccurateData Classification reason was inaccurate data
	IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData"
	// IncidentClassificationReasonIncorrectAlertLogic Classification reason was incorrect alert logic
	IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// IncidentClassificationReasonSuspiciousActivity Classification reason was suspicious activity
	IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// IncidentClassificationReasonSuspiciousButExpected Classification reason was suspicious but expected
	IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.

type IncidentComment 

type IncidentComment struct {
	autorest.Response `json:"-"`
	// IncidentCommentProperties - Incident comment properties
	*IncidentCommentProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

IncidentComment represents an incident comment

func (IncidentComment) MarshalJSON 

func (ic IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentComment.

func (*IncidentComment) UnmarshalJSON 

func (ic *IncidentComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentComment struct.

type IncidentCommentList 

type IncidentCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]IncidentComment `json:"value,omitempty"`
}

IncidentCommentList list of incident comments.

func (IncidentCommentList) IsEmpty 

func (icl IncidentCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentCommentList) MarshalJSON 

func (icl IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentList.

type IncidentCommentListIterator 

type IncidentCommentListIterator struct {
	// contains filtered or unexported fields
}

IncidentCommentListIterator provides access to a complete listing of IncidentComment values.

func NewIncidentCommentListIterator 

func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator

Creates a new instance of the IncidentCommentListIterator type.

func (*IncidentCommentListIterator) Next 

func (iter *IncidentCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListIterator) NextWithContext 

func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentCommentListIterator) NotDone 

func (iter IncidentCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentCommentListIterator) Response 

func (iter IncidentCommentListIterator) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListIterator) Value 

func (iter IncidentCommentListIterator) Value() IncidentComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentCommentListPage 

type IncidentCommentListPage struct {
	// contains filtered or unexported fields
}

IncidentCommentListPage contains a page of IncidentComment values.

func NewIncidentCommentListPage 

func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage

Creates a new instance of the IncidentCommentListPage type.

func (*IncidentCommentListPage) Next 

func (page *IncidentCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListPage) NextWithContext 

func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentCommentListPage) NotDone 

func (page IncidentCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentCommentListPage) Response 

func (page IncidentCommentListPage) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListPage) Values 

func (page IncidentCommentListPage) Values() []IncidentComment

Values returns the slice of values for the current page or nil if there are no values.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The time the comment was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// Author - READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty"`
}

IncidentCommentProperties incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	BaseClient
}

IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client.

func NewIncidentCommentsClientWithBaseURI 

func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentCommentsClient) CreateOrUpdate 

func (client IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error)

CreateOrUpdate creates or updates the incident comment. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID incidentComment - the incident comment

func (IncidentCommentsClient) CreateOrUpdatePreparer 

func (client IncidentCommentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentCommentsClient) CreateOrUpdateResponder 

func (client IncidentCommentsClient) CreateOrUpdateResponder(resp *http.Response) (result IncidentComment, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentCommentsClient) CreateOrUpdateSender 

func (client IncidentCommentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) Delete 

func (client IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error)

Delete delete the incident comment. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) DeletePreparer 

func (client IncidentCommentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentCommentsClient) DeleteResponder 

func (client IncidentCommentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentCommentsClient) DeleteSender 

func (client IncidentCommentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) Get 

func (client IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error)

Get gets an incident comment. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) GetPreparer 

func (client IncidentCommentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentCommentsClient) GetResponder 

func (client IncidentCommentsClient) GetResponder(resp *http.Response) (result IncidentComment, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentCommentsClient) GetSender 

func (client IncidentCommentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) List 

func (client IncidentCommentsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error)

List gets all incident comments. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentCommentsClient) ListComplete 

func (client IncidentCommentsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentCommentsClient) ListPreparer 

func (client IncidentCommentsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentCommentsClient) ListResponder 

func (client IncidentCommentsClient) ListResponder(resp *http.Response) (result IncidentCommentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentCommentsClient) ListSender 

func (client IncidentCommentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IncidentConfiguration 

type IncidentConfiguration struct {
	// CreateIncident - Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool `json:"createIncident,omitempty"`
	// GroupingConfiguration - Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}

IncidentConfiguration incident Configuration property bag.

type IncidentEntitiesResponse 

type IncidentEntitiesResponse struct {
	autorest.Response `json:"-"`
	// Entities - Array of the incident related entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
	// MetaData - The metadata from the incident related entities results.
	MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"`
}

IncidentEntitiesResponse the incident related entities response.

func (*IncidentEntitiesResponse) UnmarshalJSON 

func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct.

type IncidentEntitiesResultsMetadata 

type IncidentEntitiesResultsMetadata struct {
	// Count - Total number of aggregations of the given kind in the incident related entities result.
	Count *int32 `json:"count,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark', 'EntityKindMailCluster', 'EntityKindMailMessage', 'EntityKindMailbox', 'EntityKindSubmissionMail'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities result.

type IncidentInfo 

type IncidentInfo struct {
	// IncidentID - Incident Id
	IncidentID *string `json:"incidentId,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
	// RelationName - Relation Name
	RelationName *string `json:"relationName,omitempty"`
}

IncidentInfo describes related incident information for the bookmark

type IncidentLabel 

type IncidentLabel struct {
	// LabelName - The name of the label
	LabelName *string `json:"labelName,omitempty"`
	// LabelType - READ-ONLY; The type of the label. Possible values include: 'IncidentLabelTypeUser', 'IncidentLabelTypeSystem'
	LabelType IncidentLabelType `json:"labelType,omitempty"`
}

IncidentLabel represents an incident label

func (IncidentLabel) MarshalJSON 

func (il IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentLabel.

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType enumerates the values for incident label type. 

const (
	// IncidentLabelTypeSystem Label automatically created by the system
	IncidentLabelTypeSystem IncidentLabelType = "System"
	// IncidentLabelTypeUser Label manually created by a user
	IncidentLabelTypeUser IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.

type IncidentList 

type IncidentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of incidents.
	Value *[]Incident `json:"value,omitempty"`
}

IncidentList list all the incidents.

func (IncidentList) IsEmpty 

func (il IncidentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentList) MarshalJSON 

func (il IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentList.

type IncidentListIterator 

type IncidentListIterator struct {
	// contains filtered or unexported fields
}

IncidentListIterator provides access to a complete listing of Incident values.

func NewIncidentListIterator 

func NewIncidentListIterator(page IncidentListPage) IncidentListIterator

Creates a new instance of the IncidentListIterator type.

func (*IncidentListIterator) Next 

func (iter *IncidentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListIterator) NextWithContext 

func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentListIterator) NotDone 

func (iter IncidentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentListIterator) Response 

func (iter IncidentListIterator) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListIterator) Value 

func (iter IncidentListIterator) Value() Incident

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentListPage 

type IncidentListPage struct {
	// contains filtered or unexported fields
}

IncidentListPage contains a page of Incident values.

func NewIncidentListPage 

func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage

Creates a new instance of the IncidentListPage type.

func (*IncidentListPage) Next 

func (page *IncidentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListPage) NextWithContext 

func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentListPage) NotDone 

func (page IncidentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentListPage) Response 

func (page IncidentListPage) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListPage) Values 

func (page IncidentListPage) Values() []Incident

Values returns the slice of values for the current page or nil if there are no values.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// Email - The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`
	// AssignedTo - The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`
	// ObjectID - The object id of the user the incident is assigned to.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
	// OwnerType - READ-ONLY; The type of the owner the incident is assigned to. Possible values include: 'OwnerTypeUnknown', 'OwnerTypeUser', 'OwnerTypeGroup'
	OwnerType OwnerType `json:"ownerType,omitempty"`
}

IncidentOwnerInfo information on the user an incident is assigned to

func (IncidentOwnerInfo) MarshalJSON 

func (ioi IncidentOwnerInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentOwnerInfo.

type IncidentProperties 

type IncidentProperties struct {
	// AdditionalData - READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"`
	// Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUndetermined', 'IncidentClassificationTruePositive', 'IncidentClassificationBenignPositive', 'IncidentClassificationFalsePositive'
	Classification IncidentClassification `json:"classification,omitempty"`
	// ClassificationComment - Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`
	// ClassificationReason - The classification reason the incident was closed with. Possible values include: 'IncidentClassificationReasonSuspiciousActivity', 'IncidentClassificationReasonSuspiciousButExpected', 'IncidentClassificationReasonIncorrectAlertLogic', 'IncidentClassificationReasonInaccurateData'
	ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the incident was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the incident
	Description *string `json:"description,omitempty"`
	// FirstActivityTimeUtc - The time of the first activity in the incident
	FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"`
	// IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty"`
	// IncidentNumber - READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty"`
	// Labels - List of labels relevant to this incident
	Labels *[]IncidentLabel `json:"labels,omitempty"`
	// ProviderName - The name of the source provider that generated the incident
	ProviderName *string `json:"providerName,omitempty"`
	// ProviderIncidentID - The incident ID assigned by the incident provider
	ProviderIncidentID *string `json:"providerIncidentId,omitempty"`
	// LastActivityTimeUtc - The time of the last activity in the incident
	LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Owner - Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`
	// RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed'
	Status IncidentStatus `json:"status,omitempty"`
	// TeamInformation - Describes a team for the incident
	TeamInformation *TeamInformation `json:"teamInformation,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentProperties describes incident properties

func (IncidentProperties) MarshalJSON 

func (IP IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentProperties.

type IncidentRelationsClient 

type IncidentRelationsClient struct {
	BaseClient
}

IncidentRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentRelationsClient 

func NewIncidentRelationsClient(subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClient creates an instance of the IncidentRelationsClient client.

func NewIncidentRelationsClientWithBaseURI 

func NewIncidentRelationsClientWithBaseURI(baseURI string, subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClientWithBaseURI creates an instance of the IncidentRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentRelationsClient) CreateOrUpdate 

func (client IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdate creates or updates the incident relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name relation - the relation model

func (IncidentRelationsClient) CreateOrUpdatePreparer 

func (client IncidentRelationsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentRelationsClient) CreateOrUpdateResponder 

func (client IncidentRelationsClient) CreateOrUpdateResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentRelationsClient) CreateOrUpdateSender 

func (client IncidentRelationsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) Delete 

func (client IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error)

Delete delete the incident relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) DeletePreparer 

func (client IncidentRelationsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentRelationsClient) DeleteResponder 

func (client IncidentRelationsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentRelationsClient) DeleteSender 

func (client IncidentRelationsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) Get 

func (client IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string) (result Relation, err error)

Get gets an incident relation. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) GetPreparer 

func (client IncidentRelationsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentRelationsClient) GetResponder 

func (client IncidentRelationsClient) GetResponder(resp *http.Response) (result Relation, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentRelationsClient) GetSender 

func (client IncidentRelationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) List 

func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all incident relations. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentRelationsClient) ListComplete 

func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentRelationsClient) ListPreparer 

func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentRelationsClient) ListResponder 

func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentRelationsClient) ListSender 

func (client IncidentRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity enumerates the values for incident severity. 

const (
	// IncidentSeverityHigh High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.

type IncidentStatus 

type IncidentStatus string

IncidentStatus enumerates the values for incident status. 

const (
	// IncidentStatusActive An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.

type IncidentsClient 

type IncidentsClient struct {
	BaseClient
}

IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string) IncidentsClient

NewIncidentsClient creates an instance of the IncidentsClient client.

func NewIncidentsClientWithBaseURI 

func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient

NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentsClient) CreateOrUpdate 

func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (result Incident, err error)

CreateOrUpdate creates or updates the incident. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID incident - the incident

func (IncidentsClient) CreateOrUpdatePreparer 

func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentsClient) CreateOrUpdateResponder 

func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentsClient) CreateOrUpdateSender 

func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) CreateTeam 

func (client IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties) (result TeamInformation, err error)

CreateTeam creates a Microsoft team to investigate the incident by sharing information and insights between participants. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID teamProperties - team properties

func (IncidentsClient) CreateTeamPreparer 

func (client IncidentsClient) CreateTeamPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties) (*http.Request, error)

CreateTeamPreparer prepares the CreateTeam request.

func (IncidentsClient) CreateTeamResponder 

func (client IncidentsClient) CreateTeamResponder(resp *http.Response) (result TeamInformation, err error)

CreateTeamResponder handles the response to the CreateTeam request. The method always closes the http.Response Body.

func (IncidentsClient) CreateTeamSender 

func (client IncidentsClient) CreateTeamSender(req *http.Request) (*http.Response, error)

CreateTeamSender sends the CreateTeam request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Delete 

func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result autorest.Response, err error)

Delete delete the incident. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) DeletePreparer 

func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentsClient) DeleteResponder 

func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentsClient) DeleteSender 

func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Get 

func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result Incident, err error)

Get gets an incident. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) GetPreparer 

func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentsClient) GetResponder 

func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentsClient) GetSender 

func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) List 

func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error)

List gets all incidents. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentsClient) ListAlerts 

func (client IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result IncidentAlertList, err error)

ListAlerts gets all incident alerts. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListAlertsPreparer 

func (client IncidentsClient) ListAlertsPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

ListAlertsPreparer prepares the ListAlerts request.

func (IncidentsClient) ListAlertsResponder 

func (client IncidentsClient) ListAlertsResponder(resp *http.Response) (result IncidentAlertList, err error)

ListAlertsResponder handles the response to the ListAlerts request. The method always closes the http.Response Body.

func (IncidentsClient) ListAlertsSender 

func (client IncidentsClient) ListAlertsSender(req *http.Request) (*http.Response, error)

ListAlertsSender sends the ListAlerts request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListBookmarks 

func (client IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error)

ListBookmarks gets all incident bookmarks. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListBookmarksPreparer 

func (client IncidentsClient) ListBookmarksPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

ListBookmarksPreparer prepares the ListBookmarks request.

func (IncidentsClient) ListBookmarksResponder 

func (client IncidentsClient) ListBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error)

ListBookmarksResponder handles the response to the ListBookmarks request. The method always closes the http.Response Body.

func (IncidentsClient) ListBookmarksSender 

func (client IncidentsClient) ListBookmarksSender(req *http.Request) (*http.Response, error)

ListBookmarksSender sends the ListBookmarks request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListComplete 

func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentsClient) ListEntities 

func (client IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error)

ListEntities gets all incident related entities. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListEntitiesPreparer 

func (client IncidentsClient) ListEntitiesPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error)

ListEntitiesPreparer prepares the ListEntities request.

func (IncidentsClient) ListEntitiesResponder 

func (client IncidentsClient) ListEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error)

ListEntitiesResponder handles the response to the ListEntities request. The method always closes the http.Response Body.

func (IncidentsClient) ListEntitiesSender 

func (client IncidentsClient) ListEntitiesSender(req *http.Request) (*http.Response, error)

ListEntitiesSender sends the ListEntities request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListPreparer 

func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentsClient) ListResponder 

func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentsClient) ListSender 

func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type InsightQueryItem 

type InsightQueryItem struct {
	// Properties - Properties bag for InsightQueryItem
	Properties *InsightQueryItemProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty"`
	// Name - Query Template ARM Name
	Name *string `json:"name,omitempty"`
	// Type - ARM Type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityQueryItemKindEntityQueryItem', 'KindBasicEntityQueryItemKindInsight'
	Kind KindBasicEntityQueryItem `json:"kind,omitempty"`
}

InsightQueryItem represents Insight Query.

func (InsightQueryItem) AsBasicEntityQueryItem 

func (iqi InsightQueryItem) AsBasicEntityQueryItem() (BasicEntityQueryItem, bool)

AsBasicEntityQueryItem is the BasicEntityQueryItem implementation for InsightQueryItem.

func (InsightQueryItem) AsEntityQueryItem 

func (iqi InsightQueryItem) AsEntityQueryItem() (*EntityQueryItem, bool)

AsEntityQueryItem is the BasicEntityQueryItem implementation for InsightQueryItem.

func (InsightQueryItem) AsInsightQueryItem 

func (iqi InsightQueryItem) AsInsightQueryItem() (*InsightQueryItem, bool)

AsInsightQueryItem is the BasicEntityQueryItem implementation for InsightQueryItem.

func (InsightQueryItem) MarshalJSON 

func (iqi InsightQueryItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for InsightQueryItem.

type InsightQueryItemProperties 

type InsightQueryItemProperties struct {
	// DisplayName - The insight display name.
	DisplayName *string `json:"displayName,omitempty"`
	// Description - The insight description.
	Description *string `json:"description,omitempty"`
	// BaseQuery - The base query of the insight.
	BaseQuery *string `json:"baseQuery,omitempty"`
	// TableQuery - The insight table query.
	TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"`
	// ChartQuery - The insight chart query.
	ChartQuery interface{} `json:"chartQuery,omitempty"`
	// AdditionalQuery - The activity query definitions.
	AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"`
	// DefaultTimeRange - The insight chart query.
	DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"`
	// ReferenceTimeRange - The insight chart query.
	ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"`
	// DataTypes - Data types for template
	DataTypes *[]EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"`
	// InputEntityType - The type of the entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark', 'EntityTypeMailCluster', 'EntityTypeMailMessage', 'EntityTypeMailbox', 'EntityTypeSubmissionMail'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// RequiredInputFieldsSets - Data types for template
	RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"`
	// EntitiesFilter - The query applied only to entities matching to all filters
	EntitiesFilter interface{} `json:"entitiesFilter,omitempty"`
}

InsightQueryItemProperties represents Insight Query.

type InsightQueryItemPropertiesAdditionalQuery 

type InsightQueryItemPropertiesAdditionalQuery struct {
	// Query - The insight query.
	Query *string `json:"query,omitempty"`
	// Text - The insight text.
	Text *string `json:"text,omitempty"`
}

InsightQueryItemPropertiesAdditionalQuery the activity query definitions.

type InsightQueryItemPropertiesDefaultTimeRange 

type InsightQueryItemPropertiesDefaultTimeRange struct {
	// BeforeRange - The padding for the start time of the query.
	BeforeRange *string `json:"beforeRange,omitempty"`
	// AfterRange - The padding for the end time of the query.
	AfterRange *string `json:"afterRange,omitempty"`
}

InsightQueryItemPropertiesDefaultTimeRange the insight chart query.

type InsightQueryItemPropertiesReferenceTimeRange 

type InsightQueryItemPropertiesReferenceTimeRange struct {
	// BeforeRange - Additional query time for looking back.
	BeforeRange *string `json:"beforeRange,omitempty"`
}

InsightQueryItemPropertiesReferenceTimeRange the insight chart query.

type InsightQueryItemPropertiesTableQuery 

type InsightQueryItemPropertiesTableQuery struct {
	// ColumnsDefinitions - List of insight column definitions.
	ColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem `json:"columnsDefinitions,omitempty"`
	// QueriesDefinitions - List of insight queries definitions.
	QueriesDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem `json:"queriesDefinitions,omitempty"`
}

InsightQueryItemPropertiesTableQuery the insight table query.

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem 

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct {
	// Header - Insight column header.
	Header *string `json:"header,omitempty"`
	// OutputType - Insights Column type. Possible values include: 'OutputTypeNumber', 'OutputTypeString', 'OutputTypeDate', 'OutputTypeEntity'
	OutputType OutputType `json:"outputType,omitempty"`
	// SupportDeepLink - Is query supports deep-link.
	SupportDeepLink *bool `json:"supportDeepLink,omitempty"`
}

InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem ...

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct {
	// Filter - Insight column header.
	Filter *string `json:"filter,omitempty"`
	// Summarize - Insight column header.
	Summarize *string `json:"summarize,omitempty"`
	// Project - Insight column header.
	Project *string `json:"project,omitempty"`
	// LinkColumnsDefinitions - Insight column header.
	LinkColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsItemLinkColumnsDefinitionsItem `json:"linkColumnsDefinitions,omitempty"`
}

InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem ...

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItemLinkColumnsDefinitionsItem 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItemLinkColumnsDefinitionsItem struct {
	// ProjectedName - Insight Link Definition Projected Name.
	ProjectedName *string `json:"projectedName,omitempty"`
	// Query - Insight Link Definition Query.
	Query *string `json:"Query,omitempty"`
}

InsightQueryItemPropertiesTableQueryQueriesDefinitionsItemLinkColumnsDefinitionsItem ...

type InsightsTableResult 

type InsightsTableResult struct {
	// Columns - Columns Metadata of the table
	Columns *[]InsightsTableResultColumnsItem `json:"columns,omitempty"`
	// Rows - Rows data of the table
	Rows *[][]string `json:"rows,omitempty"`
}

InsightsTableResult query results for table insights query.

type InsightsTableResultColumnsItem 

type InsightsTableResultColumnsItem struct {
	// Type - the type of the colum
	Type *string `json:"type,omitempty"`
	// Name - the name of the colum
	Name *string `json:"name,omitempty"`
}

InsightsTableResultColumnsItem ...

type InstructionSteps 

type InstructionSteps struct {
	// Title - Instruction step title
	Title *string `json:"title,omitempty"`
	// Description - Instruction step description
	Description *string `json:"description,omitempty"`
	// Instructions - Instruction step details
	Instructions *[]InstructionStepsInstructionsItem `json:"instructions,omitempty"`
}

InstructionSteps instruction steps to enable the connector

type InstructionStepsInstructionsItem 

type InstructionStepsInstructionsItem struct {
	// Parameters - The parameters for the setting
	Parameters interface{} `json:"parameters,omitempty"`
	// Type - The kind of the setting. Possible values include: 'SettingTypeCopyableLabel', 'SettingTypeInstructionStepsGroup', 'SettingTypeInfoMessage'
	Type SettingType `json:"type,omitempty"`
}

InstructionStepsInstructionsItem ...

type IoTDeviceEntity 

type IoTDeviceEntity struct {
	// IoTDeviceEntityProperties - IoTDevice entity properties
	*IoTDeviceEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

IoTDeviceEntity represents an IoT device entity.

func (IoTDeviceEntity) AsAccountEntity 

func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsAzureResourceEntity 

func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsBasicEntity 

func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsCloudApplicationEntity 

func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsDNSEntity 

func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsEntity 

func (itde IoTDeviceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileEntity 

func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileHashEntity 

func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHostEntity 

func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHuntingBookmark 

func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIPEntity 

func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIoTDeviceEntity 

func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMailClusterEntity 

func (itde IoTDeviceEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMailMessageEntity 

func (itde IoTDeviceEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMailboxEntity 

func (itde IoTDeviceEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMalwareEntity 

func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsProcessEntity 

func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryKeyEntity 

func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryValueEntity 

func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityAlert 

func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityGroupEntity 

func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSubmissionMailEntity 

func (itde IoTDeviceEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsURLEntity 

func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON 

func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON 

func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct.

type IoTDeviceEntityProperties 

type IoTDeviceEntityProperties struct {
	// DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string `json:"deviceId,omitempty"`
	// DeviceName - READ-ONLY; The friendly name of the device
	DeviceName *string `json:"deviceName,omitempty"`
	// Source - READ-ONLY; The source of the device
	Source *string `json:"source,omitempty"`
	// IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"`
	// DeviceType - READ-ONLY; The type of the device
	DeviceType *string `json:"deviceType,omitempty"`
	// Vendor - READ-ONLY; The vendor of the device
	Vendor *string `json:"vendor,omitempty"`
	// EdgeID - READ-ONLY; The ID of the edge device
	EdgeID *string `json:"edgeId,omitempty"`
	// MacAddress - READ-ONLY; The MAC address of the device
	MacAddress *string `json:"macAddress,omitempty"`
	// Model - READ-ONLY; The model of the device
	Model *string `json:"model,omitempty"`
	// SerialNumber - READ-ONLY; The serial number of the device
	SerialNumber *string `json:"serialNumber,omitempty"`
	// FirmwareVersion - READ-ONLY; The firmware version of the device
	FirmwareVersion *string `json:"firmwareVersion,omitempty"`
	// OperatingSystem - READ-ONLY; The operating system of the device
	OperatingSystem *string `json:"operatingSystem,omitempty"`
	// IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string `json:"iotHubEntityId,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id of this device
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// IPAddressEntityID - READ-ONLY; The IP entity if of this device
	IPAddressEntityID *string `json:"ipAddressEntityId,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// Protocols - READ-ONLY; A list of protocols of the IoTDevice entity.
	Protocols *[]string `json:"protocols,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IoTDeviceEntityProperties ioTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON 

func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntityProperties.

