Documentation ¶
Index ¶
- func PossibleValuesForAlertSeverity() []string
- func PossibleValuesForAlertStatus() []string
- func PossibleValuesForAntispamMailDirection() []string
- func PossibleValuesForAttackTactic() []string
- func PossibleValuesForConfidenceLevel() []string
- func PossibleValuesForConfidenceScoreStatus() []string
- func PossibleValuesForDeliveryAction() []string
- func PossibleValuesForDeliveryLocation() []string
- func PossibleValuesForDeviceImportance() []string
- func PossibleValuesForElevationToken() []string
- func PossibleValuesForEntityItemQueryKind() []string
- func PossibleValuesForEntityKind() []string
- func PossibleValuesForEntityQueryKind() []string
- func PossibleValuesForEntityTimelineKind() []string
- func PossibleValuesForEntityType() []string
- func PossibleValuesForFileHashAlgorithm() []string
- func PossibleValuesForGetInsightsError() []string
- func PossibleValuesForIncidentSeverity() []string
- func PossibleValuesForKillChainIntent() []string
- func PossibleValuesForOSFamily() []string
- func PossibleValuesForOutputType() []string
- func PossibleValuesForRegistryHive() []string
- func PossibleValuesForRegistryValueKind() []string
- func ValidateEntityID(input interface{}, key string) (warnings []string, errors []error)
- func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error)
- type AccountEntity
- type AccountEntityProperties
- type ActivityTimelineItem
- type AlertSeverity
- type AlertStatus
- type AnomalyTimelineItem
- type AntispamMailDirection
- type AttackTactic
- type AzureResourceEntity
- type AzureResourceEntityProperties
- type BaseEntityImpl
- type BaseEntityQueryItemImpl
- type BaseEntityTimelineItemImpl
- type BookmarkTimelineItem
- type CloudApplicationEntity
- type CloudApplicationEntityProperties
- type ConfidenceLevel
- type ConfidenceScoreStatus
- type DeliveryAction
- type DeliveryLocation
- type DeviceImportance
- type DnsEntity
- type DnsEntityProperties
- type ElevationToken
- type EntitiesClient
- func (c EntitiesClient) Expand(ctx context.Context, id EntityId, input EntityExpandParameters) (result ExpandOperationResponse, err error)
- func (c EntitiesClient) Get(ctx context.Context, id EntityId) (result GetOperationResponse, err error)
- func (c EntitiesClient) GetInsights(ctx context.Context, id EntityId, input EntityGetInsightsParameters) (result GetInsightsOperationResponse, err error)
- func (c EntitiesClient) GetTimelinelist(ctx context.Context, id EntityId, input EntityTimelineParameters) (result GetTimelinelistOperationResponse, err error)
- func (c EntitiesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error)
- func (c EntitiesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
- func (c EntitiesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate EntityOperationPredicate) (result ListCompleteResult, err error)
- func (c EntitiesClient) Queries(ctx context.Context, id EntityId, options QueriesOperationOptions) (result QueriesOperationResponse, err error)
- type Entity
- type EntityEdges
- type EntityExpandParameters
- type EntityExpandResponse
- type EntityExpandResponseValue
- type EntityGetInsightsParameters
- func (o *EntityGetInsightsParameters) GetEndTimeAsTime() (*time.Time, error)
- func (o *EntityGetInsightsParameters) GetStartTimeAsTime() (*time.Time, error)
- func (o *EntityGetInsightsParameters) SetEndTimeAsTime(input time.Time)
- func (o *EntityGetInsightsParameters) SetStartTimeAsTime(input time.Time)
- type EntityGetInsightsResponse
- type EntityId
- type EntityInsightItem
- type EntityInsightItemQueryTimeInterval
- func (o *EntityInsightItemQueryTimeInterval) GetEndTimeAsTime() (*time.Time, error)
- func (o *EntityInsightItemQueryTimeInterval) GetStartTimeAsTime() (*time.Time, error)
- func (o *EntityInsightItemQueryTimeInterval) SetEndTimeAsTime(input time.Time)
- func (o *EntityInsightItemQueryTimeInterval) SetStartTimeAsTime(input time.Time)
- type EntityItemQueryKind
- type EntityKind
- type EntityOperationPredicate
- type EntityQueryItem
- type EntityQueryItemPropertiesDataTypesInlined
- type EntityQueryKind
- type EntityTimelineItem
- type EntityTimelineKind
- type EntityTimelineParameters
- type EntityTimelineResponse
- type EntityType
- type ExpandOperationResponse
- type ExpansionResultAggregation
- type ExpansionResultsMetadata
- type FileEntity
- type FileEntityProperties
- type FileHashAlgorithm
- type FileHashEntity
- type FileHashEntityProperties
- type GeoLocation
- type GetInsightsError
- type GetInsightsErrorKind
- type GetInsightsOperationResponse
- type GetInsightsResultsMetadata
- type GetOperationResponse
- type GetQueriesResponse
- type GetTimelinelistOperationResponse
- type HostEntity
- type HostEntityProperties
- type HuntingBookmark
- type HuntingBookmarkProperties
- func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)
- func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)
- func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)
- func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)
- type IPEntity
- type IPEntityProperties
- type IncidentInfo
- type IncidentSeverity
- type InsightQueryItem
- type InsightQueryItemProperties
- type InsightQueryItemPropertiesAdditionalQuery
- type InsightQueryItemPropertiesDefaultTimeRange
- type InsightQueryItemPropertiesReferenceTimeRange
- type InsightQueryItemPropertiesTableQuery
- type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlinedLinkColumnsDefinitionsInlined
- type InsightsTableResult
- type InsightsTableResultColumnsInlined
- type IoTDeviceEntity
- type IoTDeviceEntityProperties
- type KillChainIntent
- type ListCompleteResult
- type ListCustomPager
- type ListOperationResponse
- type MailClusterEntity
- type MailClusterEntityProperties
- func (o *MailClusterEntityProperties) GetClusterQueryEndTimeAsTime() (*time.Time, error)
- func (o *MailClusterEntityProperties) GetClusterQueryStartTimeAsTime() (*time.Time, error)
- func (o *MailClusterEntityProperties) GetQueryTimeAsTime() (*time.Time, error)
- func (o *MailClusterEntityProperties) SetClusterQueryEndTimeAsTime(input time.Time)
- func (o *MailClusterEntityProperties) SetClusterQueryStartTimeAsTime(input time.Time)
- func (o *MailClusterEntityProperties) SetQueryTimeAsTime(input time.Time)
- type MailMessageEntity
- type MailMessageEntityProperties
- type MailboxEntity
- type MailboxEntityProperties
- type MalwareEntity
- type MalwareEntityProperties
- type NicEntity
- type NicEntityProperties
- type OSFamily
- type OutputType
- type ProcessEntity
- type ProcessEntityProperties
- type QueriesOperationOptions
- type QueriesOperationResponse
- type RawEntityImpl
- type RawEntityQueryItemImpl
- type RawEntityTimelineItemImpl
- type RegistryHive
- type RegistryKeyEntity
- type RegistryKeyEntityProperties
- type RegistryValueEntity
- type RegistryValueEntityProperties
- type RegistryValueKind
- type SecurityAlert
- type SecurityAlertProperties
- func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)
- func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)
- func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)
- type SecurityAlertPropertiesConfidenceReasonsInlined
- type SecurityAlertTimelineItem
- type SecurityGroupEntity
- type SecurityGroupEntityProperties
- type SubmissionMailEntity
- type SubmissionMailEntityProperties
- func (o *SubmissionMailEntityProperties) GetSubmissionDateAsTime() (*time.Time, error)
- func (o *SubmissionMailEntityProperties) GetTimestampAsTime() (*time.Time, error)
- func (o *SubmissionMailEntityProperties) SetSubmissionDateAsTime(input time.Time)
- func (o *SubmissionMailEntityProperties) SetTimestampAsTime(input time.Time)
- type ThreatIntelligence
- type TimelineAggregation
- type TimelineError
- type TimelineResultsMetadata
- type URLEntity
- type URLEntityProperties
- type UserInfo
- type WorkspaceId
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PossibleValuesForAlertSeverity ¶
func PossibleValuesForAlertSeverity() []string
func PossibleValuesForAlertStatus ¶
func PossibleValuesForAlertStatus() []string
func PossibleValuesForAntispamMailDirection ¶
func PossibleValuesForAntispamMailDirection() []string
func PossibleValuesForAttackTactic ¶
func PossibleValuesForAttackTactic() []string