type KillChainIntent 

type KillChainIntent string

KillChainIntent enumerates the values for kill chain intent. 

const (
	// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
	// such as sensitive files, from a target network prior to exfiltration. This category also covers
	// locations on a system or network where the adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
	// with systems under their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
	// control over system, domain, or service credentials that are used within an enterprise environment.
	// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
	// (local system administrator or domain users with administrator access) to use within the network. With
	// sufficient access within a network, an adversary can create accounts for later use within the
	// environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
	// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
	// in other categories that have the added benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
	// about the system and internal network. When adversaries gain access to a new system, they must orient
	// themselves to what they now have control of and what benefits operating from that system give to their
	// current objective or overall goals during the intrusion. The operating system provides many native tools
	// that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution The execution tactic represents techniques that result in execution of
	// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
	// lateral movement to expand access to remote systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
	// adversary removing files and information from a target network. This category also covers locations on a
	// system or network where the adversary may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
	// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
	// user accounts, certificates etc. Adversaries will often be able to control the resource after this
	// stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
	// integrity of a system, service, or network; including manipulation of data to impact a business or
	// operational process. This would often refer to techniques such as ransom-ware, defacement, data
	// manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
	// access and control remote systems on a network and could, but does not necessarily, include execution of
	// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
	// from a system without needing additional tools, such as a remote access tool. An adversary can use
	// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
	// access to specific information or files, access to additional credentials, or to cause an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
	// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
	// to systems through interruptions such as system restarts, loss of credentials, or other failures that
	// would require a remote access tool to restart or alternate backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
	// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
	// higher level of privilege to work and are likely necessary at many points throughout an operation. User
	// accounts with permissions to access specific systems or perform specific functions necessary for
	// adversaries to achieve their objective may also be considered an escalation of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
	// malicious intent or a failed attempt to gain access to a target system to gather information prior to
	// exploitation. This step is usually detected as an attempt originating from outside the network in
	// attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues 

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.

type Kind 

type Kind string

Kind enumerates the values for kind. 

const (
	// KindAnalyticsRule ...
	KindAnalyticsRule Kind = "AnalyticsRule"
	// KindAnalyticsRuleTemplate ...
	KindAnalyticsRuleTemplate Kind = "AnalyticsRuleTemplate"
	// KindDataConnector ...
	KindDataConnector Kind = "DataConnector"
	// KindDataType ...
	KindDataType Kind = "DataType"
	// KindHuntingQuery ...
	KindHuntingQuery Kind = "HuntingQuery"
	// KindInvestigationQuery ...
	KindInvestigationQuery Kind = "InvestigationQuery"
	// KindParser ...
	KindParser Kind = "Parser"
	// KindPlaybook ...
	KindPlaybook Kind = "Playbook"
	// KindPlaybookTemplate ...
	KindPlaybookTemplate Kind = "PlaybookTemplate"
	// KindSolution ...
	KindSolution Kind = "Solution"
	// KindWatchlist ...
	KindWatchlist Kind = "Watchlist"
	// KindWatchlistTemplate ...
	KindWatchlistTemplate Kind = "WatchlistTemplate"
	// KindWorkbook ...
	KindWorkbook Kind = "Workbook"
	// KindWorkbookTemplate ...
	KindWorkbookTemplate Kind = "WorkbookTemplate"
)

func PossibleKindValues 

func PossibleKindValues() []Kind

PossibleKindValues returns an array of possible values for the Kind const type.

type KindBasicAlertRule 

type KindBasicAlertRule string

KindBasicAlertRule enumerates the values for kind basic alert rule. 

const (
	// KindBasicAlertRuleKindAlertRule ...
	KindBasicAlertRuleKindAlertRule KindBasicAlertRule = "AlertRule"
	// KindBasicAlertRuleKindFusion ...
	KindBasicAlertRuleKindFusion KindBasicAlertRule = "Fusion"
	// KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleKindMLBehaviorAnalytics ...
	KindBasicAlertRuleKindMLBehaviorAnalytics KindBasicAlertRule = "MLBehaviorAnalytics"
	// KindBasicAlertRuleKindNRT ...
	KindBasicAlertRuleKindNRT KindBasicAlertRule = "NRT"
	// KindBasicAlertRuleKindScheduled ...
	KindBasicAlertRuleKindScheduled KindBasicAlertRule = "Scheduled"
	// KindBasicAlertRuleKindThreatIntelligence ...
	KindBasicAlertRuleKindThreatIntelligence KindBasicAlertRule = "ThreatIntelligence"
)

func PossibleKindBasicAlertRuleValues 

func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule

PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.

type KindBasicAlertRuleTemplate 

type KindBasicAlertRuleTemplate string

KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 

const (
	// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
	KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
	// KindBasicAlertRuleTemplateKindFusion ...
	KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
	// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleTemplateKindMLBehaviorAnalytics ...
	KindBasicAlertRuleTemplateKindMLBehaviorAnalytics KindBasicAlertRuleTemplate = "MLBehaviorAnalytics"
	// KindBasicAlertRuleTemplateKindNRT ...
	KindBasicAlertRuleTemplateKindNRT KindBasicAlertRuleTemplate = "NRT"
	// KindBasicAlertRuleTemplateKindScheduled ...
	KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
	// KindBasicAlertRuleTemplateKindThreatIntelligence ...
	KindBasicAlertRuleTemplateKindThreatIntelligence KindBasicAlertRuleTemplate = "ThreatIntelligence"
)

func PossibleKindBasicAlertRuleTemplateValues 

func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate

PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.

type KindBasicCustomEntityQuery 

type KindBasicCustomEntityQuery string

KindBasicCustomEntityQuery enumerates the values for kind basic custom entity query. 

const (
	// KindBasicCustomEntityQueryKindActivity ...
	KindBasicCustomEntityQueryKindActivity KindBasicCustomEntityQuery = "Activity"
	// KindBasicCustomEntityQueryKindCustomEntityQuery ...
	KindBasicCustomEntityQueryKindCustomEntityQuery KindBasicCustomEntityQuery = "CustomEntityQuery"
)

func PossibleKindBasicCustomEntityQueryValues 

func PossibleKindBasicCustomEntityQueryValues() []KindBasicCustomEntityQuery

PossibleKindBasicCustomEntityQueryValues returns an array of possible values for the KindBasicCustomEntityQuery const type.

type KindBasicDataConnector 

type KindBasicDataConnector string

KindBasicDataConnector enumerates the values for kind basic data connector. 

const (
	// KindBasicDataConnectorKindAmazonWebServicesCloudTrail ...
	KindBasicDataConnectorKindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
	// KindBasicDataConnectorKindAmazonWebServicesS3 ...
	KindBasicDataConnectorKindAmazonWebServicesS3 KindBasicDataConnector = "AmazonWebServicesS3"
	// KindBasicDataConnectorKindAPIPolling ...
	KindBasicDataConnectorKindAPIPolling KindBasicDataConnector = "APIPolling"
	// KindBasicDataConnectorKindAzureActiveDirectory ...
	KindBasicDataConnectorKindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
	// KindBasicDataConnectorKindAzureAdvancedThreatProtection ...
	KindBasicDataConnectorKindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
	// KindBasicDataConnectorKindAzureSecurityCenter ...
	KindBasicDataConnectorKindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
	// KindBasicDataConnectorKindDataConnector ...
	KindBasicDataConnectorKindDataConnector KindBasicDataConnector = "DataConnector"
	// KindBasicDataConnectorKindDynamics365 ...
	KindBasicDataConnectorKindDynamics365 KindBasicDataConnector = "Dynamics365"
	// KindBasicDataConnectorKindGenericUI ...
	KindBasicDataConnectorKindGenericUI KindBasicDataConnector = "GenericUI"
	// KindBasicDataConnectorKindMicrosoftCloudAppSecurity ...
	KindBasicDataConnectorKindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
	// KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
	// KindBasicDataConnectorKindMicrosoftThreatIntelligence ...
	KindBasicDataConnectorKindMicrosoftThreatIntelligence KindBasicDataConnector = "MicrosoftThreatIntelligence"
	// KindBasicDataConnectorKindMicrosoftThreatProtection ...
	KindBasicDataConnectorKindMicrosoftThreatProtection KindBasicDataConnector = "MicrosoftThreatProtection"
	// KindBasicDataConnectorKindOffice365 ...
	KindBasicDataConnectorKindOffice365 KindBasicDataConnector = "Office365"
	// KindBasicDataConnectorKindOfficeATP ...
	KindBasicDataConnectorKindOfficeATP KindBasicDataConnector = "OfficeATP"
	// KindBasicDataConnectorKindOfficeIRM ...
	KindBasicDataConnectorKindOfficeIRM KindBasicDataConnector = "OfficeIRM"
	// KindBasicDataConnectorKindThreatIntelligence ...
	KindBasicDataConnectorKindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
	// KindBasicDataConnectorKindThreatIntelligenceTaxii ...
	KindBasicDataConnectorKindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorValues 

func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector

PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.

type KindBasicDataConnectorsCheckRequirements 

type KindBasicDataConnectorsCheckRequirements string

KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check requirements. 

const (
	// KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ...
	KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail"
	// KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3 ...
	KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3 KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesS3"
	// KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ...
	KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory"
	// KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ...
	KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter"
	// KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ...
	KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements"
	// KindBasicDataConnectorsCheckRequirementsKindDynamics365 ...
	KindBasicDataConnectorsCheckRequirementsKindDynamics365 KindBasicDataConnectorsCheckRequirements = "Dynamics365"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatIntelligence"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindOfficeATP ...
	KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP"
	// KindBasicDataConnectorsCheckRequirementsKindOfficeIRM ...
	KindBasicDataConnectorsCheckRequirementsKindOfficeIRM KindBasicDataConnectorsCheckRequirements = "OfficeIRM"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorsCheckRequirementsValues 

func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements

PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type.

type KindBasicEntity 

type KindBasicEntity string

KindBasicEntity enumerates the values for kind basic entity. 

const (
	// KindBasicEntityKindAccount ...
	KindBasicEntityKindAccount KindBasicEntity = "Account"
	// KindBasicEntityKindAzureResource ...
	KindBasicEntityKindAzureResource KindBasicEntity = "AzureResource"
	// KindBasicEntityKindBookmark ...
	KindBasicEntityKindBookmark KindBasicEntity = "Bookmark"
	// KindBasicEntityKindCloudApplication ...
	KindBasicEntityKindCloudApplication KindBasicEntity = "CloudApplication"
	// KindBasicEntityKindDNSResolution ...
	KindBasicEntityKindDNSResolution KindBasicEntity = "DnsResolution"
	// KindBasicEntityKindEntity ...
	KindBasicEntityKindEntity KindBasicEntity = "Entity"
	// KindBasicEntityKindFile ...
	KindBasicEntityKindFile KindBasicEntity = "File"
	// KindBasicEntityKindFileHash ...
	KindBasicEntityKindFileHash KindBasicEntity = "FileHash"
	// KindBasicEntityKindHost ...
	KindBasicEntityKindHost KindBasicEntity = "Host"
	// KindBasicEntityKindIoTDevice ...
	KindBasicEntityKindIoTDevice KindBasicEntity = "IoTDevice"
	// KindBasicEntityKindIP ...
	KindBasicEntityKindIP KindBasicEntity = "Ip"
	// KindBasicEntityKindMailbox ...
	KindBasicEntityKindMailbox KindBasicEntity = "Mailbox"
	// KindBasicEntityKindMailCluster ...
	KindBasicEntityKindMailCluster KindBasicEntity = "MailCluster"
	// KindBasicEntityKindMailMessage ...
	KindBasicEntityKindMailMessage KindBasicEntity = "MailMessage"
	// KindBasicEntityKindMalware ...
	KindBasicEntityKindMalware KindBasicEntity = "Malware"
	// KindBasicEntityKindProcess ...
	KindBasicEntityKindProcess KindBasicEntity = "Process"
	// KindBasicEntityKindRegistryKey ...
	KindBasicEntityKindRegistryKey KindBasicEntity = "RegistryKey"
	// KindBasicEntityKindRegistryValue ...
	KindBasicEntityKindRegistryValue KindBasicEntity = "RegistryValue"
	// KindBasicEntityKindSecurityAlert ...
	KindBasicEntityKindSecurityAlert KindBasicEntity = "SecurityAlert"
	// KindBasicEntityKindSecurityGroup ...
	KindBasicEntityKindSecurityGroup KindBasicEntity = "SecurityGroup"
	// KindBasicEntityKindSubmissionMail ...
	KindBasicEntityKindSubmissionMail KindBasicEntity = "SubmissionMail"
	// KindBasicEntityKindURL ...
	KindBasicEntityKindURL KindBasicEntity = "Url"
)

func PossibleKindBasicEntityValues 

func PossibleKindBasicEntityValues() []KindBasicEntity

PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.

type KindBasicEntityQuery 

type KindBasicEntityQuery string

KindBasicEntityQuery enumerates the values for kind basic entity query. 

const (
	// KindBasicEntityQueryKindActivity ...
	KindBasicEntityQueryKindActivity KindBasicEntityQuery = "Activity"
	// KindBasicEntityQueryKindEntityQuery ...
	KindBasicEntityQueryKindEntityQuery KindBasicEntityQuery = "EntityQuery"
	// KindBasicEntityQueryKindExpansion ...
	KindBasicEntityQueryKindExpansion KindBasicEntityQuery = "Expansion"
)

func PossibleKindBasicEntityQueryValues 

func PossibleKindBasicEntityQueryValues() []KindBasicEntityQuery

PossibleKindBasicEntityQueryValues returns an array of possible values for the KindBasicEntityQuery const type.

type KindBasicEntityQueryItem 

type KindBasicEntityQueryItem string

KindBasicEntityQueryItem enumerates the values for kind basic entity query item. 

const (
	// KindBasicEntityQueryItemKindEntityQueryItem ...
	KindBasicEntityQueryItemKindEntityQueryItem KindBasicEntityQueryItem = "EntityQueryItem"
	// KindBasicEntityQueryItemKindInsight ...
	KindBasicEntityQueryItemKindInsight KindBasicEntityQueryItem = "Insight"
)

func PossibleKindBasicEntityQueryItemValues 

func PossibleKindBasicEntityQueryItemValues() []KindBasicEntityQueryItem

PossibleKindBasicEntityQueryItemValues returns an array of possible values for the KindBasicEntityQueryItem const type.

type KindBasicEntityQueryTemplate 

type KindBasicEntityQueryTemplate string

KindBasicEntityQueryTemplate enumerates the values for kind basic entity query template. 

const (
	// KindBasicEntityQueryTemplateKindActivity ...
	KindBasicEntityQueryTemplateKindActivity KindBasicEntityQueryTemplate = "Activity"
	// KindBasicEntityQueryTemplateKindEntityQueryTemplate ...
	KindBasicEntityQueryTemplateKindEntityQueryTemplate KindBasicEntityQueryTemplate = "EntityQueryTemplate"
)

func PossibleKindBasicEntityQueryTemplateValues 

func PossibleKindBasicEntityQueryTemplateValues() []KindBasicEntityQueryTemplate

PossibleKindBasicEntityQueryTemplateValues returns an array of possible values for the KindBasicEntityQueryTemplate const type.

type KindBasicEntityTimelineItem 

type KindBasicEntityTimelineItem string

KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item. 

const (
	// KindBasicEntityTimelineItemKindActivity ...
	KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity"
	// KindBasicEntityTimelineItemKindBookmark ...
	KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark"
	// KindBasicEntityTimelineItemKindEntityTimelineItem ...
	KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem"
	// KindBasicEntityTimelineItemKindSecurityAlert ...
	KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert"
)

func PossibleKindBasicEntityTimelineItemValues 

func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem

PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type.

type KindBasicSettings 

type KindBasicSettings string

KindBasicSettings enumerates the values for kind basic settings. 

const (
	// KindBasicSettingsKindAnomalies ...
	KindBasicSettingsKindAnomalies KindBasicSettings = "Anomalies"
	// KindBasicSettingsKindEntityAnalytics ...
	KindBasicSettingsKindEntityAnalytics KindBasicSettings = "EntityAnalytics"
	// KindBasicSettingsKindEyesOn ...
	KindBasicSettingsKindEyesOn KindBasicSettings = "EyesOn"
	// KindBasicSettingsKindSettings ...
	KindBasicSettingsKindSettings KindBasicSettings = "Settings"
	// KindBasicSettingsKindUeba ...
	KindBasicSettingsKindUeba KindBasicSettings = "Ueba"
)

func PossibleKindBasicSettingsValues 

func PossibleKindBasicSettingsValues() []KindBasicSettings

PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.

type KindBasicThreatIntelligenceInformation 

type KindBasicThreatIntelligenceInformation string

KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information. 

const (
	// KindBasicThreatIntelligenceInformationKindIndicator ...
	KindBasicThreatIntelligenceInformationKindIndicator KindBasicThreatIntelligenceInformation = "indicator"
	// KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation ...
	KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation"
)

func PossibleKindBasicThreatIntelligenceInformationValues 

func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation

PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type.

type LastDataReceivedDataType 

type LastDataReceivedDataType struct {
	// Name - Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
	Name *string `json:"name,omitempty"`
	// LastDataReceivedQuery - Query for indicate last data received
	LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"`
}

LastDataReceivedDataType data type for last data received

type MCASCheckRequirements 

type MCASCheckRequirements struct {
	// MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.
	*MCASCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MCASCheckRequirements represents MCAS (Microsoft Cloud App Security) requirements check request.

func (MCASCheckRequirements) AsAADCheckRequirements 

func (mcr MCASCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAATPCheckRequirements 

func (mcr MCASCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsASCCheckRequirements 

func (mcr MCASCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MCASCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAwsS3CheckRequirements 

func (mcr MCASCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MCASCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsDynamics365CheckRequirements 

func (mcr MCASCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMCASCheckRequirements 

func (mcr MCASCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMDATPCheckRequirements 

func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMSTICheckRequirements 

func (mcr MCASCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMtpCheckRequirements 

func (mcr MCASCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsOfficeIRMCheckRequirements 

func (mcr MCASCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTICheckRequirements 

func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MCASCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) MarshalJSON 

func (mcr MCASCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASCheckRequirements.

func (*MCASCheckRequirements) UnmarshalJSON 

func (mcr *MCASCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASCheckRequirements struct.

type MCASCheckRequirementsProperties 

type MCASCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASCheckRequirementsProperties MCAS (Microsoft Cloud App Security) requirements check properties.

type MCASDataConnector 

type MCASDataConnector struct {
	// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
	*MCASDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnector) AsAADDataConnector 

func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAATPDataConnector 

func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsASCDataConnector 

func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsS3DataConnector 

func (mdc MCASDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsBasicDataConnector 

func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsCodelessAPIPollingDataConnector 

func (mdc MCASDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsCodelessUIDataConnector 

func (mdc MCASDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDataConnector 

func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDynamics365DataConnector 

func (mdc MCASDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMCASDataConnector 

func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMDATPDataConnector 

func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMSTIDataConnector 

func (mdc MCASDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMTPDataConnector 

func (mdc MCASDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeATPDataConnector 

func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeDataConnector 

func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeIRMDataConnector 

func (mdc MCASDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTIDataConnector 

func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTiTaxiiDataConnector 

func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// DiscoveryLogs - Discovery log data type connection.
	DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"`
	// Alerts - Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPCheckRequirements 

type MDATPCheckRequirements struct {
	// MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
	*MDATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.

func (MDATPCheckRequirements) AsAADCheckRequirements 

func (mcr MDATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsASCCheckRequirements 

func (mcr MDATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAwsS3CheckRequirements 

func (mcr MDATPCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MDATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsDynamics365CheckRequirements 

func (mcr MDATPCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMCASCheckRequirements 

func (mcr MDATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMDATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMSTICheckRequirements 

func (mcr MDATPCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMtpCheckRequirements 

func (mcr MDATPCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsOfficeIRMCheckRequirements 

func (mcr MDATPCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTICheckRequirements 

func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MDATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) MarshalJSON 

func (mcr MDATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPCheckRequirements.

func (*MDATPCheckRequirements) UnmarshalJSON 

func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPCheckRequirements struct.

type MDATPCheckRequirementsProperties 

type MDATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	*MDATPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (MDATPDataConnector) AsAADDataConnector 

func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAATPDataConnector 

func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsASCDataConnector 

func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsS3DataConnector 

func (mdc MDATPDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsBasicDataConnector 

func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsCodelessAPIPollingDataConnector 

func (mdc MDATPDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsCodelessUIDataConnector 

func (mdc MDATPDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDataConnector 

func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDynamics365DataConnector 

func (mdc MDATPDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMCASDataConnector 

func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMDATPDataConnector 

func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMSTIDataConnector 

func (mdc MDATPDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMTPDataConnector 

func (mdc MDATPDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeATPDataConnector 

func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeDataConnector 

func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeIRMDataConnector 

func (mdc MDATPDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTIDataConnector 

func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTiTaxiiDataConnector 

func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MLBehaviorAnalyticsAlertRule 

type MLBehaviorAnalyticsAlertRule struct {
	// MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule properties
	*MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MLBehaviorAnalyticsAlertRule represents MLBehaviorAnalytics alert rule.

func (MLBehaviorAnalyticsAlertRule) AsAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsBasicAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsFusionAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsNrtAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsScheduledAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) AsThreatIntelligenceAlertRule 

func (mbaar MLBehaviorAnalyticsAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) MarshalJSON 

func (mbaar MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MLBehaviorAnalyticsAlertRule.

func (*MLBehaviorAnalyticsAlertRule) UnmarshalJSON 

func (mbaar *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MLBehaviorAnalyticsAlertRule struct.

type MLBehaviorAnalyticsAlertRuleProperties 

type MLBehaviorAnalyticsAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

MLBehaviorAnalyticsAlertRuleProperties mLBehaviorAnalytics alert rule base property bag.

func (MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON 

func (mbaarp MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MLBehaviorAnalyticsAlertRuleProperties.

type MLBehaviorAnalyticsAlertRuleTemplate 

type MLBehaviorAnalyticsAlertRuleTemplate struct {
	// MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties.
	*MLBehaviorAnalyticsAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MLBehaviorAnalyticsAlertRuleTemplate represents MLBehaviorAnalytics alert rule template.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MLBehaviorAnalyticsAlertRuleTemplate.

func (*MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON 

func (mbaart *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MLBehaviorAnalyticsAlertRuleTemplate struct.

type MLBehaviorAnalyticsAlertRuleTemplateProperties 

type MLBehaviorAnalyticsAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template.
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

MLBehaviorAnalyticsAlertRuleTemplateProperties mLBehaviorAnalytics alert rule template properties.

func (MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON 

func (mbaart MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MLBehaviorAnalyticsAlertRuleTemplateProperties.

type MSTICheckRequirements 

type MSTICheckRequirements struct {
	// MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties.
	*MSTICheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MSTICheckRequirements represents Microsoft Threat Intelligence requirements check request.

func (MSTICheckRequirements) AsAADCheckRequirements 

func (mcr MSTICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsAATPCheckRequirements 

func (mcr MSTICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsASCCheckRequirements 

func (mcr MSTICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MSTICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsAwsS3CheckRequirements 

func (mcr MSTICheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MSTICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MSTICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsDynamics365CheckRequirements 

func (mcr MSTICheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsMCASCheckRequirements 

func (mcr MSTICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsMDATPCheckRequirements 

func (mcr MSTICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsMSTICheckRequirements 

func (mcr MSTICheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsMtpCheckRequirements 

func (mcr MSTICheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MSTICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsOfficeIRMCheckRequirements 

func (mcr MSTICheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsTICheckRequirements 

func (mcr MSTICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MSTICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MSTICheckRequirements.

func (MSTICheckRequirements) MarshalJSON 

func (mcr MSTICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MSTICheckRequirements.

func (*MSTICheckRequirements) UnmarshalJSON 

func (mcr *MSTICheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MSTICheckRequirements struct.