func PossibleValuesForConfidenceLevel ¶
func PossibleValuesForConfidenceLevel() []string
func PossibleValuesForConfidenceScoreStatus ¶
func PossibleValuesForConfidenceScoreStatus() []string
func PossibleValuesForDeliveryAction ¶
func PossibleValuesForDeliveryAction() []string
func PossibleValuesForDeliveryLocation ¶
func PossibleValuesForDeliveryLocation() []string
func PossibleValuesForDeviceImportance ¶
func PossibleValuesForDeviceImportance() []string
func PossibleValuesForElevationToken ¶
func PossibleValuesForElevationToken() []string
func PossibleValuesForEntityItemQueryKind ¶
func PossibleValuesForEntityItemQueryKind() []string
func PossibleValuesForEntityKind ¶
func PossibleValuesForEntityKind() []string
func PossibleValuesForEntityQueryKind ¶
func PossibleValuesForEntityQueryKind() []string
func PossibleValuesForEntityTimelineKind ¶
func PossibleValuesForEntityTimelineKind() []string
func PossibleValuesForEntityType ¶
func PossibleValuesForEntityType() []string
func PossibleValuesForFileHashAlgorithm ¶
func PossibleValuesForFileHashAlgorithm() []string
func PossibleValuesForGetInsightsError ¶
func PossibleValuesForGetInsightsError() []string
func PossibleValuesForIncidentSeverity ¶
func PossibleValuesForIncidentSeverity() []string
func PossibleValuesForKillChainIntent ¶
func PossibleValuesForKillChainIntent() []string
func PossibleValuesForOSFamily ¶
func PossibleValuesForOSFamily() []string
func PossibleValuesForOutputType ¶
func PossibleValuesForOutputType() []string
func PossibleValuesForRegistryHive ¶
func PossibleValuesForRegistryHive() []string
func PossibleValuesForRegistryValueKind ¶
func PossibleValuesForRegistryValueKind() []string
func ValidateEntityID ¶
ValidateEntityID checks that 'input' can be parsed as a Entity ID
func ValidateWorkspaceID ¶
ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID
Types ¶
type AccountEntity ¶
type AccountEntity struct { Properties *AccountEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (AccountEntity) Entity ¶
func (s AccountEntity) Entity() BaseEntityImpl
func (AccountEntity) MarshalJSON ¶
func (s AccountEntity) MarshalJSON() ([]byte, error)
type AccountEntityProperties ¶
type AccountEntityProperties struct { AadTenantId *string `json:"aadTenantId,omitempty"` AadUserId *string `json:"aadUserId,omitempty"` AccountName *string `json:"accountName,omitempty"` AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` DisplayName *string `json:"displayName,omitempty"` DnsDomain *string `json:"dnsDomain,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostEntityId *string `json:"hostEntityId,omitempty"` IsDomainJoined *bool `json:"isDomainJoined,omitempty"` NtDomain *string `json:"ntDomain,omitempty"` ObjectGuid *string `json:"objectGuid,omitempty"` Puid *string `json:"puid,omitempty"` Sid *string `json:"sid,omitempty"` UpnSuffix *string `json:"upnSuffix,omitempty"` }
type ActivityTimelineItem ¶
type ActivityTimelineItem struct { BucketEndTimeUTC string `json:"bucketEndTimeUTC"` BucketStartTimeUTC string `json:"bucketStartTimeUTC"` Content string `json:"content"` FirstActivityTimeUTC string `json:"firstActivityTimeUTC"` LastActivityTimeUTC string `json:"lastActivityTimeUTC"` QueryId string `json:"queryId"` Title string `json:"title"` Kind EntityTimelineKind `json:"kind"` }
func (ActivityTimelineItem) EntityTimelineItem ¶
func (s ActivityTimelineItem) EntityTimelineItem() BaseEntityTimelineItemImpl
func (ActivityTimelineItem) MarshalJSON ¶
func (s ActivityTimelineItem) MarshalJSON() ([]byte, error)
type AlertSeverity ¶
type AlertSeverity string
const ( AlertSeverityHigh AlertSeverity = "High" AlertSeverityInformational AlertSeverity = "Informational" AlertSeverityLow AlertSeverity = "Low" AlertSeverityMedium AlertSeverity = "Medium" )
func (*AlertSeverity) UnmarshalJSON ¶
func (s *AlertSeverity) UnmarshalJSON(bytes []byte) error
type AlertStatus ¶
type AlertStatus string
const ( AlertStatusDismissed AlertStatus = "Dismissed" AlertStatusInProgress AlertStatus = "InProgress" AlertStatusNew AlertStatus = "New" AlertStatusResolved AlertStatus = "Resolved" AlertStatusUnknown AlertStatus = "Unknown" )