type MSTICheckRequirementsProperties 

type MSTICheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTICheckRequirementsProperties microsoft Threat Intelligence requirements check properties.

type MSTIDataConnector 

type MSTIDataConnector struct {
	// MSTIDataConnectorProperties - Microsoft Threat Intelligence data connector properties.
	*MSTIDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MSTIDataConnector represents Microsoft Threat Intelligence data connector.

func (MSTIDataConnector) AsAADDataConnector 

func (mdc MSTIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsAATPDataConnector 

func (mdc MSTIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsASCDataConnector 

func (mdc MSTIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MSTIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsAwsS3DataConnector 

func (mdc MSTIDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsBasicDataConnector 

func (mdc MSTIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsCodelessAPIPollingDataConnector 

func (mdc MSTIDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsCodelessUIDataConnector 

func (mdc MSTIDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsDataConnector 

func (mdc MSTIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsDynamics365DataConnector 

func (mdc MSTIDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsMCASDataConnector 

func (mdc MSTIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsMDATPDataConnector 

func (mdc MSTIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsMSTIDataConnector 

func (mdc MSTIDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsMTPDataConnector 

func (mdc MSTIDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsOfficeATPDataConnector 

func (mdc MSTIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsOfficeDataConnector 

func (mdc MSTIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsOfficeIRMDataConnector 

func (mdc MSTIDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsTIDataConnector 

func (mdc MSTIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) AsTiTaxiiDataConnector 

func (mdc MSTIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MSTIDataConnector.

func (MSTIDataConnector) MarshalJSON 

func (mdc MSTIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MSTIDataConnector.

func (*MSTIDataConnector) UnmarshalJSON 

func (mdc *MSTIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MSTIDataConnector struct.

type MSTIDataConnectorDataTypes 

type MSTIDataConnectorDataTypes struct {
	// BingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector.
	BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL `json:"bingSafetyPhishingURL,omitempty"`
	// MicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector.
	MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed `json:"microsoftEmergingThreatFeed,omitempty"`
}

MSTIDataConnectorDataTypes the available data types for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorDataTypesBingSafetyPhishingURL 

type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct {
	// LookbackPeriod - lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesBingSafetyPhishingURL data type for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed 

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct {
	// LookbackPeriod - lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed data type for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorProperties 

type MSTIDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MSTIDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTIDataConnectorProperties microsoft Threat Intelligence data connector properties.

type MTPCheckRequirementsProperties 

type MTPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPCheckRequirementsProperties MTP (Microsoft Threat Protection) requirements check properties.

type MTPDataConnector 

type MTPDataConnector struct {
	// MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties.
	*MTPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MTPDataConnector represents MTP (Microsoft Threat Protection) data connector.

func (MTPDataConnector) AsAADDataConnector 

func (mdc MTPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsAATPDataConnector 

func (mdc MTPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsASCDataConnector 

func (mdc MTPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MTPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsAwsS3DataConnector 

func (mdc MTPDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsBasicDataConnector 

func (mdc MTPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsCodelessAPIPollingDataConnector 

func (mdc MTPDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsCodelessUIDataConnector 

func (mdc MTPDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsDataConnector 

func (mdc MTPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsDynamics365DataConnector 

func (mdc MTPDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsMCASDataConnector 

func (mdc MTPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsMDATPDataConnector 

func (mdc MTPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsMSTIDataConnector 

func (mdc MTPDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsMTPDataConnector 

func (mdc MTPDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsOfficeATPDataConnector 

func (mdc MTPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsOfficeDataConnector 

func (mdc MTPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsOfficeIRMDataConnector 

func (mdc MTPDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsTIDataConnector 

func (mdc MTPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) AsTiTaxiiDataConnector 

func (mdc MTPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MTPDataConnector.

func (MTPDataConnector) MarshalJSON 

func (mdc MTPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MTPDataConnector.

func (*MTPDataConnector) UnmarshalJSON 

func (mdc *MTPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MTPDataConnector struct.

type MTPDataConnectorDataTypes 

type MTPDataConnectorDataTypes struct {
	// Incidents - Data type for Microsoft Threat Protection Platforms data connector.
	Incidents *MTPDataConnectorDataTypesIncidents `json:"incidents,omitempty"`
}

MTPDataConnectorDataTypes the available data types for Microsoft Threat Protection Platforms data connector.

type MTPDataConnectorDataTypesIncidents 

type MTPDataConnectorDataTypesIncidents struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

MTPDataConnectorDataTypesIncidents data type for Microsoft Threat Protection Platforms data connector.

type MTPDataConnectorProperties 

type MTPDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MTPDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPDataConnectorProperties MTP (Microsoft Threat Protection) data connector properties.

type MailClusterEntity 

type MailClusterEntity struct {
	// MailClusterEntityProperties - Mail cluster entity properties
	*MailClusterEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MailClusterEntity represents a mail cluster entity.

func (MailClusterEntity) AsAccountEntity 

func (mce MailClusterEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsAzureResourceEntity 

func (mce MailClusterEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsBasicEntity 

func (mce MailClusterEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsCloudApplicationEntity 

func (mce MailClusterEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsDNSEntity 

func (mce MailClusterEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsEntity 

func (mce MailClusterEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsFileEntity 

func (mce MailClusterEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsFileHashEntity 

func (mce MailClusterEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsHostEntity 

func (mce MailClusterEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsHuntingBookmark 

func (mce MailClusterEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsIPEntity 

func (mce MailClusterEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsIoTDeviceEntity 

func (mce MailClusterEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsMailClusterEntity 

func (mce MailClusterEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsMailMessageEntity 

func (mce MailClusterEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsMailboxEntity 

func (mce MailClusterEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsMalwareEntity 

func (mce MailClusterEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsProcessEntity 

func (mce MailClusterEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsRegistryKeyEntity 

func (mce MailClusterEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsRegistryValueEntity 

func (mce MailClusterEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsSecurityAlert 

func (mce MailClusterEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsSecurityGroupEntity 

func (mce MailClusterEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsSubmissionMailEntity 

func (mce MailClusterEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) AsURLEntity 

func (mce MailClusterEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MailClusterEntity.

func (MailClusterEntity) MarshalJSON 

func (mce MailClusterEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailClusterEntity.

func (*MailClusterEntity) UnmarshalJSON 

func (mce *MailClusterEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MailClusterEntity struct.

type MailClusterEntityProperties 

type MailClusterEntityProperties struct {
	// NetworkMessageIds - READ-ONLY; The mail message IDs that are part of the mail cluster
	NetworkMessageIds *[]string `json:"networkMessageIds,omitempty"`
	// CountByDeliveryStatus - READ-ONLY; Count of mail messages by DeliveryStatus string representation
	CountByDeliveryStatus interface{} `json:"countByDeliveryStatus,omitempty"`
	// CountByThreatType - READ-ONLY; Count of mail messages by ThreatType string representation
	CountByThreatType interface{} `json:"countByThreatType,omitempty"`
	// CountByProtectionStatus - READ-ONLY; Count of mail messages by ProtectionStatus string representation
	CountByProtectionStatus interface{} `json:"countByProtectionStatus,omitempty"`
	// Threats - READ-ONLY; The threats of mail messages that are part of the mail cluster
	Threats *[]string `json:"threats,omitempty"`
	// Query - READ-ONLY; The query that was used to identify the messages of the mail cluster
	Query *string `json:"query,omitempty"`
	// QueryTime - READ-ONLY; The query time
	QueryTime *date.Time `json:"queryTime,omitempty"`
	// MailCount - READ-ONLY; The number of mail messages that are part of the mail cluster
	MailCount *int32 `json:"mailCount,omitempty"`
	// IsVolumeAnomaly - READ-ONLY; Is this a volume anomaly mail cluster
	IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty"`
	// Source - READ-ONLY; The source of the mail cluster (default is 'O365 ATP')
	Source *string `json:"source,omitempty"`
	// ClusterSourceIdentifier - READ-ONLY; The id of the cluster source
	ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty"`
	// ClusterSourceType - READ-ONLY; The type of the cluster source
	ClusterSourceType *string `json:"clusterSourceType,omitempty"`
	// ClusterQueryStartTime - READ-ONLY; The cluster query start time
	ClusterQueryStartTime *date.Time `json:"clusterQueryStartTime,omitempty"`
	// ClusterQueryEndTime - READ-ONLY; The cluster query end time
	ClusterQueryEndTime *date.Time `json:"clusterQueryEndTime,omitempty"`
	// ClusterGroup - READ-ONLY; The cluster group
	ClusterGroup *string `json:"clusterGroup,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MailClusterEntityProperties mail cluster entity property bag.

func (MailClusterEntityProperties) MarshalJSON 

func (mcep MailClusterEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailClusterEntityProperties.

type MailMessageEntity 

type MailMessageEntity struct {
	// MailMessageEntityProperties - Mail message entity properties
	*MailMessageEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MailMessageEntity represents a mail message entity.

func (MailMessageEntity) AsAccountEntity 

func (mme MailMessageEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsAzureResourceEntity 

func (mme MailMessageEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsBasicEntity 

func (mme MailMessageEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsCloudApplicationEntity 

func (mme MailMessageEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsDNSEntity 

func (mme MailMessageEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsEntity 

func (mme MailMessageEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsFileEntity 

func (mme MailMessageEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsFileHashEntity 

func (mme MailMessageEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsHostEntity 

func (mme MailMessageEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsHuntingBookmark 

func (mme MailMessageEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsIPEntity 

func (mme MailMessageEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsIoTDeviceEntity 

func (mme MailMessageEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsMailClusterEntity 

func (mme MailMessageEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsMailMessageEntity 

func (mme MailMessageEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsMailboxEntity 

func (mme MailMessageEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsMalwareEntity 

func (mme MailMessageEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsProcessEntity 

func (mme MailMessageEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsRegistryKeyEntity 

func (mme MailMessageEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsRegistryValueEntity 

func (mme MailMessageEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsSecurityAlert 

func (mme MailMessageEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsSecurityGroupEntity 

func (mme MailMessageEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsSubmissionMailEntity 

func (mme MailMessageEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) AsURLEntity 

func (mme MailMessageEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MailMessageEntity.

func (MailMessageEntity) MarshalJSON 

func (mme MailMessageEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailMessageEntity.

func (*MailMessageEntity) UnmarshalJSON 

func (mme *MailMessageEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MailMessageEntity struct.

type MailMessageEntityProperties 

type MailMessageEntityProperties struct {
	// FileEntityIds - READ-ONLY; The File entity ids of this mail message's attachments
	FileEntityIds *[]string `json:"fileEntityIds,omitempty"`
	// Recipient - READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient
	Recipient *string `json:"recipient,omitempty"`
	// Urls - READ-ONLY; The Urls contained in this mail message
	Urls *[]string `json:"urls,omitempty"`
	// Threats - READ-ONLY; The threats of this mail message
	Threats *[]string `json:"threats,omitempty"`
	// P1Sender - READ-ONLY; The p1 sender's email address
	P1Sender *string `json:"p1Sender,omitempty"`
	// P1SenderDisplayName - READ-ONLY; The p1 sender's display name
	P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty"`
	// P1SenderDomain - READ-ONLY; The p1 sender's domain
	P1SenderDomain *string `json:"p1SenderDomain,omitempty"`
	// SenderIP - READ-ONLY; The sender's IP address
	SenderIP *string `json:"senderIP,omitempty"`
	// P2Sender - READ-ONLY; The p2 sender's email address
	P2Sender *string `json:"p2Sender,omitempty"`
	// P2SenderDisplayName - READ-ONLY; The p2 sender's display name
	P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty"`
	// P2SenderDomain - READ-ONLY; The p2 sender's domain
	P2SenderDomain *string `json:"p2SenderDomain,omitempty"`
	// ReceiveDate - READ-ONLY; The receive date of this message
	ReceiveDate *date.Time `json:"receiveDate,omitempty"`
	// NetworkMessageID - READ-ONLY; The network message id of this mail message
	NetworkMessageID *uuid.UUID `json:"networkMessageId,omitempty"`
	// InternetMessageID - READ-ONLY; The internet message id of this mail message
	InternetMessageID *string `json:"internetMessageId,omitempty"`
	// Subject - READ-ONLY; The subject of this mail message
	Subject *string `json:"subject,omitempty"`
	// Language - READ-ONLY; The language of this mail message
	Language *string `json:"language,omitempty"`
	// ThreatDetectionMethods - READ-ONLY; The threat detection methods
	ThreatDetectionMethods *[]string `json:"threatDetectionMethods,omitempty"`
	// BodyFingerprintBin1 - The bodyFingerprintBin1
	BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"`
	// BodyFingerprintBin2 - The bodyFingerprintBin2
	BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"`
	// BodyFingerprintBin3 - The bodyFingerprintBin3
	BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"`
	// BodyFingerprintBin4 - The bodyFingerprintBin4
	BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"`
	// BodyFingerprintBin5 - The bodyFingerprintBin5
	BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"`
	// AntispamDirection - The directionality of this mail message. Possible values include: 'AntispamMailDirectionUnknown', 'AntispamMailDirectionInbound', 'AntispamMailDirectionOutbound', 'AntispamMailDirectionIntraorg'
	AntispamDirection AntispamMailDirection `json:"antispamDirection,omitempty"`
	// DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc. Possible values include: 'DeliveryActionUnknown', 'DeliveryActionDeliveredAsSpam', 'DeliveryActionDelivered', 'DeliveryActionBlocked', 'DeliveryActionReplaced'
	DeliveryAction DeliveryAction `json:"deliveryAction,omitempty"`
	// DeliveryLocation - The delivery location of this mail message like Inbox, JunkFolder etc. Possible values include: 'DeliveryLocationUnknown', 'DeliveryLocationInbox', 'DeliveryLocationJunkFolder', 'DeliveryLocationDeletedFolder', 'DeliveryLocationQuarantine', 'DeliveryLocationExternal', 'DeliveryLocationFailed', 'DeliveryLocationDropped', 'DeliveryLocationForwarded'
	DeliveryLocation DeliveryLocation `json:"deliveryLocation,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MailMessageEntityProperties mail message entity property bag.

func (MailMessageEntityProperties) MarshalJSON 

func (mmep MailMessageEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailMessageEntityProperties.

type MailboxEntity 

type MailboxEntity struct {
	// MailboxEntityProperties - Mailbox entity properties
	*MailboxEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MailboxEntity represents a mailbox entity.

func (MailboxEntity) AsAccountEntity 

func (me MailboxEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsAzureResourceEntity 

func (me MailboxEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsBasicEntity 

func (me MailboxEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsCloudApplicationEntity 

func (me MailboxEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsDNSEntity 

func (me MailboxEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsEntity 

func (me MailboxEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsFileEntity 

func (me MailboxEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsFileHashEntity 

func (me MailboxEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsHostEntity 

func (me MailboxEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsHuntingBookmark 

func (me MailboxEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsIPEntity 

func (me MailboxEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsIoTDeviceEntity 

func (me MailboxEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsMailClusterEntity 

func (me MailboxEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsMailMessageEntity 

func (me MailboxEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsMailboxEntity 

func (me MailboxEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsMalwareEntity 

func (me MailboxEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsProcessEntity 

func (me MailboxEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsRegistryKeyEntity 

func (me MailboxEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsRegistryValueEntity 

func (me MailboxEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsSecurityAlert 

func (me MailboxEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsSecurityGroupEntity 

func (me MailboxEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsSubmissionMailEntity 

func (me MailboxEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) AsURLEntity 

func (me MailboxEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MailboxEntity.

func (MailboxEntity) MarshalJSON 

func (me MailboxEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailboxEntity.

func (*MailboxEntity) UnmarshalJSON 

func (me *MailboxEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MailboxEntity struct.

type MailboxEntityProperties 

type MailboxEntityProperties struct {
	// MailboxPrimaryAddress - READ-ONLY; The mailbox's primary address
	MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty"`
	// DisplayName - READ-ONLY; The mailbox's display name
	DisplayName *string `json:"displayName,omitempty"`
	// Upn - READ-ONLY; The mailbox's UPN
	Upn *string `json:"upn,omitempty"`
	// ExternalDirectoryObjectID - READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side
	ExternalDirectoryObjectID *uuid.UUID `json:"externalDirectoryObjectId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MailboxEntityProperties mailbox entity property bag.

func (MailboxEntityProperties) MarshalJSON 

func (mep MailboxEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MailboxEntityProperties.

type MalwareEntity 

type MalwareEntity struct {
	// MalwareEntityProperties - File entity properties
	*MalwareEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MalwareEntity represents a malware entity.

func (MalwareEntity) AsAccountEntity 

func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsAzureResourceEntity 

func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsBasicEntity 

func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsCloudApplicationEntity 

func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsDNSEntity 

func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsEntity 

func (me MalwareEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileEntity 

func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileHashEntity 

func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHostEntity 

func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHuntingBookmark 

func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIPEntity 

func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIoTDeviceEntity 

func (me MalwareEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMailClusterEntity 

func (me MalwareEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMailMessageEntity 

func (me MalwareEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMailboxEntity 

func (me MalwareEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMalwareEntity 

func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsProcessEntity 

func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryKeyEntity 

func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryValueEntity 

func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityAlert 

func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityGroupEntity 

func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSubmissionMailEntity 

func (me MalwareEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsURLEntity 

func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) MarshalJSON 

func (me MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntity.

func (*MalwareEntity) UnmarshalJSON 

func (me *MalwareEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.

type MalwareEntityProperties 

type MalwareEntityProperties struct {
	// Category - READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty"`
	// FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIds *[]string `json:"fileEntityIds,omitempty"`
	// MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty"`
	// ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIds *[]string `json:"processEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MalwareEntityProperties malware entity property bag.

func (MalwareEntityProperties) MarshalJSON 

func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntityProperties.

type MatchingMethod 

type MatchingMethod string

MatchingMethod enumerates the values for matching method. 

const (
	// MatchingMethodAllEntities Grouping alerts into a single incident if all the entities match
	MatchingMethodAllEntities MatchingMethod = "AllEntities"
	// MatchingMethodAnyAlert Grouping any alerts triggered by this rule into a single incident
	MatchingMethodAnyAlert MatchingMethod = "AnyAlert"
	// MatchingMethodSelected Grouping alerts into a single incident if the selected entities, custom details
	// and alert details match
	MatchingMethodSelected MatchingMethod = "Selected"
)

func PossibleMatchingMethodValues 

func PossibleMatchingMethodValues() []MatchingMethod

PossibleMatchingMethodValues returns an array of possible values for the MatchingMethod const type.

type MetadataAuthor 

type MetadataAuthor struct {
	// Name - Name of the author. Company or person.
	Name *string `json:"name,omitempty"`
	// Email - Email of author contact
	Email *string `json:"email,omitempty"`
	// Link - Link for author/vendor page
	Link *string `json:"link,omitempty"`
}

MetadataAuthor publisher or creator of the content item.

type MetadataCategories 

type MetadataCategories struct {
	// Domains - domain for the solution content item
	Domains *[]string `json:"domains,omitempty"`
	// Verticals - Industry verticals for the solution content item
	Verticals *[]string `json:"verticals,omitempty"`
}

MetadataCategories ies for the solution content item

type MetadataClient 

type MetadataClient struct {
	BaseClient
}

MetadataClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewMetadataClient 

func NewMetadataClient(subscriptionID string) MetadataClient

NewMetadataClient creates an instance of the MetadataClient client.

func NewMetadataClientWithBaseURI 

func NewMetadataClientWithBaseURI(baseURI string, subscriptionID string) MetadataClient

NewMetadataClientWithBaseURI creates an instance of the MetadataClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (MetadataClient) Create 

func (client MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel) (result MetadataModel, err error)

Create create a Metadata. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. metadataName - the Metadata name. metadata - metadata resource.

func (MetadataClient) CreatePreparer 

func (client MetadataClient) CreatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel) (*http.Request, error)

CreatePreparer prepares the Create request.

func (MetadataClient) CreateResponder 

func (client MetadataClient) CreateResponder(resp *http.Response) (result MetadataModel, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (MetadataClient) CreateSender 

func (client MetadataClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (MetadataClient) Delete 

func (client MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string) (result autorest.Response, err error)

Delete delete a Metadata. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. metadataName - the Metadata name.

func (MetadataClient) DeletePreparer 

func (client MetadataClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (MetadataClient) DeleteResponder 

func (client MetadataClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (MetadataClient) DeleteSender 

func (client MetadataClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (MetadataClient) Get 

func (client MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string) (result MetadataModel, err error)

Get get a Metadata. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. metadataName - the Metadata name.

func (MetadataClient) GetPreparer 

func (client MetadataClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (MetadataClient) GetResponder 

func (client MetadataClient) GetResponder(resp *http.Response) (result MetadataModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (MetadataClient) GetSender 

func (client MetadataClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (MetadataClient) List 

func (client MetadataClient) List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skip *int32) (result MetadataListPage, err error)

List list of all metadata Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skip - used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.

func (MetadataClient) ListComplete 

func (client MetadataClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skip *int32) (result MetadataListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (MetadataClient) ListPreparer 

func (client MetadataClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skip *int32) (*http.Request, error)

ListPreparer prepares the List request.

func (MetadataClient) ListResponder 

func (client MetadataClient) ListResponder(resp *http.Response) (result MetadataList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (MetadataClient) ListSender 

func (client MetadataClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

func (MetadataClient) Update 

func (client MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch) (result MetadataModel, err error)

Update update an existing Metadata. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. metadataName - the Metadata name. metadataPatch - partial metadata request.

func (MetadataClient) UpdatePreparer 

func (client MetadataClient) UpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch) (*http.Request, error)

UpdatePreparer prepares the Update request.

func (MetadataClient) UpdateResponder 

func (client MetadataClient) UpdateResponder(resp *http.Response) (result MetadataModel, err error)

UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.

func (MetadataClient) UpdateSender 

func (client MetadataClient) UpdateSender(req *http.Request) (*http.Response, error)

UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.

type MetadataDependencies 

type MetadataDependencies struct {
	// ContentID - Id of the content item we depend on
	ContentID *string `json:"contentId,omitempty"`
	// Kind - Type of the content item we depend on. Possible values include: 'KindDataConnector', 'KindDataType', 'KindWorkbook', 'KindWorkbookTemplate', 'KindPlaybook', 'KindPlaybookTemplate', 'KindAnalyticsRuleTemplate', 'KindAnalyticsRule', 'KindHuntingQuery', 'KindInvestigationQuery', 'KindParser', 'KindWatchlist', 'KindWatchlistTemplate', 'KindSolution'
	Kind Kind `json:"kind,omitempty"`
	// Version - Version of the the content item we depend on.  Can be blank, * or missing to indicate any version fulfills the dependency.  If version does not match our defined numeric format then an exact match is required.
	Version *string `json:"version,omitempty"`
	// Name - Name of the content item
	Name *string `json:"name,omitempty"`
	// Operator - Operator used for list of dependencies in criteria array. Possible values include: 'OperatorAND', 'OperatorOR'
	Operator Operator `json:"operator,omitempty"`
	// Criteria - This is the list of dependencies we must fulfill, according to the AND/OR operator
	Criteria *[]MetadataDependencies `json:"criteria,omitempty"`
}

MetadataDependencies dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.

type MetadataList 

type MetadataList struct {
	autorest.Response `json:"-"`
	// Value - Array of metadata.
	Value *[]MetadataModel `json:"value,omitempty"`
	// NextLink - READ-ONLY; URL to fetch the next page of metadata.
	NextLink *string `json:"nextLink,omitempty"`
}

MetadataList list of all the metadata.

func (MetadataList) IsEmpty 

func (ml MetadataList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (MetadataList) MarshalJSON 

func (ml MetadataList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MetadataList.

type MetadataListIterator 

type MetadataListIterator struct {
	// contains filtered or unexported fields
}

MetadataListIterator provides access to a complete listing of MetadataModel values.

func NewMetadataListIterator 

func NewMetadataListIterator(page MetadataListPage) MetadataListIterator

Creates a new instance of the MetadataListIterator type.

func (*MetadataListIterator) Next 

func (iter *MetadataListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*MetadataListIterator) NextWithContext 

func (iter *MetadataListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (MetadataListIterator) NotDone 

func (iter MetadataListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (MetadataListIterator) Response 

func (iter MetadataListIterator) Response() MetadataList

Response returns the raw server response from the last page request.

func (MetadataListIterator) Value 

func (iter MetadataListIterator) Value() MetadataModel

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type MetadataListPage 

type MetadataListPage struct {
	// contains filtered or unexported fields
}

MetadataListPage contains a page of MetadataModel values.

func NewMetadataListPage 

func NewMetadataListPage(cur MetadataList, getNextPage func(context.Context, MetadataList) (MetadataList, error)) MetadataListPage

Creates a new instance of the MetadataListPage type.

func (*MetadataListPage) Next 

func (page *MetadataListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*MetadataListPage) NextWithContext 

func (page *MetadataListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (MetadataListPage) NotDone 

func (page MetadataListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (MetadataListPage) Response 

func (page MetadataListPage) Response() MetadataList

Response returns the raw server response from the last page request.

func (MetadataListPage) Values 

func (page MetadataListPage) Values() []MetadataModel

Values returns the slice of values for the current page or nil if there are no values.

type MetadataModel 

type MetadataModel struct {
	autorest.Response `json:"-"`
	// MetadataProperties - Metadata properties
	*MetadataProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MetadataModel metadata resource definition.

func (MetadataModel) MarshalJSON 

func (mm MetadataModel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MetadataModel.

func (*MetadataModel) UnmarshalJSON 

func (mm *MetadataModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MetadataModel struct.

type MetadataPatch 

type MetadataPatch struct {
	// MetadataPropertiesPatch - Metadata patch request body
	*MetadataPropertiesPatch `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MetadataPatch metadata patch request body.

func (MetadataPatch) MarshalJSON 

func (mp MetadataPatch) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MetadataPatch.

func (*MetadataPatch) UnmarshalJSON 

func (mp *MetadataPatch) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MetadataPatch struct.

type MetadataProperties 

type MetadataProperties struct {
	// ContentID - Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name
	ContentID *string `json:"contentId,omitempty"`
	// ParentID - Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group)
	ParentID *string `json:"parentId,omitempty"`
	// Version - Version of the content.  Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices.  Can also be any string, but then we cannot guarantee any version checks
	Version *string `json:"version,omitempty"`
	// Kind - The kind of content the metadata is for. Possible values include: 'KindDataConnector', 'KindDataType', 'KindWorkbook', 'KindWorkbookTemplate', 'KindPlaybook', 'KindPlaybookTemplate', 'KindAnalyticsRuleTemplate', 'KindAnalyticsRule', 'KindHuntingQuery', 'KindInvestigationQuery', 'KindParser', 'KindWatchlist', 'KindWatchlistTemplate', 'KindSolution'
	Kind Kind `json:"kind,omitempty"`
	// Source - Source of the content.  This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`
	// Author - The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`
	// Support - Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`
	// Dependencies - Dependencies for the content item, what other content items it requires to work.  Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`
	// Categories - Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`
	// Providers - Providers for the solution content item
	Providers *[]string `json:"providers,omitempty"`
	// FirstPublishDate - first publish date solution content item
	FirstPublishDate *date.Date `json:"firstPublishDate,omitempty"`
	// LastPublishDate - last publish date for the solution content item
	LastPublishDate *date.Date `json:"lastPublishDate,omitempty"`
}

MetadataProperties metadata property bag.

type MetadataPropertiesPatch 

type MetadataPropertiesPatch struct {
	// ContentID - Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name
	ContentID *string `json:"contentId,omitempty"`
	// ParentID - Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group)
	ParentID *string `json:"parentId,omitempty"`
	// Version - Version of the content.  Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices.  Can also be any string, but then we cannot guarantee any version checks
	Version *string `json:"version,omitempty"`
	// Kind - The kind of content the metadata is for. Possible values include: 'KindDataConnector', 'KindDataType', 'KindWorkbook', 'KindWorkbookTemplate', 'KindPlaybook', 'KindPlaybookTemplate', 'KindAnalyticsRuleTemplate', 'KindAnalyticsRule', 'KindHuntingQuery', 'KindInvestigationQuery', 'KindParser', 'KindWatchlist', 'KindWatchlistTemplate', 'KindSolution'
	Kind Kind `json:"kind,omitempty"`
	// Source - Source of the content.  This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`
	// Author - The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`
	// Support - Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`
	// Dependencies - Dependencies for the content item, what other content items it requires to work.  Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`
	// Categories - Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`
	// Providers - Providers for the solution content item
	Providers *[]string `json:"providers,omitempty"`
	// FirstPublishDate - first publish date solution content item
	FirstPublishDate *date.Date `json:"firstPublishDate,omitempty"`
	// LastPublishDate - last publish date for the solution content item
	LastPublishDate *date.Date `json:"lastPublishDate,omitempty"`
}

MetadataPropertiesPatch metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required

type MetadataSource 

type MetadataSource struct {
	// Kind - Source type of the content. Possible values include: 'SourceKindLocalWorkspace', 'SourceKindCommunity', 'SourceKindSolution', 'SourceKindSourceRepository'
	Kind SourceKind `json:"kind,omitempty"`
	// Name - Name of the content source.  The repo name, solution name, LA workspace name etc.
	Name *string `json:"name,omitempty"`
	// SourceID - ID of the content source.  The solution ID, workspace ID, etc
	SourceID *string `json:"sourceId,omitempty"`
}

MetadataSource the original source of the content item, where it comes from.

type MetadataSupport 

type MetadataSupport struct {
	// Tier - Type of support for content item. Possible values include: 'SupportTierMicrosoft', 'SupportTierPartner', 'SupportTierCommunity'
	Tier SupportTier `json:"tier,omitempty"`
	// Name - Name of the support contact. Company or person.
	Name *string `json:"name,omitempty"`
	// Email - Email of support contact
	Email *string `json:"email,omitempty"`
	// Link - Link for support help, like to support page to open a ticket etc.
	Link *string `json:"link,omitempty"`
}

MetadataSupport support information for the content item.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties
	*MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsNrtAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsThreatIntelligenceAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties 

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftSecurityProductNameMicrosoftCloudAppSecurity', 'MicrosoftSecurityProductNameAzureSecurityCenter', 'MicrosoftSecurityProductNameAzureAdvancedThreatProtection', 'MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection', 'MicrosoftSecurityProductNameAzureSecurityCenterforIoT', 'MicrosoftSecurityProductNameOffice365AdvancedThreatProtection', 'MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftSecurityProductNameMicrosoftCloudAppSecurity', 'MicrosoftSecurityProductNameAzureSecurityCenter', 'MicrosoftSecurityProductNameAzureAdvancedThreatProtection', 'MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection', 'MicrosoftSecurityProductNameAzureSecurityCenterforIoT', 'MicrosoftSecurityProductNameOffice365AdvancedThreatProtection', 'MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (msicarp MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
	*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftSecurityProductNameMicrosoftCloudAppSecurity', 'MicrosoftSecurityProductNameAzureSecurityCenter', 'MicrosoftSecurityProductNameAzureAdvancedThreatProtection', 'MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection', 'MicrosoftSecurityProductNameAzureSecurityCenterforIoT', 'MicrosoftSecurityProductNameOffice365AdvancedThreatProtection', 'MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName enumerates the values for microsoft security product name. 

const (
	// MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection ...
	MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	// MicrosoftSecurityProductNameAzureAdvancedThreatProtection ...
	MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	// MicrosoftSecurityProductNameAzureSecurityCenter ...
	MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
	// MicrosoftSecurityProductNameAzureSecurityCenterforIoT ...
	MicrosoftSecurityProductNameAzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT"
	// MicrosoftSecurityProductNameMicrosoftCloudAppSecurity ...
	MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
	// MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection ...
	MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
	// MicrosoftSecurityProductNameOffice365AdvancedThreatProtection ...
	MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.

type MtpCheckRequirements 

type MtpCheckRequirements struct {
	// MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties.
	*MTPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MtpCheckRequirements represents MTP (Microsoft Threat Protection) requirements check request.

func (MtpCheckRequirements) AsAADCheckRequirements 

func (mcr MtpCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsAATPCheckRequirements 

func (mcr MtpCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsASCCheckRequirements 

func (mcr MtpCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MtpCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsAwsS3CheckRequirements 

func (mcr MtpCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MtpCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MtpCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsDynamics365CheckRequirements 

func (mcr MtpCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsMCASCheckRequirements 

func (mcr MtpCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsMDATPCheckRequirements 

func (mcr MtpCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsMSTICheckRequirements 

func (mcr MtpCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsMtpCheckRequirements 

func (mcr MtpCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MtpCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsOfficeIRMCheckRequirements 

func (mcr MtpCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsTICheckRequirements 

func (mcr MtpCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MtpCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MtpCheckRequirements.

func (MtpCheckRequirements) MarshalJSON 

func (mcr MtpCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MtpCheckRequirements.

func (*MtpCheckRequirements) UnmarshalJSON 

func (mcr *MtpCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MtpCheckRequirements struct.

type NrtAlertRule 

type NrtAlertRule struct {
	// NrtAlertRuleProperties - NRT alert rule properties
	*NrtAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

NrtAlertRule represents NRT alert rule.

func (NrtAlertRule) AsAlertRule 

func (nar NrtAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsBasicAlertRule 

func (nar NrtAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsFusionAlertRule 

func (nar NrtAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (nar NrtAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (nar NrtAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsNrtAlertRule 

func (nar NrtAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsScheduledAlertRule 

func (nar NrtAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) AsThreatIntelligenceAlertRule 

func (nar NrtAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for NrtAlertRule.

func (NrtAlertRule) MarshalJSON 

func (nar NrtAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for NrtAlertRule.

func (*NrtAlertRule) UnmarshalJSON 

func (nar *NrtAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for NrtAlertRule struct.

type NrtAlertRuleProperties 

type NrtAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// TemplateVersion - The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
	TemplateVersion *string `json:"templateVersion,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
}

NrtAlertRuleProperties nrt alert rule base property bag.

func (NrtAlertRuleProperties) MarshalJSON 

func (narp NrtAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for NrtAlertRuleProperties.

type NrtAlertRuleTemplate 

type NrtAlertRuleTemplate struct {
	// NrtAlertRuleTemplateProperties - NRT alert rule template properties
	*NrtAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

NrtAlertRuleTemplate represents NRT alert rule template.

func (NrtAlertRuleTemplate) AsAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (nart NrtAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) MarshalJSON 

func (nart NrtAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for NrtAlertRuleTemplate.

func (*NrtAlertRuleTemplate) UnmarshalJSON 

func (nart *NrtAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for NrtAlertRuleTemplate struct.

type NrtAlertRuleTemplateProperties 

type NrtAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Version - The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.
	Version *string `json:"version,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
}

NrtAlertRuleTemplateProperties NRT alert rule template properties

func (NrtAlertRuleTemplateProperties) MarshalJSON 

func (nart NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for NrtAlertRuleTemplateProperties.

type OSFamily 

type OSFamily string

OSFamily enumerates the values for os family. 

const (
	// OSFamilyAndroid Host with Android operating system.
	OSFamilyAndroid OSFamily = "Android"
	// OSFamilyIOS Host with IOS operating system.
	OSFamilyIOS OSFamily = "IOS"
	// OSFamilyLinux Host with Linux operating system.
	OSFamilyLinux OSFamily = "Linux"
	// OSFamilyUnknown Host with Unknown operating system.
	OSFamilyUnknown OSFamily = "Unknown"
	// OSFamilyWindows Host with Windows operating system.
	OSFamilyWindows OSFamily = "Windows"
)

func PossibleOSFamilyValues 

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.

type OfficeATPCheckRequirements 

type OfficeATPCheckRequirements struct {
	// OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
	*OfficeATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.

func (OfficeATPCheckRequirements) AsAADCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsASCCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAwsS3CheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsDynamics365CheckRequirements 

func (oacr OfficeATPCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMCASCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMDATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMSTICheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMtpCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsOfficeATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsOfficeIRMCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTICheckRequirements 

func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) MarshalJSON 

func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPCheckRequirements.

func (*OfficeATPCheckRequirements) UnmarshalJSON 

func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct.

type OfficeATPCheckRequirementsProperties 

type OfficeATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check properties.

type OfficeATPDataConnector 

type OfficeATPDataConnector struct {
	// OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
	*OfficeATPDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector.

func (OfficeATPDataConnector) AsAADDataConnector 

func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAATPDataConnector 

func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsASCDataConnector 

func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAwsCloudTrailDataConnector 

func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAwsS3DataConnector 

func (oadc OfficeATPDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsBasicDataConnector 

func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsCodelessAPIPollingDataConnector 

func (oadc OfficeATPDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsCodelessUIDataConnector 

func (oadc OfficeATPDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsDataConnector 

func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsDynamics365DataConnector 

func (oadc OfficeATPDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMCASDataConnector 

func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMDATPDataConnector 

func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMSTIDataConnector 

func (oadc OfficeATPDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMTPDataConnector 

func (oadc OfficeATPDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeATPDataConnector 

func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeDataConnector 

func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeIRMDataConnector 

func (oadc OfficeATPDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTIDataConnector 

func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTiTaxiiDataConnector 

func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) MarshalJSON 

func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPDataConnector.

func (*OfficeATPDataConnector) UnmarshalJSON 

func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct.

type OfficeATPDataConnectorProperties 

type OfficeATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector properties.

type OfficeConsent 

type OfficeConsent struct {
	autorest.Response `json:"-"`
	// OfficeConsentProperties - Office consent properties
	*OfficeConsentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

OfficeConsent consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON 

func (oc OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsent.

func (*OfficeConsent) UnmarshalJSON 

func (oc *OfficeConsent) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.

type OfficeConsentList 

type OfficeConsentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of the consents.
	Value *[]OfficeConsent `json:"value,omitempty"`
}

OfficeConsentList list of all the office365 consents.

func (OfficeConsentList) IsEmpty 

func (ocl OfficeConsentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (OfficeConsentList) MarshalJSON 

func (ocl OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentList.

type OfficeConsentListIterator 

type OfficeConsentListIterator struct {
	// contains filtered or unexported fields
}

OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.

func NewOfficeConsentListIterator 

func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator

Creates a new instance of the OfficeConsentListIterator type.

func (*OfficeConsentListIterator) Next 

func (iter *OfficeConsentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListIterator) NextWithContext 

func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OfficeConsentListIterator) NotDone 

func (iter OfficeConsentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OfficeConsentListIterator) Response 

func (iter OfficeConsentListIterator) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListIterator) Value 

func (iter OfficeConsentListIterator) Value() OfficeConsent

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OfficeConsentListPage 

type OfficeConsentListPage struct {
	// contains filtered or unexported fields
}

OfficeConsentListPage contains a page of OfficeConsent values.

func NewOfficeConsentListPage 

func NewOfficeConsentListPage(cur OfficeConsentList, getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage

Creates a new instance of the OfficeConsentListPage type.

func (*OfficeConsentListPage) Next 

func (page *OfficeConsentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListPage) NextWithContext 

func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OfficeConsentListPage) NotDone 

func (page OfficeConsentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OfficeConsentListPage) Response 

func (page OfficeConsentListPage) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListPage) Values 

func (page OfficeConsentListPage) Values() []OfficeConsent

Values returns the slice of values for the current page or nil if there are no values.

type OfficeConsentProperties 

type OfficeConsentProperties struct {
	// TenantID - The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
	// ConsentID - Help to easily cascade among the data layers.
	ConsentID *string `json:"consentId,omitempty"`
}

OfficeConsentProperties consent property bag.

type OfficeConsentsClient 

type OfficeConsentsClient struct {
	BaseClient
}

OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOfficeConsentsClient 

func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.

func NewOfficeConsentsClientWithBaseURI 

func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OfficeConsentsClient) Delete 

func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string) (result autorest.Response, err error)

Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) DeletePreparer 

func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, consentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (OfficeConsentsClient) DeleteResponder 

func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (OfficeConsentsClient) DeleteSender 

func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) Get 

func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string) (result OfficeConsent, err error)

Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) GetPreparer 

func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, consentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (OfficeConsentsClient) GetResponder 

func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (OfficeConsentsClient) GetSender 

func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) List 

func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result OfficeConsentListPage, err error)

List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (OfficeConsentsClient) ListComplete 

func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result OfficeConsentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OfficeConsentsClient) ListPreparer 

func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (OfficeConsentsClient) ListResponder 

func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OfficeConsentsClient) ListSender 

func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// OfficeDataConnectorProperties - Office data connector properties.
	*OfficeDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

OfficeDataConnector represents office data connector.

func (OfficeDataConnector) AsAADDataConnector 

func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAATPDataConnector 

func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsASCDataConnector 

func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsCloudTrailDataConnector 

func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsS3DataConnector 

func (odc OfficeDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsBasicDataConnector 

func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsCodelessAPIPollingDataConnector 

func (odc OfficeDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsCodelessUIDataConnector 

func (odc OfficeDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDataConnector 

func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDynamics365DataConnector 

func (odc OfficeDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMCASDataConnector 

func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMDATPDataConnector 

func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMSTIDataConnector 

func (odc OfficeDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMTPDataConnector 

func (odc OfficeDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeATPDataConnector 

func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeDataConnector 

func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeIRMDataConnector 

func (odc OfficeDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTIDataConnector 

func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTiTaxiiDataConnector 

func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// Exchange - Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`
	// SharePoint - SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`
	// Teams - Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"`
}

OfficeDataConnectorDataTypes the available data types for office data connector.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.

type OfficeDataConnectorDataTypesTeams 

type OfficeDataConnectorDataTypesTeams struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesTeams teams data type connection.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties office data connector properties.

type OfficeIRMCheckRequirements 

type OfficeIRMCheckRequirements struct {
	// OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties.
	*OfficeIRMCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

OfficeIRMCheckRequirements represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.

func (OfficeIRMCheckRequirements) AsAADCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsAATPCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsASCCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsAwsS3CheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsDataConnectorsCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsDynamics365CheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsMCASCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsMDATPCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsMSTICheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsMtpCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsOfficeATPCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsOfficeIRMCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsTICheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) AsTiTaxiiCheckRequirements 

func (oicr OfficeIRMCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) MarshalJSON 

func (oicr OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeIRMCheckRequirements.

func (*OfficeIRMCheckRequirements) UnmarshalJSON 

func (oicr *OfficeIRMCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeIRMCheckRequirements struct.

type OfficeIRMCheckRequirementsProperties 

type OfficeIRMCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeIRMCheckRequirementsProperties officeIRM (Microsoft Insider Risk Management) requirements check properties.

type OfficeIRMDataConnector 

type OfficeIRMDataConnector struct {
	// OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties.
	*OfficeIRMDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

OfficeIRMDataConnector represents OfficeIRM (Microsoft Insider Risk Management) data connector.

func (OfficeIRMDataConnector) AsAADDataConnector 

func (oidc OfficeIRMDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsAATPDataConnector 

func (oidc OfficeIRMDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsASCDataConnector 

func (oidc OfficeIRMDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsAwsCloudTrailDataConnector 

func (oidc OfficeIRMDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsAwsS3DataConnector 

func (oidc OfficeIRMDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsBasicDataConnector 

func (oidc OfficeIRMDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsCodelessAPIPollingDataConnector 

func (oidc OfficeIRMDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsCodelessUIDataConnector 

func (oidc OfficeIRMDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsDataConnector 

func (oidc OfficeIRMDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsDynamics365DataConnector 

func (oidc OfficeIRMDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsMCASDataConnector 

func (oidc OfficeIRMDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsMDATPDataConnector 

func (oidc OfficeIRMDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsMSTIDataConnector 

func (oidc OfficeIRMDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsMTPDataConnector 

func (oidc OfficeIRMDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsOfficeATPDataConnector 

func (oidc OfficeIRMDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsOfficeDataConnector 

func (oidc OfficeIRMDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsOfficeIRMDataConnector 

func (oidc OfficeIRMDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsTIDataConnector 

func (oidc OfficeIRMDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) AsTiTaxiiDataConnector 

func (oidc OfficeIRMDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeIRMDataConnector.

func (OfficeIRMDataConnector) MarshalJSON 

func (oidc OfficeIRMDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeIRMDataConnector.

func (*OfficeIRMDataConnector) UnmarshalJSON 

func (oidc *OfficeIRMDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeIRMDataConnector struct.

type OfficeIRMDataConnectorProperties 

type OfficeIRMDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeIRMDataConnectorProperties officeIRM (Microsoft Insider Risk Management) data connector properties.

type Operation 

type Operation struct {
	// Display - Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`
	// Name - Name of the operation
	Name *string `json:"name,omitempty"`
	// Origin - The origin of the operation
	Origin *string `json:"origin,omitempty"`
	// IsDataAction - Indicates whether the operation is a data action
	IsDataAction *bool `json:"isDataAction,omitempty"`
}

Operation operation provided by provider

type OperationDisplay 

type OperationDisplay struct {
	// Description - Description of the operation
	Description *string `json:"description,omitempty"`
	// Operation - Operation name
	Operation *string `json:"operation,omitempty"`
	// Provider - Provider name
	Provider *string `json:"provider,omitempty"`
	// Resource - Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay properties of the operation

type OperationsClient 

type OperationsClient struct {
	BaseClient
}

OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOperationsClient 

func NewOperationsClient(subscriptionID string) OperationsClient

NewOperationsClient creates an instance of the OperationsClient client.

func NewOperationsClientWithBaseURI 

func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient

NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OperationsClient) List 

func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)

List lists all operations available Azure Security Insights Resource Provider.

func (OperationsClient) ListComplete 

func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OperationsClient) ListPreparer 

func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)

ListPreparer prepares the List request.

func (OperationsClient) ListResponder 

func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OperationsClient) ListSender 

func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OperationsList 

type OperationsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of operations
	Value *[]Operation `json:"value,omitempty"`
}

OperationsList lists the operations available in the SecurityInsights RP.

func (OperationsList) IsEmpty 

func (ol OperationsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (OperationsList) MarshalJSON 

func (ol OperationsList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OperationsList.

type OperationsListIterator 

type OperationsListIterator struct {
	// contains filtered or unexported fields
}

OperationsListIterator provides access to a complete listing of Operation values.

func NewOperationsListIterator 

func NewOperationsListIterator(page OperationsListPage) OperationsListIterator

Creates a new instance of the OperationsListIterator type.

func (*OperationsListIterator) Next 

func (iter *OperationsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListIterator) NextWithContext 

func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OperationsListIterator) NotDone 

func (iter OperationsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OperationsListIterator) Response 

func (iter OperationsListIterator) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListIterator) Value 

func (iter OperationsListIterator) Value() Operation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OperationsListPage 

type OperationsListPage struct {
	// contains filtered or unexported fields
}

OperationsListPage contains a page of Operation values.

func NewOperationsListPage 

func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage

Creates a new instance of the OperationsListPage type.

func (*OperationsListPage) Next 

func (page *OperationsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListPage) NextWithContext 

func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OperationsListPage) NotDone 

func (page OperationsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OperationsListPage) Response 

func (page OperationsListPage) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListPage) Values 

func (page OperationsListPage) Values() []Operation

Values returns the slice of values for the current page or nil if there are no values.

type Operator 

type Operator string

Operator enumerates the values for operator. 

const (
	// OperatorAND ...
	OperatorAND Operator = "AND"
	// OperatorOR ...
	OperatorOR Operator = "OR"
)

func PossibleOperatorValues 

func PossibleOperatorValues() []Operator

PossibleOperatorValues returns an array of possible values for the Operator const type.

type OutputType 

type OutputType string

OutputType enumerates the values for output type. 

const (
	// OutputTypeDate ...
	OutputTypeDate OutputType = "Date"
	// OutputTypeEntity ...
	OutputTypeEntity OutputType = "Entity"
	// OutputTypeNumber ...
	OutputTypeNumber OutputType = "Number"
	// OutputTypeString ...
	OutputTypeString OutputType = "String"
)

func PossibleOutputTypeValues 

func PossibleOutputTypeValues() []OutputType

PossibleOutputTypeValues returns an array of possible values for the OutputType const type.

type OwnerType 

type OwnerType string

OwnerType enumerates the values for owner type. 