func (*AlertStatus) UnmarshalJSON ¶
func (s *AlertStatus) UnmarshalJSON(bytes []byte) error
type AnomalyTimelineItem ¶
type AnomalyTimelineItem struct { AzureResourceId string `json:"azureResourceId"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` EndTimeUtc string `json:"endTimeUtc"` Intent *string `json:"intent,omitempty"` ProductName *string `json:"productName,omitempty"` Reasons *[]string `json:"reasons,omitempty"` StartTimeUtc string `json:"startTimeUtc"` Techniques *[]string `json:"techniques,omitempty"` TimeGenerated string `json:"timeGenerated"` Vendor *string `json:"vendor,omitempty"` Kind EntityTimelineKind `json:"kind"` }
func (AnomalyTimelineItem) EntityTimelineItem ¶
func (s AnomalyTimelineItem) EntityTimelineItem() BaseEntityTimelineItemImpl
func (AnomalyTimelineItem) MarshalJSON ¶
func (s AnomalyTimelineItem) MarshalJSON() ([]byte, error)
type AntispamMailDirection ¶
type AntispamMailDirection string
const ( AntispamMailDirectionInbound AntispamMailDirection = "Inbound" AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg" AntispamMailDirectionOutbound AntispamMailDirection = "Outbound" AntispamMailDirectionUnknown AntispamMailDirection = "Unknown" )
func (*AntispamMailDirection) UnmarshalJSON ¶
func (s *AntispamMailDirection) UnmarshalJSON(bytes []byte) error
type AttackTactic ¶
type AttackTactic string
const ( AttackTacticCollection AttackTactic = "Collection" AttackTacticCommandAndControl AttackTactic = "CommandAndControl" AttackTacticCredentialAccess AttackTactic = "CredentialAccess" AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" AttackTacticDiscovery AttackTactic = "Discovery" AttackTacticExecution AttackTactic = "Execution" AttackTacticExfiltration AttackTactic = "Exfiltration" AttackTacticImpact AttackTactic = "Impact" AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" AttackTacticInitialAccess AttackTactic = "InitialAccess" AttackTacticLateralMovement AttackTactic = "LateralMovement" AttackTacticPersistence AttackTactic = "Persistence" AttackTacticPreAttack AttackTactic = "PreAttack" AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" AttackTacticReconnaissance AttackTactic = "Reconnaissance" AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" )
func (*AttackTactic) UnmarshalJSON ¶
func (s *AttackTactic) UnmarshalJSON(bytes []byte) error
type AzureResourceEntity ¶
type AzureResourceEntity struct { Properties *AzureResourceEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (AzureResourceEntity) Entity ¶
func (s AzureResourceEntity) Entity() BaseEntityImpl
func (AzureResourceEntity) MarshalJSON ¶
func (s AzureResourceEntity) MarshalJSON() ([]byte, error)
type BaseEntityImpl ¶
type BaseEntityImpl struct { Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (BaseEntityImpl) Entity ¶
func (s BaseEntityImpl) Entity() BaseEntityImpl
type BaseEntityQueryItemImpl ¶
type BaseEntityQueryItemImpl struct { Id *string `json:"id,omitempty"` Kind EntityQueryKind `json:"kind"` Name *string `json:"name,omitempty"` Type *string `json:"type,omitempty"` }
func (BaseEntityQueryItemImpl) EntityQueryItem ¶
func (s BaseEntityQueryItemImpl) EntityQueryItem() BaseEntityQueryItemImpl
type BaseEntityTimelineItemImpl ¶
type BaseEntityTimelineItemImpl struct {
Kind EntityTimelineKind `json:"kind"`
}
func (BaseEntityTimelineItemImpl) EntityTimelineItem ¶
func (s BaseEntityTimelineItemImpl) EntityTimelineItem() BaseEntityTimelineItemImpl
type BookmarkTimelineItem ¶
type BookmarkTimelineItem struct { AzureResourceId string `json:"azureResourceId"` CreatedBy *UserInfo `json:"createdBy,omitempty"` DisplayName *string `json:"displayName,omitempty"` EndTimeUtc *string `json:"endTimeUtc,omitempty"` EventTime *string `json:"eventTime,omitempty"` Labels *[]string `json:"labels,omitempty"` Notes *string `json:"notes,omitempty"` StartTimeUtc *string `json:"startTimeUtc,omitempty"` Kind EntityTimelineKind `json:"kind"` }
func (BookmarkTimelineItem) EntityTimelineItem ¶
func (s BookmarkTimelineItem) EntityTimelineItem() BaseEntityTimelineItemImpl
func (BookmarkTimelineItem) MarshalJSON ¶