const (
	// OwnerTypeGroup The incident owner type is an AAD group
	OwnerTypeGroup OwnerType = "Group"
	// OwnerTypeUnknown The incident owner type is unknown
	OwnerTypeUnknown OwnerType = "Unknown"
	// OwnerTypeUser The incident owner type is an AAD user
	OwnerTypeUser OwnerType = "User"
)

func PossibleOwnerTypeValues 

func PossibleOwnerTypeValues() []OwnerType

PossibleOwnerTypeValues returns an array of possible values for the OwnerType const type.

type PermissionProviderScope 

type PermissionProviderScope string

PermissionProviderScope enumerates the values for permission provider scope. 

const (
	// PermissionProviderScopeResourceGroup ...
	PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup"
	// PermissionProviderScopeSubscription ...
	PermissionProviderScopeSubscription PermissionProviderScope = "Subscription"
	// PermissionProviderScopeWorkspace ...
	PermissionProviderScopeWorkspace PermissionProviderScope = "Workspace"
)

func PossiblePermissionProviderScopeValues 

func PossiblePermissionProviderScopeValues() []PermissionProviderScope

PossiblePermissionProviderScopeValues returns an array of possible values for the PermissionProviderScope const type.

type Permissions 

type Permissions struct {
	// ResourceProvider - Resource provider permissions required for the connector
	ResourceProvider *[]PermissionsResourceProviderItem `json:"resourceProvider,omitempty"`
	// Customs - Customs permissions required for the connector
	Customs *[]PermissionsCustomsItem `json:"customs,omitempty"`
}

Permissions permissions required for the connector

type PermissionsCustomsItem 

type PermissionsCustomsItem struct {
	// Name - Customs permissions name
	Name *string `json:"name,omitempty"`
	// Description - Customs permissions description
	Description *string `json:"description,omitempty"`
}

PermissionsCustomsItem ...

type PermissionsResourceProviderItem 

type PermissionsResourceProviderItem struct {
	// Provider - Provider name. Possible values include: 'ProviderNameMicrosoftOperationalInsightssolutions', 'ProviderNameMicrosoftOperationalInsightsworkspaces', 'ProviderNameMicrosoftOperationalInsightsworkspacesdatasources', 'ProviderNameMicrosoftaadiamdiagnosticSettings', 'ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys', 'ProviderNameMicrosoftAuthorizationpolicyAssignments'
	Provider ProviderName `json:"provider,omitempty"`
	// PermissionsDisplayText - Permission description text
	PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"`
	// ProviderDisplayName - Permission provider display name
	ProviderDisplayName *string `json:"providerDisplayName,omitempty"`
	// Scope - Permission provider scope. Possible values include: 'PermissionProviderScopeResourceGroup', 'PermissionProviderScopeSubscription', 'PermissionProviderScopeWorkspace'
	Scope PermissionProviderScope `json:"scope,omitempty"`
	// RequiredPermissions - Required permissions for the connector
	RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"`
}

PermissionsResourceProviderItem ...

type PollingFrequency 

type PollingFrequency string

PollingFrequency enumerates the values for polling frequency. 

const (
	// PollingFrequencyOnceADay Once a day
	PollingFrequencyOnceADay PollingFrequency = "OnceADay"
	// PollingFrequencyOnceAMinute Once a minute
	PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute"
	// PollingFrequencyOnceAnHour Once an hour
	PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour"
)

func PossiblePollingFrequencyValues 

func PossiblePollingFrequencyValues() []PollingFrequency

PossiblePollingFrequencyValues returns an array of possible values for the PollingFrequency const type.

type ProcessEntity 

type ProcessEntity struct {
	// ProcessEntityProperties - Process entity properties
	*ProcessEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ProcessEntity represents a process entity.

func (ProcessEntity) AsAccountEntity 

func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsAzureResourceEntity 

func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsBasicEntity 

func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsCloudApplicationEntity 

func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsDNSEntity 

func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsEntity 

func (peVar ProcessEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileEntity 

func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileHashEntity 

func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHostEntity 

func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHuntingBookmark 

func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIPEntity 

func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIoTDeviceEntity 

func (peVar ProcessEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMailClusterEntity 

func (peVar ProcessEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMailMessageEntity 

func (peVar ProcessEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMailboxEntity 

func (peVar ProcessEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMalwareEntity 

func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsProcessEntity 

func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryKeyEntity 

func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryValueEntity 

func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityAlert 

func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityGroupEntity 

func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSubmissionMailEntity 

func (peVar ProcessEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsURLEntity 

func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) MarshalJSON 

func (peVar ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntity.

func (*ProcessEntity) UnmarshalJSON 

func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.

type ProcessEntityProperties 

type ProcessEntityProperties struct {
	// AccountEntityID - READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty"`
	// CommandLine - READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty"`
	// CreationTimeUtc - READ-ONLY; The time when the process started to run
	CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"`
	// ElevationToken - The elevation token associated with the process. Possible values include: 'ElevationTokenDefault', 'ElevationTokenFull', 'ElevationTokenLimited'
	ElevationToken ElevationToken `json:"elevationToken,omitempty"`
	// HostEntityID - READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"`
	// ImageFileEntityID - READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty"`
	// ParentProcessEntityID - READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"`
	// ProcessID - READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ProcessEntityProperties process entity property bag.

func (ProcessEntityProperties) MarshalJSON 

func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntityProperties.

type ProductSettingsClient 

type ProductSettingsClient struct {
	BaseClient
}

ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewProductSettingsClient 

func NewProductSettingsClient(subscriptionID string) ProductSettingsClient

NewProductSettingsClient creates an instance of the ProductSettingsClient client.

func NewProductSettingsClientWithBaseURI 

func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient

NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ProductSettingsClient) Delete 

func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string) (result autorest.Response, err error)

Delete delete setting of the product. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. settingsName - the setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) DeletePreparer 

func (client ProductSettingsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ProductSettingsClient) DeleteResponder 

func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ProductSettingsClient) DeleteSender 

func (client ProductSettingsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Get 

func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string) (result SettingsModel, err error)

Get gets a setting. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. settingsName - the setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) GetPreparer 

func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ProductSettingsClient) GetResponder 

func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetSender 

func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) List 

func (client ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result SettingList, err error)

List list of all the settings Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (ProductSettingsClient) ListPreparer 

func (client ProductSettingsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (ProductSettingsClient) ListResponder 

func (client ProductSettingsClient) ListResponder(resp *http.Response) (result SettingList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ProductSettingsClient) ListSender 

func (client ProductSettingsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Update 

func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)

Update updates setting. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. settingsName - the setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba settings - the setting

func (ProductSettingsClient) UpdatePreparer 

func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)

UpdatePreparer prepares the Update request.

func (ProductSettingsClient) UpdateResponder 

func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)

UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.

func (ProductSettingsClient) UpdateSender 

func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)

UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.

type ProviderName 

type ProviderName string

ProviderName enumerates the values for provider name. 

const (
	// ProviderNameMicrosoftaadiamdiagnosticSettings ...
	ProviderNameMicrosoftaadiamdiagnosticSettings ProviderName = "microsoft.aadiam/diagnosticSettings"
	// ProviderNameMicrosoftAuthorizationpolicyAssignments ...
	ProviderNameMicrosoftAuthorizationpolicyAssignments ProviderName = "Microsoft.Authorization/policyAssignments"
	// ProviderNameMicrosoftOperationalInsightssolutions ...
	ProviderNameMicrosoftOperationalInsightssolutions ProviderName = "Microsoft.OperationalInsights/solutions"
	// ProviderNameMicrosoftOperationalInsightsworkspaces ...
	ProviderNameMicrosoftOperationalInsightsworkspaces ProviderName = "Microsoft.OperationalInsights/workspaces"
	// ProviderNameMicrosoftOperationalInsightsworkspacesdatasources ...
	ProviderNameMicrosoftOperationalInsightsworkspacesdatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources"
	// ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys ...
	ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys"
)

func PossibleProviderNameValues 

func PossibleProviderNameValues() []ProviderName

PossibleProviderNameValues returns an array of possible values for the ProviderName const type.

type ProxyResource 

type ProxyResource struct {
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ProxyResource the resource model definition for a Azure Resource Manager proxy resource. It will not have tags and a location

func (ProxyResource) MarshalJSON 

func (pr ProxyResource) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProxyResource.

type QueryBasedAlertRuleProperties 

type QueryBasedAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// TemplateVersion - The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
	TemplateVersion *string `json:"templateVersion,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
}

QueryBasedAlertRuleProperties query based alert rule base property bag.

func (QueryBasedAlertRuleProperties) MarshalJSON 

func (qbarp QueryBasedAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for QueryBasedAlertRuleProperties.

type QueryBasedAlertRuleTemplateProperties 

type QueryBasedAlertRuleTemplateProperties struct {
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Version - The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.
	Version *string `json:"version,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
}

QueryBasedAlertRuleTemplateProperties query based alert rule template base property bag.

func (QueryBasedAlertRuleTemplateProperties) MarshalJSON 

func (qbartp QueryBasedAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for QueryBasedAlertRuleTemplateProperties.

type RegistryHive 

type RegistryHive string

RegistryHive enumerates the values for registry hive. 

const (
	// RegistryHiveHKEYA HKEY_A
	RegistryHiveHKEYA RegistryHive = "HKEY_A"
	// RegistryHiveHKEYCLASSESROOT HKEY_CLASSES_ROOT
	RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// RegistryHiveHKEYCURRENTCONFIG HKEY_CURRENT_CONFIG
	RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// RegistryHiveHKEYCURRENTUSER HKEY_CURRENT_USER
	RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// RegistryHiveHKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS
	RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// RegistryHiveHKEYLOCALMACHINE HKEY_LOCAL_MACHINE
	RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// RegistryHiveHKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA
	RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// RegistryHiveHKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT
	RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// RegistryHiveHKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT
	RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// RegistryHiveHKEYUSERS HKEY_USERS
	RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues 

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.

type RegistryKeyEntity 

type RegistryKeyEntity struct {
	// RegistryKeyEntityProperties - RegistryKey entity properties
	*RegistryKeyEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

RegistryKeyEntity represents a registry key entity.

func (RegistryKeyEntity) AsAccountEntity 

func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsAzureResourceEntity 

func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsBasicEntity 

func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsCloudApplicationEntity 

func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsDNSEntity 

func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsEntity 

func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileEntity 

func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileHashEntity 

func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHostEntity 

func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHuntingBookmark 

func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIPEntity 

func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIoTDeviceEntity 

func (rke RegistryKeyEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMailClusterEntity 

func (rke RegistryKeyEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMailMessageEntity 

func (rke RegistryKeyEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMailboxEntity 

func (rke RegistryKeyEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMalwareEntity 

func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsProcessEntity 

func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryKeyEntity 

func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryValueEntity 

func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityAlert 

func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityGroupEntity 

func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSubmissionMailEntity 

func (rke RegistryKeyEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsURLEntity 

func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON 

func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON 

func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.

type RegistryKeyEntityProperties 

type RegistryKeyEntityProperties struct {
	// Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'RegistryHiveHKEYLOCALMACHINE', 'RegistryHiveHKEYCLASSESROOT', 'RegistryHiveHKEYCURRENTCONFIG', 'RegistryHiveHKEYUSERS', 'RegistryHiveHKEYCURRENTUSERLOCALSETTINGS', 'RegistryHiveHKEYPERFORMANCEDATA', 'RegistryHiveHKEYPERFORMANCENLSTEXT', 'RegistryHiveHKEYPERFORMANCETEXT', 'RegistryHiveHKEYA', 'RegistryHiveHKEYCURRENTUSER'
	Hive RegistryHive `json:"hive,omitempty"`
	// Key - READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryKeyEntityProperties registryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON 

func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.

type RegistryValueEntity 

type RegistryValueEntity struct {
	// RegistryValueEntityProperties - RegistryKey entity properties
	*RegistryValueEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

RegistryValueEntity represents a registry value entity.

func (RegistryValueEntity) AsAccountEntity 

func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsAzureResourceEntity 

func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsBasicEntity 

func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsCloudApplicationEntity 

func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsDNSEntity 

func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsEntity 

func (rve RegistryValueEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileEntity 

func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileHashEntity 

func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHostEntity 

func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHuntingBookmark 

func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIPEntity 

func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIoTDeviceEntity 

func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMailClusterEntity 

func (rve RegistryValueEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMailMessageEntity 

func (rve RegistryValueEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMailboxEntity 

func (rve RegistryValueEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMalwareEntity 

func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsProcessEntity 

func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryKeyEntity 

func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryValueEntity 

func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityAlert 

func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityGroupEntity 

func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSubmissionMailEntity 

func (rve RegistryValueEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsURLEntity 

func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON 

func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON 

func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.

type RegistryValueEntityProperties 

type RegistryValueEntityProperties struct {
	// KeyEntityID - READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty"`
	// ValueData - READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty"`
	// ValueName - READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty"`
	// ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord'
	ValueType RegistryValueKind `json:"valueType,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryValueEntityProperties registryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON 

func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntityProperties.

type RegistryValueKind 

type RegistryValueKind string

RegistryValueKind enumerates the values for registry value kind. 

const (
	// RegistryValueKindBinary Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues 

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.

type Relation 

type Relation struct {
	autorest.Response `json:"-"`
	// RelationProperties - Relation properties
	*RelationProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Relation represents a relation between two resources

func (Relation) MarshalJSON 

func (r Relation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Relation.

func (*Relation) UnmarshalJSON 

func (r *Relation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Relation struct.

type RelationList 

type RelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]Relation `json:"value,omitempty"`
}

RelationList list of relations.

func (RelationList) IsEmpty 

func (rl RelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (RelationList) MarshalJSON 

func (rl RelationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationList.

type RelationListIterator 

type RelationListIterator struct {
	// contains filtered or unexported fields
}

RelationListIterator provides access to a complete listing of Relation values.

func NewRelationListIterator 

func NewRelationListIterator(page RelationListPage) RelationListIterator

Creates a new instance of the RelationListIterator type.

func (*RelationListIterator) Next 

func (iter *RelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListIterator) NextWithContext 

func (iter *RelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (RelationListIterator) NotDone 

func (iter RelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (RelationListIterator) Response 

func (iter RelationListIterator) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListIterator) Value 

func (iter RelationListIterator) Value() Relation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type RelationListPage 

type RelationListPage struct {
	// contains filtered or unexported fields
}

RelationListPage contains a page of Relation values.

func NewRelationListPage 

func NewRelationListPage(cur RelationList, getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage

Creates a new instance of the RelationListPage type.

func (*RelationListPage) Next 

func (page *RelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListPage) NextWithContext 

func (page *RelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (RelationListPage) NotDone 

func (page RelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (RelationListPage) Response 

func (page RelationListPage) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListPage) Values 

func (page RelationListPage) Values() []Relation

Values returns the slice of values for the current page or nil if there are no values.

type RelationProperties 

type RelationProperties struct {
	// RelatedResourceID - The resource ID of the related resource
	RelatedResourceID *string `json:"relatedResourceId,omitempty"`
	// RelatedResourceName - READ-ONLY; The name of the related resource
	RelatedResourceName *string `json:"relatedResourceName,omitempty"`
	// RelatedResourceType - READ-ONLY; The resource type of the related resource
	RelatedResourceType *string `json:"relatedResourceType,omitempty"`
	// RelatedResourceKind - READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string `json:"relatedResourceKind,omitempty"`
}

RelationProperties relation property bag.

func (RelationProperties) MarshalJSON 

func (rp RelationProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationProperties.

type Repo 

type Repo struct {
	// URL - The url to access the repository.
	URL *string `json:"url,omitempty"`
	// FullName - The name of the repository.
	FullName *string `json:"fullName,omitempty"`
	// Branches - Array of branches.
	Branches *[]string `json:"branches,omitempty"`
}

Repo represents a repository.

type RepoList 

type RepoList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of repositories.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of repositories.
	Value *[]Repo `json:"value,omitempty"`
}

RepoList list all the source controls.

func (RepoList) IsEmpty 

func (rl RepoList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (RepoList) MarshalJSON 

func (rl RepoList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RepoList.

type RepoListIterator 

type RepoListIterator struct {
	// contains filtered or unexported fields
}

RepoListIterator provides access to a complete listing of Repo values.

func NewRepoListIterator 

func NewRepoListIterator(page RepoListPage) RepoListIterator

Creates a new instance of the RepoListIterator type.

func (*RepoListIterator) Next 

func (iter *RepoListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RepoListIterator) NextWithContext 

func (iter *RepoListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (RepoListIterator) NotDone 

func (iter RepoListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (RepoListIterator) Response 

func (iter RepoListIterator) Response() RepoList

Response returns the raw server response from the last page request.

func (RepoListIterator) Value 

func (iter RepoListIterator) Value() Repo

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type RepoListPage 

type RepoListPage struct {
	// contains filtered or unexported fields
}

RepoListPage contains a page of Repo values.

func NewRepoListPage 

func NewRepoListPage(cur RepoList, getNextPage func(context.Context, RepoList) (RepoList, error)) RepoListPage

Creates a new instance of the RepoListPage type.

func (*RepoListPage) Next 

func (page *RepoListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RepoListPage) NextWithContext 

func (page *RepoListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (RepoListPage) NotDone 

func (page RepoListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (RepoListPage) Response 

func (page RepoListPage) Response() RepoList

Response returns the raw server response from the last page request.

func (RepoListPage) Values 

func (page RepoListPage) Values() []Repo

Values returns the slice of values for the current page or nil if there are no values.

type RepoType 

type RepoType string

RepoType enumerates the values for repo type. 

const (
	// RepoTypeDevOps ...
	RepoTypeDevOps RepoType = "DevOps"
	// RepoTypeGithub ...
	RepoTypeGithub RepoType = "Github"
)

func PossibleRepoTypeValues 

func PossibleRepoTypeValues() []RepoType

PossibleRepoTypeValues returns an array of possible values for the RepoType const type.

type Repository 

type Repository struct {
	// URL - Url of repository.
	URL *string `json:"url,omitempty"`
	// Branch - Branch name of repository.
	Branch *string `json:"branch,omitempty"`
	// DisplayURL - Display url of repository.
	DisplayURL *string `json:"displayUrl,omitempty"`
	// DeploymentLogsURL - Url to access repository action logs.
	DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"`
	// PathMapping - Dictionary of source control content type and path mapping.
	PathMapping *[]ContentPathMap `json:"pathMapping,omitempty"`
}

Repository metadata of a repository.

type RequiredPermissions 

type RequiredPermissions struct {
	// Action - action permission
	Action *bool `json:"action,omitempty"`
	// Write - write permission
	Write *bool `json:"write,omitempty"`
	// Read - read permission
	Read *bool `json:"read,omitempty"`
	// Delete - delete permission
	Delete *bool `json:"delete,omitempty"`
}

RequiredPermissions required permissions for the connector

type Resource 

type Resource struct {
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Resource common fields that are returned in the response for all Azure Resource Manager resources

func (Resource) MarshalJSON 

func (r Resource) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Resource.

type ResourceProvider 

type ResourceProvider struct {
	// Provider - Provider name. Possible values include: 'ProviderNameMicrosoftOperationalInsightssolutions', 'ProviderNameMicrosoftOperationalInsightsworkspaces', 'ProviderNameMicrosoftOperationalInsightsworkspacesdatasources', 'ProviderNameMicrosoftaadiamdiagnosticSettings', 'ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys', 'ProviderNameMicrosoftAuthorizationpolicyAssignments'
	Provider ProviderName `json:"provider,omitempty"`
	// PermissionsDisplayText - Permission description text
	PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"`
	// ProviderDisplayName - Permission provider display name
	ProviderDisplayName *string `json:"providerDisplayName,omitempty"`
	// Scope - Permission provider scope. Possible values include: 'PermissionProviderScopeResourceGroup', 'PermissionProviderScopeSubscription', 'PermissionProviderScopeWorkspace'
	Scope PermissionProviderScope `json:"scope,omitempty"`
	// RequiredPermissions - Required permissions for the connector
	RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"`
}

ResourceProvider resource provider permissions required for the connector

type ResourceWithEtag 

type ResourceWithEtag struct {
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ResourceWithEtag an azure resource object with an Etag property

func (ResourceWithEtag) MarshalJSON 

func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ResourceWithEtag.

type SampleQueries 

type SampleQueries struct {
	// Description - The sample query description
	Description *string `json:"description,omitempty"`
	// Query - the sample query
	Query *string `json:"query,omitempty"`
}

SampleQueries the sample queries for the connector

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// ScheduledAlertRuleProperties - Scheduled alert rule properties
	*ScheduledAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ScheduledAlertRule represents scheduled alert rule.

func (ScheduledAlertRule) AsAlertRule 

func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsBasicAlertRule 

func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsFusionAlertRule 

func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (sar ScheduledAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsNrtAlertRule 

func (sar ScheduledAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsScheduledAlertRule 

func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsThreatIntelligenceAlertRule 

func (sar ScheduledAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.

type ScheduledAlertRuleCommonProperties 

type ScheduledAlertRuleCommonProperties struct {
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'TriggerOperatorGreaterThan', 'TriggerOperatorLessThan', 'TriggerOperatorEqual', 'TriggerOperatorNotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleCommonProperties scheduled alert rule template property bag.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'TriggerOperatorGreaterThan', 'TriggerOperatorLessThan', 'TriggerOperatorEqual', 'TriggerOperatorNotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// TemplateVersion - The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
	TemplateVersion *string `json:"templateVersion,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
}

ScheduledAlertRuleProperties scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
	*ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ScheduledAlertRuleTemplate represents scheduled alert rule template.

func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Version - The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.
	Version *string `json:"version,omitempty"`
	// CustomDetails - Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails"`
	// EntityMappings - Array of the entity mappings of the alert rule
	EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"`
	// AlertDetailsOverride - The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'TriggerOperatorGreaterThan', 'TriggerOperatorLessThan', 'TriggerOperatorEqual', 'TriggerOperatorNotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleTemplateProperties scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties.

type SecurityAlert 

type SecurityAlert struct {
	// SecurityAlertProperties - SecurityAlert entity properties
	*SecurityAlertProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

SecurityAlert represents a security alert entity.

func (SecurityAlert) AsAccountEntity 

func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsAzureResourceEntity 

func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsBasicEntity 

func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsCloudApplicationEntity 

func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsDNSEntity 

func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsEntity 

func (sa SecurityAlert) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileEntity 

func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileHashEntity 

func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHostEntity 

func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHuntingBookmark 

func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIPEntity 

func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIoTDeviceEntity 

func (sa SecurityAlert) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMailClusterEntity 

func (sa SecurityAlert) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMailMessageEntity 

func (sa SecurityAlert) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMailboxEntity 

func (sa SecurityAlert) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMalwareEntity 

func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsProcessEntity 

func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryKeyEntity 

func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryValueEntity 

func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityAlert 

func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityGroupEntity 

func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSubmissionMailEntity 

func (sa SecurityAlert) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsURLEntity 

func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) MarshalJSON 

func (sa SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlert.

func (*SecurityAlert) UnmarshalJSON 

func (sa *SecurityAlert) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.

type SecurityAlertProperties 

type SecurityAlertProperties struct {
	// AlertDisplayName - READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty"`
	// AlertType - READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty"`
	// CompromisedEntity - READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty"`
	// ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh'
	ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"`
	// ConfidenceReasons - READ-ONLY; The confidence reasons
	ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"`
	// ConfidenceScore - READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty"`
	// ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'ConfidenceScoreStatusNotApplicable', 'ConfidenceScoreStatusInProcess', 'ConfidenceScoreStatusNotFinal', 'ConfidenceScoreStatusFinal'
	ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"`
	// Description - READ-ONLY; Alert description.
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact'
	Intent KillChainIntent `json:"intent,omitempty"`
	// ProviderAlertID - READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string `json:"providerAlertId,omitempty"`
	// ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"`
	// ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty"`
	// ProductName - READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty"`
	// ProductVersion - READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty"`
	// RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps *[]string `json:"remediationSteps,omitempty"`
	// Severity - The severity of the alert. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress'
	Status AlertStatus `json:"status,omitempty"`
	// SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// TimeGenerated - READ-ONLY; The time the alert was generated.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// VendorName - READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty"`
	// AlertLink - READ-ONLY; The uri link of the alert.
	AlertLink *string `json:"alertLink,omitempty"`
	// ResourceIdentifiers - READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityAlertProperties securityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON 

func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem 

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// Reason - READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty"`
	// ReasonType - READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty"`
}

SecurityAlertPropertiesConfidenceReasonsItem confidence reason item

func (SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON 

func (sapRi SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertPropertiesConfidenceReasonsItem.

type SecurityAlertTimelineItem 

type SecurityAlertTimelineItem struct {
	// AzureResourceID - The alert azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// ProductName - The alert product name.
	ProductName *string `json:"productName,omitempty"`
	// Description - The alert description.
	Description *string `json:"description,omitempty"`
	// DisplayName - The alert name.
	DisplayName *string `json:"displayName,omitempty"`
	// Severity - The alert severity. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// EndTimeUtc - The alert end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - The alert start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// TimeGenerated - The alert generated time.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// AlertType - The name of the alert type.
	AlertType *string `json:"alertType,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindBookmark', 'KindBasicEntityTimelineItemKindSecurityAlert'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

SecurityAlertTimelineItem represents security alert timeline item.

func (SecurityAlertTimelineItem) AsActivityTimelineItem 

func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBasicEntityTimelineItem 

func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBookmarkTimelineItem 

func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsEntityTimelineItem 

func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsSecurityAlertTimelineItem 

func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) MarshalJSON 

func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertTimelineItem.

type SecurityGroupEntity 

type SecurityGroupEntity struct {
	// SecurityGroupEntityProperties - SecurityGroup entity properties
	*SecurityGroupEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

SecurityGroupEntity represents a security group entity.

func (SecurityGroupEntity) AsAccountEntity 

func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsAzureResourceEntity 

func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsBasicEntity 

func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsCloudApplicationEntity 

func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsDNSEntity 

func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsEntity 

func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileEntity 

func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileHashEntity 

func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHostEntity 

func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHuntingBookmark 

func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIPEntity 

func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIoTDeviceEntity 

func (sge SecurityGroupEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMailClusterEntity 

func (sge SecurityGroupEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMailMessageEntity 

func (sge SecurityGroupEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMailboxEntity 

func (sge SecurityGroupEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMalwareEntity 

func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsProcessEntity 

func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryKeyEntity 

func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryValueEntity 

func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityAlert 

func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityGroupEntity 

func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSubmissionMailEntity 

func (sge SecurityGroupEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsURLEntity 

func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON 

func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON 

func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.

type SecurityGroupEntityProperties 

type SecurityGroupEntityProperties struct {
	// DistinguishedName - READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty"`
	// ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityGroupEntityProperties securityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON 

func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.

type SentinelOnboardingState 

type SentinelOnboardingState struct {
	autorest.Response `json:"-"`
	// SentinelOnboardingStateProperties - The Sentinel onboarding state object
	*SentinelOnboardingStateProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

SentinelOnboardingState sentinel onboarding state

func (SentinelOnboardingState) MarshalJSON 

func (sos SentinelOnboardingState) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SentinelOnboardingState.

func (*SentinelOnboardingState) UnmarshalJSON 

func (sos *SentinelOnboardingState) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SentinelOnboardingState struct.

type SentinelOnboardingStateProperties 

type SentinelOnboardingStateProperties struct {
	// CustomerManagedKey - Flag that indicates the status of the CMK setting
	CustomerManagedKey *bool `json:"customerManagedKey,omitempty"`
}

SentinelOnboardingStateProperties the Sentinel onboarding state properties

type SentinelOnboardingStatesClient 

type SentinelOnboardingStatesClient struct {
	BaseClient
}

SentinelOnboardingStatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewSentinelOnboardingStatesClient 

func NewSentinelOnboardingStatesClient(subscriptionID string) SentinelOnboardingStatesClient

NewSentinelOnboardingStatesClient creates an instance of the SentinelOnboardingStatesClient client.

func NewSentinelOnboardingStatesClientWithBaseURI 

func NewSentinelOnboardingStatesClientWithBaseURI(baseURI string, subscriptionID string) SentinelOnboardingStatesClient

NewSentinelOnboardingStatesClientWithBaseURI creates an instance of the SentinelOnboardingStatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (SentinelOnboardingStatesClient) Create 

func (client SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, sentinelOnboardingStateParameter *SentinelOnboardingState) (result SentinelOnboardingState, err error)

Create create Sentinel onboarding state Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sentinelOnboardingStateName - the Sentinel onboarding state name. Supports - default sentinelOnboardingStateParameter - the Sentinel onboarding state parameter

func (SentinelOnboardingStatesClient) CreatePreparer 

func (client SentinelOnboardingStatesClient) CreatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, sentinelOnboardingStateParameter *SentinelOnboardingState) (*http.Request, error)

CreatePreparer prepares the Create request.

func (SentinelOnboardingStatesClient) CreateResponder 

func (client SentinelOnboardingStatesClient) CreateResponder(resp *http.Response) (result SentinelOnboardingState, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (SentinelOnboardingStatesClient) CreateSender 

func (client SentinelOnboardingStatesClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (SentinelOnboardingStatesClient) Delete 

func (client SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string) (result autorest.Response, err error)

Delete delete Sentinel onboarding state Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sentinelOnboardingStateName - the Sentinel onboarding state name. Supports - default

func (SentinelOnboardingStatesClient) DeletePreparer 

func (client SentinelOnboardingStatesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (SentinelOnboardingStatesClient) DeleteResponder 

func (client SentinelOnboardingStatesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (SentinelOnboardingStatesClient) DeleteSender 

func (client SentinelOnboardingStatesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (SentinelOnboardingStatesClient) Get 

func (client SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string) (result SentinelOnboardingState, err error)

Get get Sentinel onboarding state Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sentinelOnboardingStateName - the Sentinel onboarding state name. Supports - default

func (SentinelOnboardingStatesClient) GetPreparer 

func (client SentinelOnboardingStatesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (SentinelOnboardingStatesClient) GetResponder 

func (client SentinelOnboardingStatesClient) GetResponder(resp *http.Response) (result SentinelOnboardingState, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (SentinelOnboardingStatesClient) GetSender 

func (client SentinelOnboardingStatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (SentinelOnboardingStatesClient) List 

func (client SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result SentinelOnboardingStatesList, err error)

List gets all Sentinel onboarding states Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (SentinelOnboardingStatesClient) ListPreparer 

func (client SentinelOnboardingStatesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (SentinelOnboardingStatesClient) ListResponder 

func (client SentinelOnboardingStatesClient) ListResponder(resp *http.Response) (result SentinelOnboardingStatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (SentinelOnboardingStatesClient) ListSender 

func (client SentinelOnboardingStatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type SentinelOnboardingStatesList 

type SentinelOnboardingStatesList struct {
	autorest.Response `json:"-"`
	// Value - Array of Sentinel onboarding states
	Value *[]SentinelOnboardingState `json:"value,omitempty"`
}

SentinelOnboardingStatesList list of the Sentinel onboarding states

type SettingList 

type SettingList struct {
	autorest.Response `json:"-"`
	// Value - Array of settings.
	Value *[]BasicSettings `json:"value,omitempty"`
}

SettingList list of all the settings.

func (*SettingList) UnmarshalJSON 

func (sl *SettingList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingList struct.

type SettingType 

type SettingType string

SettingType enumerates the values for setting type. 

const (
	// SettingTypeCopyableLabel ...
	SettingTypeCopyableLabel SettingType = "CopyableLabel"
	// SettingTypeInfoMessage ...
	SettingTypeInfoMessage SettingType = "InfoMessage"
	// SettingTypeInstructionStepsGroup ...
	SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup"
)

func PossibleSettingTypeValues 

func PossibleSettingTypeValues() []SettingType

PossibleSettingTypeValues returns an array of possible values for the SettingType const type.

type Settings 

type Settings struct {
	autorest.Response `json:"-"`
	// Kind - Possible values include: 'KindBasicSettingsKindSettings', 'KindBasicSettingsKindAnomalies', 'KindBasicSettingsKindEyesOn', 'KindBasicSettingsKindEntityAnalytics', 'KindBasicSettingsKindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Settings the Setting.

func (Settings) AsAnomalies 

func (s Settings) AsAnomalies() (*Anomalies, bool)

AsAnomalies is the BasicSettings implementation for Settings.

func (Settings) AsBasicSettings 

func (s Settings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Settings.

func (Settings) AsEntityAnalytics 

func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Settings.

func (Settings) AsEyesOn 

func (s Settings) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Settings.

func (Settings) AsSettings 

func (s Settings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Settings.

func (Settings) AsUeba 

func (s Settings) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Settings.

func (Settings) MarshalJSON 

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Settings.

type SettingsModel 

type SettingsModel struct {
	autorest.Response `json:"-"`
	Value             BasicSettings `json:"value,omitempty"`
}

SettingsModel ...

func (*SettingsModel) UnmarshalJSON 

func (sm *SettingsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingsModel struct.

type Sku 

type Sku struct {
	// Name - The kind of the tier. Possible values include: 'SkuKindPerGB', 'SkuKindCapacityReservation'
	Name SkuKind `json:"name,omitempty"`
	// CapacityReservationLevel - The amount of reservation level
	CapacityReservationLevel *int32 `json:"capacityReservationLevel,omitempty"`
}

Sku the pricing tier of the solution

type SkuKind 

type SkuKind string

SkuKind enumerates the values for sku kind. 

const (
	// SkuKindCapacityReservation ...
	SkuKindCapacityReservation SkuKind = "CapacityReservation"
	// SkuKindPerGB ...
	SkuKindPerGB SkuKind = "PerGB"
)

func PossibleSkuKindValues 

func PossibleSkuKindValues() []SkuKind

PossibleSkuKindValues returns an array of possible values for the SkuKind const type.

type Source 

type Source string

Source enumerates the values for source. 

const (
	// SourceLocalfile ...
	SourceLocalfile Source = "Local file"
	// SourceRemotestorage ...
	SourceRemotestorage Source = "Remote storage"
)

func PossibleSourceValues 

func PossibleSourceValues() []Source

PossibleSourceValues returns an array of possible values for the Source const type.

type SourceControl 

type SourceControl struct {
	autorest.Response `json:"-"`
	// SourceControlProperties - source control properties
	*SourceControlProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

SourceControl represents a SourceControl in Azure Security Insights.

func (SourceControl) MarshalJSON 

func (sc SourceControl) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SourceControl.

func (*SourceControl) UnmarshalJSON 

func (sc *SourceControl) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SourceControl struct.

type SourceControlClient 

type SourceControlClient struct {
	BaseClient
}

SourceControlClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewSourceControlClient 

func NewSourceControlClient(subscriptionID string) SourceControlClient

NewSourceControlClient creates an instance of the SourceControlClient client.

func NewSourceControlClientWithBaseURI 

func NewSourceControlClientWithBaseURI(baseURI string, subscriptionID string) SourceControlClient

NewSourceControlClientWithBaseURI creates an instance of the SourceControlClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (SourceControlClient) ListRepositories 

func (client SourceControlClient) ListRepositories(ctx context.Context, resourceGroupName string, workspaceName string, repoType RepoType) (result RepoListPage, err error)

ListRepositories gets a list of repositories metadata. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. repoType - the repo type.

func (SourceControlClient) ListRepositoriesComplete 

func (client SourceControlClient) ListRepositoriesComplete(ctx context.Context, resourceGroupName string, workspaceName string, repoType RepoType) (result RepoListIterator, err error)

ListRepositoriesComplete enumerates all values, automatically crossing page boundaries as required.

func (SourceControlClient) ListRepositoriesPreparer 

func (client SourceControlClient) ListRepositoriesPreparer(ctx context.Context, resourceGroupName string, workspaceName string, repoType RepoType) (*http.Request, error)

ListRepositoriesPreparer prepares the ListRepositories request.

func (SourceControlClient) ListRepositoriesResponder 

func (client SourceControlClient) ListRepositoriesResponder(resp *http.Response) (result RepoList, err error)

ListRepositoriesResponder handles the response to the ListRepositories request. The method always closes the http.Response Body.

func (SourceControlClient) ListRepositoriesSender 

func (client SourceControlClient) ListRepositoriesSender(req *http.Request) (*http.Response, error)

ListRepositoriesSender sends the ListRepositories request. The method will close the http.Response Body if it receives an error.

type SourceControlList 

type SourceControlList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of source controls.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of source controls.
	Value *[]SourceControl `json:"value,omitempty"`
}

SourceControlList list all the source controls.

func (SourceControlList) IsEmpty 

func (scl SourceControlList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (SourceControlList) MarshalJSON 

func (scl SourceControlList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SourceControlList.

type SourceControlListIterator 

type SourceControlListIterator struct {
	// contains filtered or unexported fields
}

SourceControlListIterator provides access to a complete listing of SourceControl values.

func NewSourceControlListIterator 

func NewSourceControlListIterator(page SourceControlListPage) SourceControlListIterator

Creates a new instance of the SourceControlListIterator type.

func (*SourceControlListIterator) Next 

func (iter *SourceControlListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*SourceControlListIterator) NextWithContext 

func (iter *SourceControlListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (SourceControlListIterator) NotDone 

func (iter SourceControlListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (SourceControlListIterator) Response 

func (iter SourceControlListIterator) Response() SourceControlList

Response returns the raw server response from the last page request.

func (SourceControlListIterator) Value 

func (iter SourceControlListIterator) Value() SourceControl

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type SourceControlListPage 

type SourceControlListPage struct {
	// contains filtered or unexported fields
}

SourceControlListPage contains a page of SourceControl values.

func NewSourceControlListPage 

func NewSourceControlListPage(cur SourceControlList, getNextPage func(context.Context, SourceControlList) (SourceControlList, error)) SourceControlListPage

Creates a new instance of the SourceControlListPage type.

func (*SourceControlListPage) Next 

func (page *SourceControlListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*SourceControlListPage) NextWithContext 

func (page *SourceControlListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (SourceControlListPage) NotDone 

func (page SourceControlListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (SourceControlListPage) Response 

func (page SourceControlListPage) Response() SourceControlList

Response returns the raw server response from the last page request.

func (SourceControlListPage) Values 

func (page SourceControlListPage) Values() []SourceControl

Values returns the slice of values for the current page or nil if there are no values.

type SourceControlProperties 

type SourceControlProperties struct {
	// ID - The id (a Guid) of the source control
	ID *string `json:"id,omitempty"`
	// DisplayName - The display name of the source control
	DisplayName *string `json:"displayName,omitempty"`
	// Description - A description of the source control
	Description *string `json:"description,omitempty"`
	// RepoType - The repository type of the source control. Possible values include: 'RepoTypeGithub', 'RepoTypeDevOps'
	RepoType RepoType `json:"repoType,omitempty"`
	// ContentTypes - Array of source control content types.
	ContentTypes *[]ContentType `json:"contentTypes,omitempty"`
	// Repository - Repository metadata.
	Repository *Repository `json:"repository,omitempty"`
}

SourceControlProperties describes source control properties

type SourceControlsClient 

type SourceControlsClient struct {
	BaseClient
}

SourceControlsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewSourceControlsClient 

func NewSourceControlsClient(subscriptionID string) SourceControlsClient

NewSourceControlsClient creates an instance of the SourceControlsClient client.

func NewSourceControlsClientWithBaseURI 

func NewSourceControlsClientWithBaseURI(baseURI string, subscriptionID string) SourceControlsClient

NewSourceControlsClientWithBaseURI creates an instance of the SourceControlsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (SourceControlsClient) Create 

func (client SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl) (result SourceControl, err error)

Create creates a source control. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sourceControlID - source control Id sourceControl - the SourceControl

func (SourceControlsClient) CreatePreparer 

func (client SourceControlsClient) CreatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl) (*http.Request, error)

CreatePreparer prepares the Create request.

func (SourceControlsClient) CreateResponder 

func (client SourceControlsClient) CreateResponder(resp *http.Response) (result SourceControl, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (SourceControlsClient) CreateSender 

func (client SourceControlsClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (SourceControlsClient) Delete 

func (client SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string) (result autorest.Response, err error)

Delete delete a source control. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sourceControlID - source control Id

func (SourceControlsClient) DeletePreparer 

func (client SourceControlsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (SourceControlsClient) DeleteResponder 

func (client SourceControlsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (SourceControlsClient) DeleteSender 

func (client SourceControlsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (SourceControlsClient) Get 

func (client SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string) (result SourceControl, err error)

Get gets a source control byt its identifier. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. sourceControlID - source control Id

func (SourceControlsClient) GetPreparer 

func (client SourceControlsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (SourceControlsClient) GetResponder 

func (client SourceControlsClient) GetResponder(resp *http.Response) (result SourceControl, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (SourceControlsClient) GetSender 

func (client SourceControlsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (SourceControlsClient) List 

func (client SourceControlsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result SourceControlListPage, err error)

List gets all source controls, without source control items. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (SourceControlsClient) ListComplete 

func (client SourceControlsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result SourceControlListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (SourceControlsClient) ListPreparer 

func (client SourceControlsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (SourceControlsClient) ListResponder 

func (client SourceControlsClient) ListResponder(resp *http.Response) (result SourceControlList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (SourceControlsClient) ListSender 

func (client SourceControlsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type SourceKind 

type SourceKind string

SourceKind enumerates the values for source kind. 

const (
	// SourceKindCommunity ...
	SourceKindCommunity SourceKind = "Community"
	// SourceKindLocalWorkspace ...
	SourceKindLocalWorkspace SourceKind = "LocalWorkspace"
	// SourceKindSolution ...
	SourceKindSolution SourceKind = "Solution"
	// SourceKindSourceRepository ...
	SourceKindSourceRepository SourceKind = "SourceRepository"
)

func PossibleSourceKindValues 

func PossibleSourceKindValues() []SourceKind

PossibleSourceKindValues returns an array of possible values for the SourceKind const type.

type SubmissionMailEntity 

type SubmissionMailEntity struct {
	// SubmissionMailEntityProperties - Submission mail entity properties
	*SubmissionMailEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

SubmissionMailEntity represents a submission mail entity.

func (SubmissionMailEntity) AsAccountEntity 

func (sme SubmissionMailEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsAzureResourceEntity 

func (sme SubmissionMailEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsBasicEntity 

func (sme SubmissionMailEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsCloudApplicationEntity 

func (sme SubmissionMailEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsDNSEntity 

func (sme SubmissionMailEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsEntity 

func (sme SubmissionMailEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsFileEntity 

func (sme SubmissionMailEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsFileHashEntity 

func (sme SubmissionMailEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsHostEntity 

func (sme SubmissionMailEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsHuntingBookmark 

func (sme SubmissionMailEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsIPEntity 

func (sme SubmissionMailEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsIoTDeviceEntity 

func (sme SubmissionMailEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsMailClusterEntity 

func (sme SubmissionMailEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsMailMessageEntity 

func (sme SubmissionMailEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsMailboxEntity 

func (sme SubmissionMailEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsMalwareEntity 

func (sme SubmissionMailEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsProcessEntity 

func (sme SubmissionMailEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsRegistryKeyEntity 

func (sme SubmissionMailEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsRegistryValueEntity 

func (sme SubmissionMailEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsSecurityAlert 

func (sme SubmissionMailEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsSecurityGroupEntity 

func (sme SubmissionMailEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsSubmissionMailEntity 

func (sme SubmissionMailEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) AsURLEntity 

func (sme SubmissionMailEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SubmissionMailEntity.

func (SubmissionMailEntity) MarshalJSON 

func (sme SubmissionMailEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SubmissionMailEntity.

func (*SubmissionMailEntity) UnmarshalJSON 

func (sme *SubmissionMailEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SubmissionMailEntity struct.

type SubmissionMailEntityProperties 

type SubmissionMailEntityProperties struct {
	// NetworkMessageID - READ-ONLY; The network message id of email to which submission belongs
	NetworkMessageID *uuid.UUID `json:"networkMessageId,omitempty"`
	// SubmissionID - READ-ONLY; The submission id
	SubmissionID *uuid.UUID `json:"submissionId,omitempty"`
	// Submitter - READ-ONLY; The submitter
	Submitter *string `json:"submitter,omitempty"`
	// SubmissionDate - READ-ONLY; The submission date
	SubmissionDate *date.Time `json:"submissionDate,omitempty"`
	// Timestamp - READ-ONLY; The Time stamp when the message is received (Mail)
	Timestamp *date.Time `json:"timestamp,omitempty"`
	// Recipient - READ-ONLY; The recipient of the mail
	Recipient *string `json:"recipient,omitempty"`
	// Sender - READ-ONLY; The sender of the mail
	Sender *string `json:"sender,omitempty"`
	// SenderIP - READ-ONLY; The sender's IP
	SenderIP *string `json:"senderIp,omitempty"`
	// Subject - READ-ONLY; The subject of submission mail
	Subject *string `json:"subject,omitempty"`
	// ReportType - READ-ONLY; The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
	ReportType *string `json:"reportType,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SubmissionMailEntityProperties submission mail entity property bag.

func (SubmissionMailEntityProperties) MarshalJSON 

func (smep SubmissionMailEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SubmissionMailEntityProperties.

type SupportTier 

type SupportTier string

SupportTier enumerates the values for support tier. 

const (
	// SupportTierCommunity ...
	SupportTierCommunity SupportTier = "Community"
	// SupportTierMicrosoft ...
	SupportTierMicrosoft SupportTier = "Microsoft"
	// SupportTierPartner ...
	SupportTierPartner SupportTier = "Partner"
)

func PossibleSupportTierValues 

func PossibleSupportTierValues() []SupportTier

PossibleSupportTierValues returns an array of possible values for the SupportTier const type.

type SystemData 

type SystemData struct {
	// CreatedBy - The identity that created the resource.
	CreatedBy *string `json:"createdBy,omitempty"`
	// CreatedByType - The type of identity that created the resource. Possible values include: 'CreatedByTypeUser', 'CreatedByTypeApplication', 'CreatedByTypeManagedIdentity', 'CreatedByTypeKey'
	CreatedByType CreatedByType `json:"createdByType,omitempty"`
	// CreatedAt - The timestamp of resource creation (UTC).
	CreatedAt *date.Time `json:"createdAt,omitempty"`
	// LastModifiedBy - The identity that last modified the resource.
	LastModifiedBy *string `json:"lastModifiedBy,omitempty"`
	// LastModifiedByType - The type of identity that last modified the resource. Possible values include: 'CreatedByTypeUser', 'CreatedByTypeApplication', 'CreatedByTypeManagedIdentity', 'CreatedByTypeKey'
	LastModifiedByType CreatedByType `json:"lastModifiedByType,omitempty"`
	// LastModifiedAt - The timestamp of resource last modification (UTC)
	LastModifiedAt *date.Time `json:"lastModifiedAt,omitempty"`
}

SystemData metadata pertaining to creation and last modification of the resource.

type TICheckRequirements 

type TICheckRequirements struct {
	// TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties
	*TICheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TICheckRequirements threat Intelligence Platforms data connector check requirements

func (TICheckRequirements) AsAADCheckRequirements 

func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAATPCheckRequirements 

func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsASCCheckRequirements 

func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAwsCloudTrailCheckRequirements 

func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAwsS3CheckRequirements 

func (tcr TICheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsDataConnectorsCheckRequirements 

func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsDynamics365CheckRequirements 

func (tcr TICheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMCASCheckRequirements 

func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMDATPCheckRequirements 

func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMSTICheckRequirements 

func (tcr TICheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMtpCheckRequirements 

func (tcr TICheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsOfficeATPCheckRequirements 

func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsOfficeIRMCheckRequirements 

func (tcr TICheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTICheckRequirements 

func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTiTaxiiCheckRequirements 

func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) MarshalJSON 

func (tcr TICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TICheckRequirements.

func (*TICheckRequirements) UnmarshalJSON 

func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct.

type TICheckRequirementsProperties 

type TICheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TICheckRequirementsProperties threat Intelligence Platforms data connector required properties.