func (s BookmarkTimelineItem) MarshalJSON() ([]byte, error)
type CloudApplicationEntity ¶
type CloudApplicationEntity struct { Properties *CloudApplicationEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (CloudApplicationEntity) Entity ¶
func (s CloudApplicationEntity) Entity() BaseEntityImpl
func (CloudApplicationEntity) MarshalJSON ¶
func (s CloudApplicationEntity) MarshalJSON() ([]byte, error)
type CloudApplicationEntityProperties ¶
type CloudApplicationEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` AppId *int64 `json:"appId,omitempty"` AppName *string `json:"appName,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` InstanceName *string `json:"instanceName,omitempty"` }
type ConfidenceLevel ¶
type ConfidenceLevel string
const ( ConfidenceLevelHigh ConfidenceLevel = "High" ConfidenceLevelLow ConfidenceLevel = "Low" ConfidenceLevelUnknown ConfidenceLevel = "Unknown" )
func (*ConfidenceLevel) UnmarshalJSON ¶
func (s *ConfidenceLevel) UnmarshalJSON(bytes []byte) error
type ConfidenceScoreStatus ¶
type ConfidenceScoreStatus string
const ( ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final" ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess" ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable" ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal" )
func (*ConfidenceScoreStatus) UnmarshalJSON ¶
func (s *ConfidenceScoreStatus) UnmarshalJSON(bytes []byte) error
type DeliveryAction ¶
type DeliveryAction string
const ( DeliveryActionBlocked DeliveryAction = "Blocked" DeliveryActionDelivered DeliveryAction = "Delivered" DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam" DeliveryActionReplaced DeliveryAction = "Replaced" DeliveryActionUnknown DeliveryAction = "Unknown" )
func (*DeliveryAction) UnmarshalJSON ¶
func (s *DeliveryAction) UnmarshalJSON(bytes []byte) error
type DeliveryLocation ¶
type DeliveryLocation string
const ( DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder" DeliveryLocationDropped DeliveryLocation = "Dropped" DeliveryLocationExternal DeliveryLocation = "External" DeliveryLocationFailed DeliveryLocation = "Failed" DeliveryLocationForwarded DeliveryLocation = "Forwarded" DeliveryLocationInbox DeliveryLocation = "Inbox" DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder" DeliveryLocationQuarantine DeliveryLocation = "Quarantine" DeliveryLocationUnknown DeliveryLocation = "Unknown" )
func (*DeliveryLocation) UnmarshalJSON ¶
func (s *DeliveryLocation) UnmarshalJSON(bytes []byte) error
type DeviceImportance ¶
type DeviceImportance string
const ( DeviceImportanceHigh DeviceImportance = "High" DeviceImportanceLow DeviceImportance = "Low" DeviceImportanceNormal DeviceImportance = "Normal" DeviceImportanceUnknown DeviceImportance = "Unknown" )
func (*DeviceImportance) UnmarshalJSON ¶
func (s *DeviceImportance) UnmarshalJSON(bytes []byte) error
type DnsEntity ¶
type DnsEntity struct { Properties *DnsEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (DnsEntity) Entity ¶
func (s DnsEntity) Entity() BaseEntityImpl
func (DnsEntity) MarshalJSON ¶
type DnsEntityProperties ¶
type DnsEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` DnsServerIPEntityId *string `json:"dnsServerIpEntityId,omitempty"` DomainName *string `json:"domainName,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostIPAddressEntityId *string `json:"hostIpAddressEntityId,omitempty"` IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` }
type ElevationToken ¶
type ElevationToken string
const ( ElevationTokenDefault ElevationToken = "Default" ElevationTokenFull ElevationToken = "Full" ElevationTokenLimited ElevationToken = "Limited" )
func (*ElevationToken) UnmarshalJSON ¶
func (s *ElevationToken) UnmarshalJSON(bytes []byte) error
type EntitiesClient ¶
type EntitiesClient struct {
Client *resourcemanager.Client
}
func NewEntitiesClientWithBaseURI ¶
func NewEntitiesClientWithBaseURI(sdkApi sdkEnv.Api) (*EntitiesClient, error)
func (EntitiesClient) Expand ¶
func (c EntitiesClient) Expand(ctx context.Context, id EntityId, input EntityExpandParameters) (result ExpandOperationResponse, err error)
Expand ...