type TIDataConnector 

type TIDataConnector struct {
	// TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.
	*TIDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

TIDataConnector represents threat intelligence data connector.

func (TIDataConnector) AsAADDataConnector 

func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAATPDataConnector 

func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsASCDataConnector 

func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsCloudTrailDataConnector 

func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsS3DataConnector 

func (tdc TIDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsBasicDataConnector 

func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsCodelessAPIPollingDataConnector 

func (tdc TIDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsCodelessUIDataConnector 

func (tdc TIDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDataConnector 

func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDynamics365DataConnector 

func (tdc TIDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMCASDataConnector 

func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMDATPDataConnector 

func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMSTIDataConnector 

func (tdc TIDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMTPDataConnector 

func (tdc TIDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeATPDataConnector 

func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeDataConnector 

func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeIRMDataConnector 

func (tdc TIDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTIDataConnector 

func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTiTaxiiDataConnector 

func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (tdc TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// Indicators - Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators data type for indicators connection.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// TipLookbackPeriod - The lookback period for the feed to be imported.
	TipLookbackPeriod *date.Time `json:"tipLookbackPeriod,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TIDataConnectorProperties TI (Threat Intelligence) data connector properties.

type TeamInformation 

type TeamInformation struct {
	autorest.Response `json:"-"`
	// TeamID - READ-ONLY; Team ID
	TeamID *string `json:"teamId,omitempty"`
	// PrimaryChannelURL - READ-ONLY; The primary channel URL of the team
	PrimaryChannelURL *string `json:"primaryChannelUrl,omitempty"`
	// TeamCreationTimeUtc - READ-ONLY; The time the team was created
	TeamCreationTimeUtc *date.Time `json:"teamCreationTimeUtc,omitempty"`
	// Name - READ-ONLY; The name of the team
	Name *string `json:"name,omitempty"`
	// Description - READ-ONLY; The description of the team
	Description *string `json:"description,omitempty"`
}

TeamInformation describes team information

func (TeamInformation) MarshalJSON 

func (ti TeamInformation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TeamInformation.

type TeamProperties 

type TeamProperties struct {
	// TeamName - The name of the team
	TeamName *string `json:"teamName,omitempty"`
	// TeamDescription - The description of the team
	TeamDescription *string `json:"teamDescription,omitempty"`
	// MemberIds - List of member IDs to add to the team
	MemberIds *[]uuid.UUID `json:"memberIds,omitempty"`
	// GroupIds - List of group IDs to add their members to the team
	GroupIds *[]uuid.UUID `json:"groupIds,omitempty"`
}

TeamProperties describes team properties

type TemplateStatus 

type TemplateStatus string

TemplateStatus enumerates the values for template status. 

const (
	// TemplateStatusAvailable Alert rule template is available.
	TemplateStatusAvailable TemplateStatus = "Available"
	// TemplateStatusInstalled Alert rule template installed. and can not use more then once
	TemplateStatusInstalled TemplateStatus = "Installed"
	// TemplateStatusNotAvailable Alert rule template is not available
	TemplateStatusNotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// Confidence - READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty"`
	// ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty"`
	// ReportLink - READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty"`
	// ThreatDescription - READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty"`
	// ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty"`
	// ThreatType - READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty"`
}

ThreatIntelligence threatIntelligence property bag.

func (ThreatIntelligence) MarshalJSON 

func (ti ThreatIntelligence) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligence.

type ThreatIntelligenceAlertRule 

type ThreatIntelligenceAlertRule struct {
	// ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule properties
	*ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleKindAlertRule', 'KindBasicAlertRuleKindMLBehaviorAnalytics', 'KindBasicAlertRuleKindFusion', 'KindBasicAlertRuleKindThreatIntelligence', 'KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleKindScheduled', 'KindBasicAlertRuleKindNRT'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ThreatIntelligenceAlertRule represents Threat Intelligence alert rule.

func (ThreatIntelligenceAlertRule) AsAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsBasicAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsFusionAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsMLBehaviorAnalyticsAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsMLBehaviorAnalyticsAlertRule() (*MLBehaviorAnalyticsAlertRule, bool)

AsMLBehaviorAnalyticsAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsNrtAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsNrtAlertRule() (*NrtAlertRule, bool)

AsNrtAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsScheduledAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) AsThreatIntelligenceAlertRule 

func (tiar ThreatIntelligenceAlertRule) AsThreatIntelligenceAlertRule() (*ThreatIntelligenceAlertRule, bool)

AsThreatIntelligenceAlertRule is the BasicAlertRule implementation for ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) MarshalJSON 

func (tiar ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceAlertRule.

func (*ThreatIntelligenceAlertRule) UnmarshalJSON 

func (tiar *ThreatIntelligenceAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceAlertRule struct.

type ThreatIntelligenceAlertRuleProperties 

type ThreatIntelligenceAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

ThreatIntelligenceAlertRuleProperties threat Intelligence alert rule base property bag.

func (ThreatIntelligenceAlertRuleProperties) MarshalJSON 

func (tiarp ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceAlertRuleProperties.

type ThreatIntelligenceAlertRuleTemplate 

type ThreatIntelligenceAlertRuleTemplate struct {
	// ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties
	*ThreatIntelligenceAlertRuleTemplateProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindMLBehaviorAnalytics', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindThreatIntelligence', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled', 'KindBasicAlertRuleTemplateKindNRT'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

ThreatIntelligenceAlertRuleTemplate represents Threat Intelligence alert rule template.

func (ThreatIntelligenceAlertRuleTemplate) AsAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsMLBehaviorAnalyticsAlertRuleTemplate() (*MLBehaviorAnalyticsAlertRuleTemplate, bool)

AsMLBehaviorAnalyticsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsNrtAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsNrtAlertRuleTemplate() (*NrtAlertRuleTemplate, bool)

AsNrtAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate 

func (tiart ThreatIntelligenceAlertRuleTemplate) AsThreatIntelligenceAlertRuleTemplate() (*ThreatIntelligenceAlertRuleTemplate, bool)

AsThreatIntelligenceAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) MarshalJSON 

func (tiart ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceAlertRuleTemplate.

func (*ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON 

func (tiart *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceAlertRuleTemplate struct.

type ThreatIntelligenceAlertRuleTemplateProperties 

type ThreatIntelligenceAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'AlertSeverityHigh', 'AlertSeverityMedium', 'AlertSeverityLow', 'AlertSeverityInformational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// LastUpdatedDateUTC - READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *date.Time `json:"lastUpdatedDateUTC,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'TemplateStatusInstalled', 'TemplateStatusAvailable', 'TemplateStatusNotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

ThreatIntelligenceAlertRuleTemplateProperties threat Intelligence alert rule template properties

func (ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON 

func (tiart ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceAlertRuleTemplateProperties.

type ThreatIntelligenceAppendTags 

type ThreatIntelligenceAppendTags struct {
	// ThreatIntelligenceTags - List of tags to be appended.
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
}

ThreatIntelligenceAppendTags array of tags to be appended to the threat intelligence indicator.

type ThreatIntelligenceExternalReference 

type ThreatIntelligenceExternalReference struct {
	// Description - External reference description
	Description *string `json:"description,omitempty"`
	// ExternalID - External reference ID
	ExternalID *string `json:"externalId,omitempty"`
	// SourceName - External reference source name
	SourceName *string `json:"sourceName,omitempty"`
	// URL - External reference URL
	URL *string `json:"url,omitempty"`
	// Hashes - External reference hashes
	Hashes map[string]*string `json:"hashes"`
}

ThreatIntelligenceExternalReference describes external reference

func (ThreatIntelligenceExternalReference) MarshalJSON 

func (tier ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceExternalReference.

type ThreatIntelligenceFilteringCriteria 

type ThreatIntelligenceFilteringCriteria struct {
	// PageSize - Page size
	PageSize *int32 `json:"pageSize,omitempty"`
	// MinConfidence - Minimum confidence.
	MinConfidence *int32 `json:"minConfidence,omitempty"`
	// MaxConfidence - Maximum confidence.
	MaxConfidence *int32 `json:"maxConfidence,omitempty"`
	// MinValidUntil - Start time for ValidUntil filter.
	MinValidUntil *string `json:"minValidUntil,omitempty"`
	// MaxValidUntil - End time for ValidUntil filter.
	MaxValidUntil *string `json:"maxValidUntil,omitempty"`
	// IncludeDisabled - Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool `json:"includeDisabled,omitempty"`
	// SortBy - Columns to sort by and sorting order
	SortBy *[]ThreatIntelligenceSortingCriteria `json:"sortBy,omitempty"`
	// Sources - Sources of threat intelligence indicators
	Sources *[]string `json:"sources,omitempty"`
	// PatternTypes - Pattern types
	PatternTypes *[]string `json:"patternTypes,omitempty"`
	// ThreatTypes - Threat types of threat intelligence indicators
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// Ids - Ids of threat intelligence indicators
	Ids *[]string `json:"ids,omitempty"`
	// Keywords - Keywords for searching threat intelligence indicators
	Keywords *[]string `json:"keywords,omitempty"`
	// SkipToken - Skip token.
	SkipToken *string `json:"skipToken,omitempty"`
}

ThreatIntelligenceFilteringCriteria filtering criteria for querying threat intelligence indicators.

type ThreatIntelligenceGranularMarkingModel 

type ThreatIntelligenceGranularMarkingModel struct {
	// Language - Language granular marking model
	Language *string `json:"language,omitempty"`
	// MarkingRef - marking reference granular marking model
	MarkingRef *int32 `json:"markingRef,omitempty"`
	// Selectors - granular marking model selectors
	Selectors *[]string `json:"selectors,omitempty"`
}

ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity

type ThreatIntelligenceIndicatorClient 

type ThreatIntelligenceIndicatorClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorClient 

func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client.

func NewThreatIntelligenceIndicatorClientWithBaseURI 

func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorClient) AppendTags 

func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (result autorest.Response, err error)

AppendTags append tags to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceAppendTags - the threat intelligence append tags request body

func (ThreatIntelligenceIndicatorClient) AppendTagsPreparer 

func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (*http.Request, error)

AppendTagsPreparer prepares the AppendTags request.

func (ThreatIntelligenceIndicatorClient) AppendTagsResponder 

func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error)

AppendTagsResponder handles the response to the AppendTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) AppendTagsSender 

func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error)

AppendTagsSender sends the AppendTags request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Create 

func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

Create update a threat Intelligence indicator. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicator 

func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

CreateIndicator create a new threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreateIndicatorPreparer prepares the CreateIndicator request.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorResponder 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateIndicatorResponder handles the response to the CreateIndicator request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorSender 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error)

CreateIndicatorSender sends the CreateIndicator request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) CreatePreparer 

func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreatePreparer prepares the Create request.

func (ThreatIntelligenceIndicatorClient) CreateResponder 

func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateSender 

func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Delete 

func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, name string) (result autorest.Response, err error)

Delete delete a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) DeletePreparer 

func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, name string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ThreatIntelligenceIndicatorClient) DeleteResponder 

func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) DeleteSender 

func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Get 

func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, name string) (result ThreatIntelligenceInformationModel, err error)

Get view a threat intelligence indicator by name. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) GetPreparer 

func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, name string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ThreatIntelligenceIndicatorClient) GetResponder 

func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) GetSender 

func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) QueryIndicators 

func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListPage, err error)

QueryIndicators query threat intelligence indicators as per filtering criteria. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. threatIntelligenceFilteringCriteria - filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListIterator, err error)

QueryIndicatorsComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (*http.Request, error)

QueryIndicatorsPreparer prepares the QueryIndicators request.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)

QueryIndicatorsResponder handles the response to the QueryIndicators request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsSender 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error)

QueryIndicatorsSender sends the QueryIndicators request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) ReplaceTags 

func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

ReplaceTags replace tags added to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceReplaceTags - tags in the threat intelligence indicator to be replaced.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

ReplaceTagsPreparer prepares the ReplaceTags request.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsResponder 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

ReplaceTagsResponder handles the response to the ReplaceTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsSender 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error)

ReplaceTagsSender sends the ReplaceTags request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorMetricsClient 

type ThreatIntelligenceIndicatorMetricsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorMetricsClient 

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient client.

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI 

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorMetricsClient) List 

func (client ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result ThreatIntelligenceMetricsList, err error)

List get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (ThreatIntelligenceIndicatorMetricsClient) ListPreparer 

func (client ThreatIntelligenceIndicatorMetricsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorMetricsClient) ListResponder 

func (client ThreatIntelligenceIndicatorMetricsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceMetricsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorMetricsClient) ListSender 

func (client ThreatIntelligenceIndicatorMetricsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorModel 

type ThreatIntelligenceIndicatorModel struct {
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation', 'KindBasicThreatIntelligenceInformationKindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModel threat intelligence indicator entity.

func (ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation 

func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel 

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation 

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) MarshalJSON 

func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON 

func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct.

type ThreatIntelligenceIndicatorModelForRequestBody 

type ThreatIntelligenceIndicatorModelForRequestBody struct {
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModelForRequestBody threat intelligence indicator entity used in request body.

func (ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON 

func (tiimfrb ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModelForRequestBody.

func (*ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON 

func (tiimfrb *ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModelForRequestBody struct.

type ThreatIntelligenceIndicatorProperties 

type ThreatIntelligenceIndicatorProperties struct {
	// ThreatIntelligenceTags - List of tags
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
	// LastUpdatedTimeUtc - Last updated time in UTC
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// Source - Source of a threat intelligence entity
	Source *string `json:"source,omitempty"`
	// DisplayName - Display name of a threat intelligence entity
	DisplayName *string `json:"displayName,omitempty"`
	// Description - Description of a threat intelligence entity
	Description *string `json:"description,omitempty"`
	// IndicatorTypes - Indicator types of threat intelligence entities
	IndicatorTypes *[]string `json:"indicatorTypes,omitempty"`
	// Pattern - Pattern of a threat intelligence entity
	Pattern *string `json:"pattern,omitempty"`
	// PatternType - Pattern type of a threat intelligence entity
	PatternType *string `json:"patternType,omitempty"`
	// PatternVersion - Pattern version of a threat intelligence entity
	PatternVersion *string `json:"patternVersion,omitempty"`
	// KillChainPhases - Kill chain phases
	KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"`
	// ParsedPattern - Parsed patterns
	ParsedPattern *[]ThreatIntelligenceParsedPattern `json:"parsedPattern,omitempty"`
	// ExternalID - External ID of threat intelligence entity
	ExternalID *string `json:"externalId,omitempty"`
	// CreatedByRef - Created by reference of threat intelligence entity
	CreatedByRef *string `json:"createdByRef,omitempty"`
	// Defanged - Is threat intelligence entity defanged
	Defanged *bool `json:"defanged,omitempty"`
	// ExternalLastUpdatedTimeUtc - External last updated time in UTC
	ExternalLastUpdatedTimeUtc *string `json:"externalLastUpdatedTimeUtc,omitempty"`
	// ExternalReferences - External References
	ExternalReferences *[]ThreatIntelligenceExternalReference `json:"externalReferences,omitempty"`
	// GranularMarkings - Granular Markings
	GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"`
	// Labels - Labels  of threat intelligence entity
	Labels *[]string `json:"labels,omitempty"`
	// Revoked - Is threat intelligence entity revoked
	Revoked *bool `json:"revoked,omitempty"`
	// Confidence - Confidence of threat intelligence entity
	Confidence *int32 `json:"confidence,omitempty"`
	// ObjectMarkingRefs - Threat intelligence entity object marking references
	ObjectMarkingRefs *[]string `json:"objectMarkingRefs,omitempty"`
	// Language - Language of threat intelligence entity
	Language *string `json:"language,omitempty"`
	// ThreatTypes - Threat types
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// ValidFrom - Valid from
	ValidFrom *string `json:"validFrom,omitempty"`
	// ValidUntil - Valid until
	ValidUntil *string `json:"validUntil,omitempty"`
	// Created - Created by
	Created *string `json:"created,omitempty"`
	// Modified - Modified by
	Modified *string `json:"modified,omitempty"`
	// Extensions - Extensions map
	Extensions map[string]interface{} `json:"extensions"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON 

func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient 

type ThreatIntelligenceIndicatorsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorsClient 

func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client.

func NewThreatIntelligenceIndicatorsClientWithBaseURI 

func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorsClient) List 

func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result ThreatIntelligenceInformationListPage, err error)

List get all threat intelligence indicators. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (ThreatIntelligenceIndicatorsClient) ListComplete 

func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result ThreatIntelligenceInformationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorsClient) ListPreparer 

func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorsClient) ListResponder 

func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorsClient) ListSender 

func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceInformation 

type ThreatIntelligenceInformation struct {
	autorest.Response `json:"-"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation', 'KindBasicThreatIntelligenceInformationKindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceInformation threat intelligence information object.

func (ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation 

func (tii ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel 

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceInformation 

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) MarshalJSON 

func (tii ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformation.

type ThreatIntelligenceInformationList 

type ThreatIntelligenceInformationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of threat intelligence information objects.
	Value *[]BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationList list of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) IsEmpty 

func (tiil ThreatIntelligenceInformationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ThreatIntelligenceInformationList) MarshalJSON 

func (tiil ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformationList.

func (*ThreatIntelligenceInformationList) UnmarshalJSON 

func (tiil *ThreatIntelligenceInformationList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationList struct.

type ThreatIntelligenceInformationListIterator 

type ThreatIntelligenceInformationListIterator struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListIterator provides access to a complete listing of ThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListIterator 

func NewThreatIntelligenceInformationListIterator(page ThreatIntelligenceInformationListPage) ThreatIntelligenceInformationListIterator

Creates a new instance of the ThreatIntelligenceInformationListIterator type.

func (*ThreatIntelligenceInformationListIterator) Next 

func (iter *ThreatIntelligenceInformationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListIterator) NextWithContext 

func (iter *ThreatIntelligenceInformationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ThreatIntelligenceInformationListIterator) NotDone 

func (iter ThreatIntelligenceInformationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListIterator) Response 

func (iter ThreatIntelligenceInformationListIterator) Response() ThreatIntelligenceInformationList

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListIterator) Value 

func (iter ThreatIntelligenceInformationListIterator) Value() BasicThreatIntelligenceInformation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ThreatIntelligenceInformationListPage 

type ThreatIntelligenceInformationListPage struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListPage contains a page of BasicThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListPage 

func NewThreatIntelligenceInformationListPage(cur ThreatIntelligenceInformationList, getNextPage func(context.Context, ThreatIntelligenceInformationList) (ThreatIntelligenceInformationList, error)) ThreatIntelligenceInformationListPage

Creates a new instance of the ThreatIntelligenceInformationListPage type.

func (*ThreatIntelligenceInformationListPage) Next 

func (page *ThreatIntelligenceInformationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListPage) NextWithContext 

func (page *ThreatIntelligenceInformationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ThreatIntelligenceInformationListPage) NotDone 

func (page ThreatIntelligenceInformationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListPage) Response 

func (page ThreatIntelligenceInformationListPage) Response() ThreatIntelligenceInformationList

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListPage) Values 

func (page ThreatIntelligenceInformationListPage) Values() []BasicThreatIntelligenceInformation

Values returns the slice of values for the current page or nil if there are no values.

type ThreatIntelligenceInformationModel 

type ThreatIntelligenceInformationModel struct {
	autorest.Response `json:"-"`
	Value             BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationModel ...

func (*ThreatIntelligenceInformationModel) UnmarshalJSON 

func (tiim *ThreatIntelligenceInformationModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationModel struct.

type ThreatIntelligenceKillChainPhase 

type ThreatIntelligenceKillChainPhase struct {
	// KillChainName - Kill chainName name
	KillChainName *string `json:"killChainName,omitempty"`
	// PhaseName - Phase name
	PhaseName *string `json:"phaseName,omitempty"`
}

ThreatIntelligenceKillChainPhase describes threat kill chain phase entity

type ThreatIntelligenceMetric 

type ThreatIntelligenceMetric struct {
	// LastUpdatedTimeUtc - Last updated indicator metric
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// ThreatTypeMetrics - Threat type metrics
	ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"`
	// PatternTypeMetrics - Pattern type metrics
	PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"`
	// SourceMetrics - Source metrics
	SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"`
}

ThreatIntelligenceMetric describes threat intelligence metric

type ThreatIntelligenceMetricEntity 

type ThreatIntelligenceMetricEntity struct {
	// MetricName - Metric name
	MetricName *string `json:"metricName,omitempty"`
	// MetricValue - Metric value
	MetricValue *int32 `json:"metricValue,omitempty"`
}

ThreatIntelligenceMetricEntity describes threat intelligence metric entity

type ThreatIntelligenceMetrics 

type ThreatIntelligenceMetrics struct {
	// Properties - Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric `json:"properties,omitempty"`
}

ThreatIntelligenceMetrics threat intelligence metrics.

type ThreatIntelligenceMetricsList 

type ThreatIntelligenceMetricsList struct {
	autorest.Response `json:"-"`
	// Value - Array of threat intelligence metric fields (type/threat type/source).
	Value *[]ThreatIntelligenceMetrics `json:"value,omitempty"`
}

ThreatIntelligenceMetricsList list of all the threat intelligence metric fields (type/threat type/source).

type ThreatIntelligenceParsedPattern 

type ThreatIntelligenceParsedPattern struct {
	// PatternTypeKey - Pattern type key
	PatternTypeKey *string `json:"patternTypeKey,omitempty"`
	// PatternTypeValues - Pattern type keys
	PatternTypeValues *[]ThreatIntelligenceParsedPatternTypeValue `json:"patternTypeValues,omitempty"`
}

ThreatIntelligenceParsedPattern describes parsed pattern entity

type ThreatIntelligenceParsedPatternTypeValue 

type ThreatIntelligenceParsedPatternTypeValue struct {
	// ValueType - Type of the value
	ValueType *string `json:"valueType,omitempty"`
	// Value - Value of parsed pattern
	Value *string `json:"value,omitempty"`
}

ThreatIntelligenceParsedPatternTypeValue describes threat kill chain phase entity

type ThreatIntelligenceResourceKind 

type ThreatIntelligenceResourceKind struct {
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceResourceKind describes an entity with kind.

type ThreatIntelligenceResourceKindEnum 

type ThreatIntelligenceResourceKindEnum string

ThreatIntelligenceResourceKindEnum enumerates the values for threat intelligence resource kind enum. 

const (
	// ThreatIntelligenceResourceKindEnumIndicator Entity represents threat intelligence indicator in the
	// system.
	ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator"
)

func PossibleThreatIntelligenceResourceKindEnumValues 

func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum

PossibleThreatIntelligenceResourceKindEnumValues returns an array of possible values for the ThreatIntelligenceResourceKindEnum const type.

type ThreatIntelligenceSortingCriteria 

type ThreatIntelligenceSortingCriteria struct {
	// ItemKey - Column name
	ItemKey *string `json:"itemKey,omitempty"`
	// SortOrder - Sorting order (ascending/descending/unsorted). Possible values include: 'ThreatIntelligenceSortingCriteriaEnumUnsorted', 'ThreatIntelligenceSortingCriteriaEnumAscending', 'ThreatIntelligenceSortingCriteriaEnumDescending'
	SortOrder ThreatIntelligenceSortingCriteriaEnum `json:"sortOrder,omitempty"`
}

ThreatIntelligenceSortingCriteria list of available columns for sorting

type ThreatIntelligenceSortingCriteriaEnum 

type ThreatIntelligenceSortingCriteriaEnum string

ThreatIntelligenceSortingCriteriaEnum enumerates the values for threat intelligence sorting criteria enum. 

const (
	// ThreatIntelligenceSortingCriteriaEnumAscending ...
	ThreatIntelligenceSortingCriteriaEnumAscending ThreatIntelligenceSortingCriteriaEnum = "ascending"
	// ThreatIntelligenceSortingCriteriaEnumDescending ...
	ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending"
	// ThreatIntelligenceSortingCriteriaEnumUnsorted ...
	ThreatIntelligenceSortingCriteriaEnumUnsorted ThreatIntelligenceSortingCriteriaEnum = "unsorted"
)

func PossibleThreatIntelligenceSortingCriteriaEnumValues 

func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum

PossibleThreatIntelligenceSortingCriteriaEnumValues returns an array of possible values for the ThreatIntelligenceSortingCriteriaEnum const type.