func (EntitiesClient) Get ¶
func (c EntitiesClient) Get(ctx context.Context, id EntityId) (result GetOperationResponse, err error)
Get ...
func (EntitiesClient) GetInsights ¶
func (c EntitiesClient) GetInsights(ctx context.Context, id EntityId, input EntityGetInsightsParameters) (result GetInsightsOperationResponse, err error)
GetInsights ...
func (EntitiesClient) GetTimelinelist ¶
func (c EntitiesClient) GetTimelinelist(ctx context.Context, id EntityId, input EntityTimelineParameters) (result GetTimelinelistOperationResponse, err error)
GetTimelinelist ...
func (EntitiesClient) List ¶
func (c EntitiesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error)
List ...
func (EntitiesClient) ListComplete ¶
func (c EntitiesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
ListComplete retrieves all the results into a single object
func (EntitiesClient) ListCompleteMatchingPredicate ¶
func (c EntitiesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate EntityOperationPredicate) (result ListCompleteResult, err error)
ListCompleteMatchingPredicate retrieves all the results and then applies the predicate
func (EntitiesClient) Queries ¶
func (c EntitiesClient) Queries(ctx context.Context, id EntityId, options QueriesOperationOptions) (result QueriesOperationResponse, err error)
Queries ...
type Entity ¶
type Entity interface {
Entity() BaseEntityImpl
}
type EntityEdges ¶
type EntityExpandParameters ¶
type EntityExpandParameters struct { EndTime *string `json:"endTime,omitempty"` ExpansionId *string `json:"expansionId,omitempty"` StartTime *string `json:"startTime,omitempty"` }
func (*EntityExpandParameters) GetEndTimeAsTime ¶
func (o *EntityExpandParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityExpandParameters) GetStartTimeAsTime ¶
func (o *EntityExpandParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityExpandParameters) SetEndTimeAsTime ¶
func (o *EntityExpandParameters) SetEndTimeAsTime(input time.Time)
func (*EntityExpandParameters) SetStartTimeAsTime ¶
func (o *EntityExpandParameters) SetStartTimeAsTime(input time.Time)
type EntityExpandResponse ¶
type EntityExpandResponse struct { MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` Value *EntityExpandResponseValue `json:"value,omitempty"` }
type EntityExpandResponseValue ¶
type EntityExpandResponseValue struct { Edges *[]EntityEdges `json:"edges,omitempty"` Entities *[]Entity `json:"entities,omitempty"` }
func (*EntityExpandResponseValue) UnmarshalJSON ¶
func (s *EntityExpandResponseValue) UnmarshalJSON(bytes []byte) error
type EntityGetInsightsParameters ¶
type EntityGetInsightsParameters struct { AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"` EndTime string `json:"endTime"` InsightQueryIds *[]string `json:"insightQueryIds,omitempty"` StartTime string `json:"startTime"` }
func (*EntityGetInsightsParameters) GetEndTimeAsTime ¶
func (o *EntityGetInsightsParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityGetInsightsParameters) GetStartTimeAsTime ¶
func (o *EntityGetInsightsParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityGetInsightsParameters) SetEndTimeAsTime ¶
func (o *EntityGetInsightsParameters) SetEndTimeAsTime(input time.Time)
func (*EntityGetInsightsParameters) SetStartTimeAsTime ¶
func (o *EntityGetInsightsParameters) SetStartTimeAsTime(input time.Time)
type EntityGetInsightsResponse ¶
type EntityGetInsightsResponse struct { MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"` Value *[]EntityInsightItem `json:"value,omitempty"` }
type EntityId ¶
type EntityId struct { SubscriptionId string ResourceGroupName string WorkspaceName string EntityId string }
EntityId is a struct representing the Resource ID for a Entity
func NewEntityID ¶
func NewEntityID(subscriptionId string, resourceGroupName string, workspaceName string, entityId string) EntityId
NewEntityID returns a new EntityId struct
func ParseEntityID ¶
ParseEntityID parses 'input' into a EntityId
func ParseEntityIDInsensitively ¶
ParseEntityIDInsensitively parses 'input' case-insensitively into a EntityId note: this method should only be used for API response data and not user input
func (*EntityId) FromParseResult ¶
func (id *EntityId) FromParseResult(input resourceids.ParseResult) error
func (EntityId) Segments ¶
func (id EntityId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Entity ID
type EntityInsightItem ¶
type EntityInsightItem struct { ChartQueryResults *[]InsightsTableResult `json:"chartQueryResults,omitempty"` QueryId *string `json:"queryId,omitempty"` QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"` TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"` }
type EntityInsightItemQueryTimeInterval ¶
type EntityInsightItemQueryTimeInterval struct { EndTime *string `json:"endTime,omitempty"` StartTime *string `json:"startTime,omitempty"` }
func (*EntityInsightItemQueryTimeInterval) GetEndTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) GetEndTimeAsTime() (*time.Time, error)
func (*EntityInsightItemQueryTimeInterval) GetStartTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) GetStartTimeAsTime() (*time.Time, error)
func (*EntityInsightItemQueryTimeInterval) SetEndTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) SetEndTimeAsTime(input time.Time)
func (*EntityInsightItemQueryTimeInterval) SetStartTimeAsTime ¶
func (o *EntityInsightItemQueryTimeInterval) SetStartTimeAsTime(input time.Time)
type EntityItemQueryKind ¶
type EntityItemQueryKind string
const (
EntityItemQueryKindInsight EntityItemQueryKind = "Insight"
)
func (*EntityItemQueryKind) UnmarshalJSON ¶
func (s *EntityItemQueryKind) UnmarshalJSON(bytes []byte) error
type EntityKind ¶
type EntityKind string
const ( EntityKindAccount EntityKind = "Account" EntityKindAzureResource EntityKind = "AzureResource" EntityKindBookmark EntityKind = "Bookmark" EntityKindCloudApplication EntityKind = "CloudApplication" EntityKindDnsResolution EntityKind = "DnsResolution" EntityKindFile EntityKind = "File" EntityKindFileHash EntityKind = "FileHash" EntityKindHost EntityKind = "Host" EntityKindIP EntityKind = "Ip" EntityKindIoTDevice EntityKind = "IoTDevice" EntityKindMailCluster EntityKind = "MailCluster" EntityKindMailMessage EntityKind = "MailMessage" EntityKindMailbox EntityKind = "Mailbox" EntityKindMalware EntityKind = "Malware" EntityKindNic EntityKind = "Nic" EntityKindProcess EntityKind = "Process" EntityKindRegistryKey EntityKind = "RegistryKey" EntityKindRegistryValue EntityKind = "RegistryValue" EntityKindSecurityAlert EntityKind = "SecurityAlert" EntityKindSecurityGroup EntityKind = "SecurityGroup" EntityKindSubmissionMail EntityKind = "SubmissionMail" EntityKindURL EntityKind = "Url" )
func (*EntityKind) UnmarshalJSON ¶
func (s *EntityKind) UnmarshalJSON(bytes []byte) error
type EntityOperationPredicate ¶
type EntityOperationPredicate struct { }
func (EntityOperationPredicate) Matches ¶
func (p EntityOperationPredicate) Matches(input Entity) bool
type EntityQueryItem ¶
type EntityQueryItem interface {
EntityQueryItem() BaseEntityQueryItemImpl
}
func UnmarshalEntityQueryItemImplementation ¶
func UnmarshalEntityQueryItemImplementation(input []byte) (EntityQueryItem, error)
type EntityQueryItemPropertiesDataTypesInlined ¶
type EntityQueryItemPropertiesDataTypesInlined struct {
DataType *string `json:"dataType,omitempty"`
}
type EntityQueryKind ¶
type EntityQueryKind string
const ( EntityQueryKindActivity EntityQueryKind = "Activity" EntityQueryKindExpansion EntityQueryKind = "Expansion" EntityQueryKindInsight EntityQueryKind = "Insight" )
func (*EntityQueryKind) UnmarshalJSON ¶
func (s *EntityQueryKind) UnmarshalJSON(bytes []byte) error
type EntityTimelineItem ¶
type EntityTimelineItem interface {
EntityTimelineItem() BaseEntityTimelineItemImpl
}
func UnmarshalEntityTimelineItemImplementation ¶
func UnmarshalEntityTimelineItemImplementation(input []byte) (EntityTimelineItem, error)
type EntityTimelineKind ¶
type EntityTimelineKind string
const ( EntityTimelineKindActivity EntityTimelineKind = "Activity" EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly" EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" )
func (*EntityTimelineKind) UnmarshalJSON ¶