type TiTaxiiCheckRequirements 

type TiTaxiiCheckRequirements struct {
	// TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties.
	*TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3', 'KindBasicDataConnectorsCheckRequirementsKindDynamics365', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindOfficeIRM', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements

func (TiTaxiiCheckRequirements) AsAADCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsASCCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAwsS3CheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAwsS3CheckRequirements() (*AwsS3CheckRequirements, bool)

AsAwsS3CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsDynamics365CheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsDynamics365CheckRequirements() (*Dynamics365CheckRequirements, bool)

AsDynamics365CheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMCASCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMDATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMSTICheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMSTICheckRequirements() (*MSTICheckRequirements, bool)

AsMSTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMtpCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMtpCheckRequirements() (*MtpCheckRequirements, bool)

AsMtpCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsOfficeIRMCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsOfficeIRMCheckRequirements() (*OfficeIRMCheckRequirements, bool)

AsOfficeIRMCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTICheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) MarshalJSON 

func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements.

func (*TiTaxiiCheckRequirements) UnmarshalJSON 

func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct.

type TiTaxiiCheckRequirementsProperties 

type TiTaxiiCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties.

type TiTaxiiDataConnector 

type TiTaxiiDataConnector struct {
	// TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties.
	*TiTaxiiDataConnectorProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorKindDataConnector', 'KindBasicDataConnectorKindAzureActiveDirectory', 'KindBasicDataConnectorKindMicrosoftThreatIntelligence', 'KindBasicDataConnectorKindMicrosoftThreatProtection', 'KindBasicDataConnectorKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorKindAzureSecurityCenter', 'KindBasicDataConnectorKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorKindAmazonWebServicesS3', 'KindBasicDataConnectorKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorKindDynamics365', 'KindBasicDataConnectorKindOfficeATP', 'KindBasicDataConnectorKindOfficeIRM', 'KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorKindOffice365', 'KindBasicDataConnectorKindThreatIntelligence', 'KindBasicDataConnectorKindThreatIntelligenceTaxii', 'KindBasicDataConnectorKindGenericUI', 'KindBasicDataConnectorKindAPIPolling'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server

func (TiTaxiiDataConnector) AsAADDataConnector 

func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsASCDataConnector 

func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAwsCloudTrailDataConnector 

func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAwsS3DataConnector 

func (ttdc TiTaxiiDataConnector) AsAwsS3DataConnector() (*AwsS3DataConnector, bool)

AsAwsS3DataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsBasicDataConnector 

func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsCodelessAPIPollingDataConnector 

func (ttdc TiTaxiiDataConnector) AsCodelessAPIPollingDataConnector() (*CodelessAPIPollingDataConnector, bool)

AsCodelessAPIPollingDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsCodelessUIDataConnector 

func (ttdc TiTaxiiDataConnector) AsCodelessUIDataConnector() (*CodelessUIDataConnector, bool)

AsCodelessUIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsDataConnector 

func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsDynamics365DataConnector 

func (ttdc TiTaxiiDataConnector) AsDynamics365DataConnector() (*Dynamics365DataConnector, bool)

AsDynamics365DataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMCASDataConnector 

func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMDATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMSTIDataConnector 

func (ttdc TiTaxiiDataConnector) AsMSTIDataConnector() (*MSTIDataConnector, bool)

AsMSTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMTPDataConnector 

func (ttdc TiTaxiiDataConnector) AsMTPDataConnector() (*MTPDataConnector, bool)

AsMTPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeDataConnector 

func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeIRMDataConnector 

func (ttdc TiTaxiiDataConnector) AsOfficeIRMDataConnector() (*OfficeIRMDataConnector, bool)

AsOfficeIRMDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTIDataConnector 

func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTiTaxiiDataConnector 

func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) MarshalJSON 

func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiDataConnector.

func (*TiTaxiiDataConnector) UnmarshalJSON 

func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct.

type TiTaxiiDataConnectorDataTypes 

type TiTaxiiDataConnectorDataTypes struct {
	// TaxiiClient - Data type for TAXII connector.
	TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"`
}

TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector.

type TiTaxiiDataConnectorDataTypesTaxiiClient 

type TiTaxiiDataConnectorDataTypesTaxiiClient struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'DataTypeStateEnabled', 'DataTypeStateDisabled'
	State DataTypeState `json:"state,omitempty"`
}

TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector.

type TiTaxiiDataConnectorProperties 

type TiTaxiiDataConnectorProperties struct {
	// WorkspaceID - The workspace id.
	WorkspaceID *string `json:"workspaceId,omitempty"`
	// FriendlyName - The friendly name for the TAXII server.
	FriendlyName *string `json:"friendlyName,omitempty"`
	// TaxiiServer - The API root for the TAXII server.
	TaxiiServer *string `json:"taxiiServer,omitempty"`
	// CollectionID - The collection id of the TAXII server.
	CollectionID *string `json:"collectionId,omitempty"`
	// UserName - The userName for the TAXII server.
	UserName *string `json:"userName,omitempty"`
	// Password - The password for the TAXII server.
	Password *string `json:"password,omitempty"`
	// TaxiiLookbackPeriod - The lookback period for the TAXII server.
	TaxiiLookbackPeriod *date.Time `json:"taxiiLookbackPeriod,omitempty"`
	// PollingFrequency - The polling frequency for the TAXII server. Possible values include: 'PollingFrequencyOnceAMinute', 'PollingFrequencyOnceAnHour', 'PollingFrequencyOnceADay'
	PollingFrequency PollingFrequency `json:"pollingFrequency,omitempty"`
	// DataTypes - The available data types for Threat Intelligence TAXII data connector.
	DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties.

type TimelineAggregation 

type TimelineAggregation struct {
	// Count - the total items found for a kind
	Count *int32 `json:"count,omitempty"`
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
}

TimelineAggregation timeline aggregation information per kind

type TimelineError 

type TimelineError struct {
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
	// QueryID - the query id
	QueryID *string `json:"queryId,omitempty"`
	// ErrorMessage - the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`
}

TimelineError timeline Query Errors.

type TimelineResultsMetadata 

type TimelineResultsMetadata struct {
	// TotalCount - the total items found for the timeline request
	TotalCount *int32 `json:"totalCount,omitempty"`
	// Aggregations - timeline aggregation per kind
	Aggregations *[]TimelineAggregation `json:"aggregations,omitempty"`
	// Errors - information about the failure queries
	Errors *[]TimelineError `json:"errors,omitempty"`
}

TimelineResultsMetadata expansion result metadata.

type TrackedResource 

type TrackedResource struct {
	// Tags - Resource tags.
	Tags map[string]*string `json:"tags"`
	// Location - The geo-location where the resource lives
	Location *string `json:"location,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

TrackedResource the resource model definition for an Azure Resource Manager tracked top level resource which has 'tags' and a 'location'

func (TrackedResource) MarshalJSON 

func (tr TrackedResource) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TrackedResource.

type TriggerOperator 

type TriggerOperator string

TriggerOperator enumerates the values for trigger operator. 

const (
	// TriggerOperatorEqual ...
	TriggerOperatorEqual TriggerOperator = "Equal"
	// TriggerOperatorGreaterThan ...
	TriggerOperatorGreaterThan TriggerOperator = "GreaterThan"
	// TriggerOperatorLessThan ...
	TriggerOperatorLessThan TriggerOperator = "LessThan"
	// TriggerOperatorNotEqual ...
	TriggerOperatorNotEqual TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.

type URLEntity 

type URLEntity struct {
	// URLEntityProperties - Url entity properties
	*URLEntityProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityKindEntity', 'KindBasicEntityKindURL', 'KindBasicEntityKindSubmissionMail', 'KindBasicEntityKindSecurityGroup', 'KindBasicEntityKindSecurityAlert', 'KindBasicEntityKindRegistryValue', 'KindBasicEntityKindRegistryKey', 'KindBasicEntityKindProcess', 'KindBasicEntityKindMalware', 'KindBasicEntityKindMailMessage', 'KindBasicEntityKindMailCluster', 'KindBasicEntityKindMailbox', 'KindBasicEntityKindIP', 'KindBasicEntityKindIoTDevice', 'KindBasicEntityKindBookmark', 'KindBasicEntityKindHost', 'KindBasicEntityKindFileHash', 'KindBasicEntityKindFile', 'KindBasicEntityKindDNSResolution', 'KindBasicEntityKindCloudApplication', 'KindBasicEntityKindAzureResource', 'KindBasicEntityKindAccount'
	Kind KindBasicEntity `json:"kind,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

URLEntity represents a url entity.

func (URLEntity) AsAccountEntity 

func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsAzureResourceEntity 

func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsBasicEntity 

func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsCloudApplicationEntity 

func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsDNSEntity 

func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsEntity 

func (ue URLEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileEntity 

func (ue URLEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileHashEntity 

func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHostEntity 

func (ue URLEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHuntingBookmark 

func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIPEntity 

func (ue URLEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIoTDeviceEntity 

func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMailClusterEntity 

func (ue URLEntity) AsMailClusterEntity() (*MailClusterEntity, bool)

AsMailClusterEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMailMessageEntity 

func (ue URLEntity) AsMailMessageEntity() (*MailMessageEntity, bool)

AsMailMessageEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMailboxEntity 

func (ue URLEntity) AsMailboxEntity() (*MailboxEntity, bool)

AsMailboxEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMalwareEntity 

func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsProcessEntity 

func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryKeyEntity 

func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryValueEntity 

func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityAlert 

func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityGroupEntity 

func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSubmissionMailEntity 

func (ue URLEntity) AsSubmissionMailEntity() (*SubmissionMailEntity, bool)

AsSubmissionMailEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsURLEntity 

func (ue URLEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) MarshalJSON 

func (ue URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntity.

func (*URLEntity) UnmarshalJSON 

func (ue *URLEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for URLEntity struct.

type URLEntityProperties 

type URLEntityProperties struct {
	// URL - READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

URLEntityProperties url entity property bag.

func (URLEntityProperties) MarshalJSON 

func (uep URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntityProperties.

type Ueba 

type Ueba struct {
	// UebaProperties - Ueba properties
	*UebaProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicSettingsKindSettings', 'KindBasicSettingsKindAnomalies', 'KindBasicSettingsKindEyesOn', 'KindBasicSettingsKindEntityAnalytics', 'KindBasicSettingsKindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Ueba settings with single toggle.

func (Ueba) AsAnomalies 

func (u Ueba) AsAnomalies() (*Anomalies, bool)

AsAnomalies is the BasicSettings implementation for Ueba.

func (Ueba) AsBasicSettings 

func (u Ueba) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsEntityAnalytics 

func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Ueba.

func (Ueba) AsEyesOn 

func (u Ueba) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Ueba.

func (Ueba) AsSettings 

func (u Ueba) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsUeba 

func (u Ueba) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Ueba.

func (Ueba) MarshalJSON 

func (u Ueba) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Ueba.

func (*Ueba) UnmarshalJSON 

func (u *Ueba) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Ueba struct.

type UebaDataSources 

type UebaDataSources string

UebaDataSources enumerates the values for ueba data sources. 

const (
	// UebaDataSourcesAuditLogs ...
	UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs"
	// UebaDataSourcesAzureActivity ...
	UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity"
	// UebaDataSourcesSecurityEvent ...
	UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent"
	// UebaDataSourcesSigninLogs ...
	UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs"
)

func PossibleUebaDataSourcesValues 

func PossibleUebaDataSourcesValues() []UebaDataSources

PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type.

type UebaProperties 

type UebaProperties struct {
	// DataSources - The relevant data sources that enriched by ueba
	DataSources *[]UebaDataSources `json:"dataSources,omitempty"`
}

UebaProperties ueba property bag.

type UserInfo 

type UserInfo struct {
	// Email - READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty"`
	// Name - READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the user.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
}

UserInfo user information that made some action

func (UserInfo) MarshalJSON 

func (UI UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UserInfo.

type Watchlist 

type Watchlist struct {
	autorest.Response `json:"-"`
	// WatchlistProperties - Watchlist properties
	*WatchlistProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

Watchlist represents a Watchlist in Azure Security Insights.

func (Watchlist) MarshalJSON 

func (w Watchlist) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Watchlist.

func (*Watchlist) UnmarshalJSON 

func (w *Watchlist) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Watchlist struct.

type WatchlistItem 

type WatchlistItem struct {
	autorest.Response `json:"-"`
	// WatchlistItemProperties - Watchlist Item properties
	*WatchlistItemProperties `json:"properties,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty"`
	// SystemData - READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty"`
}

WatchlistItem represents a Watchlist item in Azure Security Insights.

func (WatchlistItem) MarshalJSON 

func (wi WatchlistItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for WatchlistItem.

func (*WatchlistItem) UnmarshalJSON 

func (wi *WatchlistItem) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for WatchlistItem struct.

type WatchlistItemList 

type WatchlistItemList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of watchlist item.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of watchlist items.
	Value *[]WatchlistItem `json:"value,omitempty"`
}

WatchlistItemList list all the watchlist items.

func (WatchlistItemList) IsEmpty 

func (wil WatchlistItemList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (WatchlistItemList) MarshalJSON 

func (wil WatchlistItemList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for WatchlistItemList.

type WatchlistItemListIterator 

type WatchlistItemListIterator struct {
	// contains filtered or unexported fields
}

WatchlistItemListIterator provides access to a complete listing of WatchlistItem values.

func NewWatchlistItemListIterator 

func NewWatchlistItemListIterator(page WatchlistItemListPage) WatchlistItemListIterator

Creates a new instance of the WatchlistItemListIterator type.

func (*WatchlistItemListIterator) Next 

func (iter *WatchlistItemListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistItemListIterator) NextWithContext 

func (iter *WatchlistItemListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (WatchlistItemListIterator) NotDone 

func (iter WatchlistItemListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (WatchlistItemListIterator) Response 

func (iter WatchlistItemListIterator) Response() WatchlistItemList

Response returns the raw server response from the last page request.

func (WatchlistItemListIterator) Value 

func (iter WatchlistItemListIterator) Value() WatchlistItem

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type WatchlistItemListPage 

type WatchlistItemListPage struct {
	// contains filtered or unexported fields
}

WatchlistItemListPage contains a page of WatchlistItem values.

func NewWatchlistItemListPage 

func NewWatchlistItemListPage(cur WatchlistItemList, getNextPage func(context.Context, WatchlistItemList) (WatchlistItemList, error)) WatchlistItemListPage

Creates a new instance of the WatchlistItemListPage type.

func (*WatchlistItemListPage) Next 

func (page *WatchlistItemListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistItemListPage) NextWithContext 

func (page *WatchlistItemListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (WatchlistItemListPage) NotDone 

func (page WatchlistItemListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (WatchlistItemListPage) Response 

func (page WatchlistItemListPage) Response() WatchlistItemList

Response returns the raw server response from the last page request.

func (WatchlistItemListPage) Values 

func (page WatchlistItemListPage) Values() []WatchlistItem

Values returns the slice of values for the current page or nil if there are no values.

type WatchlistItemProperties 

type WatchlistItemProperties struct {
	// WatchlistItemType - The type of the watchlist item
	WatchlistItemType *string `json:"watchlistItemType,omitempty"`
	// WatchlistItemID - The id (a Guid) of the watchlist item
	WatchlistItemID *string `json:"watchlistItemId,omitempty"`
	// TenantID - The tenantId to which the watchlist item belongs to
	TenantID *string `json:"tenantId,omitempty"`
	// IsDeleted - A flag that indicates if the watchlist item is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`
	// Created - The time the watchlist item was created
	Created *date.Time `json:"created,omitempty"`
	// Updated - The last time the watchlist item was updated
	Updated *date.Time `json:"updated,omitempty"`
	// CreatedBy - Describes a user that created the watchlist item
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// UpdatedBy - Describes a user that updated the watchlist item
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// ItemsKeyValue - key-value pairs for a watchlist item
	ItemsKeyValue interface{} `json:"itemsKeyValue,omitempty"`
	// EntityMapping - key-value pairs for a watchlist item entity mapping
	EntityMapping interface{} `json:"entityMapping,omitempty"`
}

WatchlistItemProperties describes watchlist item properties

type WatchlistItemsClient 

type WatchlistItemsClient struct {
	BaseClient
}

WatchlistItemsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewWatchlistItemsClient 

func NewWatchlistItemsClient(subscriptionID string) WatchlistItemsClient

NewWatchlistItemsClient creates an instance of the WatchlistItemsClient client.

func NewWatchlistItemsClientWithBaseURI 

func NewWatchlistItemsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistItemsClient

NewWatchlistItemsClientWithBaseURI creates an instance of the WatchlistItemsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (WatchlistItemsClient) CreateOrUpdate 

func (client WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem) (result WatchlistItem, err error)

CreateOrUpdate creates or updates a watchlist item. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlistItemID - watchlist Item Id (GUID) watchlistItem - the watchlist item

func (WatchlistItemsClient) CreateOrUpdatePreparer 

func (client WatchlistItemsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (WatchlistItemsClient) CreateOrUpdateResponder 

func (client WatchlistItemsClient) CreateOrUpdateResponder(resp *http.Response) (result WatchlistItem, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (WatchlistItemsClient) CreateOrUpdateSender 

func (client WatchlistItemsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (WatchlistItemsClient) Delete 

func (client WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string) (result autorest.Response, err error)

Delete delete a watchlist item. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlistItemID - watchlist Item Id (GUID)

func (WatchlistItemsClient) DeletePreparer 

func (client WatchlistItemsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (WatchlistItemsClient) DeleteResponder 

func (client WatchlistItemsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (WatchlistItemsClient) DeleteSender 

func (client WatchlistItemsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (WatchlistItemsClient) Get 

func (client WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string) (result WatchlistItem, err error)

Get gets a watchlist, without its watchlist items. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlistItemID - watchlist Item Id (GUID)

func (WatchlistItemsClient) GetPreparer 

func (client WatchlistItemsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (WatchlistItemsClient) GetResponder 

func (client WatchlistItemsClient) GetResponder(resp *http.Response) (result WatchlistItem, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (WatchlistItemsClient) GetSender 

func (client WatchlistItemsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (WatchlistItemsClient) List 

func (client WatchlistItemsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (result WatchlistItemListPage, err error)

List gets all watchlist Items. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistItemsClient) ListComplete 

func (client WatchlistItemsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (result WatchlistItemListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (WatchlistItemsClient) ListPreparer 

func (client WatchlistItemsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (*http.Request, error)

ListPreparer prepares the List request.

func (WatchlistItemsClient) ListResponder 

func (client WatchlistItemsClient) ListResponder(resp *http.Response) (result WatchlistItemList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (WatchlistItemsClient) ListSender 

func (client WatchlistItemsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type WatchlistList 

type WatchlistList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of watchlist.
	Value *[]Watchlist `json:"value,omitempty"`
}

WatchlistList list all the watchlists.

func (WatchlistList) IsEmpty 

func (wl WatchlistList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (WatchlistList) MarshalJSON 

func (wl WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for WatchlistList.

type WatchlistListIterator 

type WatchlistListIterator struct {
	// contains filtered or unexported fields
}

WatchlistListIterator provides access to a complete listing of Watchlist values.

func NewWatchlistListIterator 

func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator

Creates a new instance of the WatchlistListIterator type.

func (*WatchlistListIterator) Next 

func (iter *WatchlistListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListIterator) NextWithContext 

func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (WatchlistListIterator) NotDone 

func (iter WatchlistListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (WatchlistListIterator) Response 

func (iter WatchlistListIterator) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListIterator) Value 

func (iter WatchlistListIterator) Value() Watchlist

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type WatchlistListPage 

type WatchlistListPage struct {
	// contains filtered or unexported fields
}

WatchlistListPage contains a page of Watchlist values.

func NewWatchlistListPage 

func NewWatchlistListPage(cur WatchlistList, getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage

Creates a new instance of the WatchlistListPage type.

func (*WatchlistListPage) Next 

func (page *WatchlistListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListPage) NextWithContext 

func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (WatchlistListPage) NotDone 

func (page WatchlistListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (WatchlistListPage) Response 

func (page WatchlistListPage) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListPage) Values 

func (page WatchlistListPage) Values() []Watchlist

Values returns the slice of values for the current page or nil if there are no values.

type WatchlistProperties 

type WatchlistProperties struct {
	// WatchlistID - The id (a Guid) of the watchlist
	WatchlistID *string `json:"watchlistId,omitempty"`
	// DisplayName - The display name of the watchlist
	DisplayName *string `json:"displayName,omitempty"`
	// Provider - The provider of the watchlist
	Provider *string `json:"provider,omitempty"`
	// Source - The source of the watchlist. Possible values include: 'SourceLocalfile', 'SourceRemotestorage'
	Source Source `json:"source,omitempty"`
	// Created - The time the watchlist was created
	Created *date.Time `json:"created,omitempty"`
	// Updated - The last time the watchlist was updated
	Updated *date.Time `json:"updated,omitempty"`
	// CreatedBy - Describes a user that created the watchlist
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// UpdatedBy - Describes a user that updated the watchlist
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// Description - A description of the watchlist
	Description *string `json:"description,omitempty"`
	// WatchlistType - The type of the watchlist
	WatchlistType *string `json:"watchlistType,omitempty"`
	// WatchlistAlias - The alias of the watchlist
	WatchlistAlias *string `json:"watchlistAlias,omitempty"`
	// IsDeleted - A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`
	// Labels - List of labels relevant to this watchlist
	Labels *[]string `json:"labels,omitempty"`
	// DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string `json:"defaultDuration,omitempty"`
	// TenantID - The tenantId where the watchlist belongs to
	TenantID *string `json:"tenantId,omitempty"`
	// NumberOfLinesToSkip - The number of lines in a csv/tsv content to skip before the header
	NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"`
	// RawContent - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
	RawContent *string `json:"rawContent,omitempty"`
	// ItemsSearchKey - The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
	ItemsSearchKey *string `json:"itemsSearchKey,omitempty"`
	// ContentType - The content type of the raw content. Example : text/csv or text/tsv
	ContentType *string `json:"contentType,omitempty"`
	// UploadStatus - The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted
	UploadStatus *string `json:"uploadStatus,omitempty"`
	// WatchlistItemsCount - The number of Watchlist Items in the Watchlist
	WatchlistItemsCount *int32 `json:"watchlistItemsCount,omitempty"`
}

WatchlistProperties describes watchlist properties

type WatchlistsClient 

type WatchlistsClient struct {
	BaseClient
}

WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewWatchlistsClient 

func NewWatchlistsClient(subscriptionID string) WatchlistsClient

NewWatchlistsClient creates an instance of the WatchlistsClient client.

func NewWatchlistsClientWithBaseURI 

func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient

NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (WatchlistsClient) CreateOrUpdate 

func (client WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error)

CreateOrUpdate creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlist - the watchlist

func (WatchlistsClient) CreateOrUpdatePreparer 

func (client WatchlistsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (WatchlistsClient) CreateOrUpdateResponder 

func (client WatchlistsClient) CreateOrUpdateResponder(resp *http.Response) (result Watchlist, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (WatchlistsClient) CreateOrUpdateSender 

func (client WatchlistsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Delete 

func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (result autorest.Response, err error)

Delete delete a watchlist. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) DeletePreparer 

func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (WatchlistsClient) DeleteResponder 

func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (WatchlistsClient) DeleteSender 

func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Get 

func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (result Watchlist, err error)

Get gets a watchlist, without its watchlist items. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) GetPreparer 

func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string) (*http.Request, error)

GetPreparer prepares the Get request.

func (WatchlistsClient) GetResponder 

func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (WatchlistsClient) GetSender 

func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) List 

func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result WatchlistListPage, err error)

List gets all watchlists, without watchlist items. Parameters: resourceGroupName - the name of the resource group. The name is case insensitive. workspaceName - the name of the workspace.

func (WatchlistsClient) ListComplete 

func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result WatchlistListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (WatchlistsClient) ListPreparer 

func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (WatchlistsClient) ListResponder 

func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (WatchlistsClient) ListSender 

func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.