func (s *EntityTimelineKind) UnmarshalJSON(bytes []byte) error
type EntityTimelineParameters ¶
type EntityTimelineParameters struct { EndTime string `json:"endTime"` Kinds *[]EntityTimelineKind `json:"kinds,omitempty"` NumberOfBucket *int64 `json:"numberOfBucket,omitempty"` StartTime string `json:"startTime"` }
func (*EntityTimelineParameters) GetEndTimeAsTime ¶
func (o *EntityTimelineParameters) GetEndTimeAsTime() (*time.Time, error)
func (*EntityTimelineParameters) GetStartTimeAsTime ¶
func (o *EntityTimelineParameters) GetStartTimeAsTime() (*time.Time, error)
func (*EntityTimelineParameters) SetEndTimeAsTime ¶
func (o *EntityTimelineParameters) SetEndTimeAsTime(input time.Time)
func (*EntityTimelineParameters) SetStartTimeAsTime ¶
func (o *EntityTimelineParameters) SetStartTimeAsTime(input time.Time)
type EntityTimelineResponse ¶
type EntityTimelineResponse struct { MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` Value *[]EntityTimelineItem `json:"value,omitempty"` }
func (*EntityTimelineResponse) UnmarshalJSON ¶
func (s *EntityTimelineResponse) UnmarshalJSON(bytes []byte) error
type EntityType ¶
type EntityType string
const ( EntityTypeAccount EntityType = "Account" EntityTypeAzureResource EntityType = "AzureResource" EntityTypeCloudApplication EntityType = "CloudApplication" EntityTypeDNS EntityType = "DNS" EntityTypeFile EntityType = "File" EntityTypeFileHash EntityType = "FileHash" EntityTypeHost EntityType = "Host" EntityTypeHuntingBookmark EntityType = "HuntingBookmark" EntityTypeIP EntityType = "IP" EntityTypeIoTDevice EntityType = "IoTDevice" EntityTypeMailCluster EntityType = "MailCluster" EntityTypeMailMessage EntityType = "MailMessage" EntityTypeMailbox EntityType = "Mailbox" EntityTypeMalware EntityType = "Malware" EntityTypeNic EntityType = "Nic" EntityTypeProcess EntityType = "Process" EntityTypeRegistryKey EntityType = "RegistryKey" EntityTypeRegistryValue EntityType = "RegistryValue" EntityTypeSecurityAlert EntityType = "SecurityAlert" EntityTypeSecurityGroup EntityType = "SecurityGroup" EntityTypeSubmissionMail EntityType = "SubmissionMail" EntityTypeURL EntityType = "URL" )
func (*EntityType) UnmarshalJSON ¶
func (s *EntityType) UnmarshalJSON(bytes []byte) error
type ExpandOperationResponse ¶
type ExpandOperationResponse struct { HttpResponse *http.Response OData *odata.OData Model *EntityExpandResponse }
type ExpansionResultAggregation ¶
type ExpansionResultAggregation struct { AggregationType *string `json:"aggregationType,omitempty"` Count int64 `json:"count"` DisplayName *string `json:"displayName,omitempty"` EntityKind EntityKind `json:"entityKind"` }
type ExpansionResultsMetadata ¶
type ExpansionResultsMetadata struct {
Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}
type FileEntity ¶
type FileEntity struct { Properties *FileEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (FileEntity) Entity ¶
func (s FileEntity) Entity() BaseEntityImpl
func (FileEntity) MarshalJSON ¶
func (s FileEntity) MarshalJSON() ([]byte, error)
type FileEntityProperties ¶
type FileEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Directory *string `json:"directory,omitempty"` FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` FileName *string `json:"fileName,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostEntityId *string `json:"hostEntityId,omitempty"` }
type FileHashAlgorithm ¶
type FileHashAlgorithm string
const ( FileHashAlgorithmMDFive FileHashAlgorithm = "MD5" FileHashAlgorithmSHAOne FileHashAlgorithm = "SHA1" FileHashAlgorithmSHATwoFiveSix FileHashAlgorithm = "SHA256" FileHashAlgorithmSHATwoFiveSixAC FileHashAlgorithm = "SHA256AC" FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown" )
func (*FileHashAlgorithm) UnmarshalJSON ¶
func (s *FileHashAlgorithm) UnmarshalJSON(bytes []byte) error
type FileHashEntity ¶
type FileHashEntity struct { Properties *FileHashEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (FileHashEntity) Entity ¶
func (s FileHashEntity) Entity() BaseEntityImpl
func (FileHashEntity) MarshalJSON ¶
func (s FileHashEntity) MarshalJSON() ([]byte, error)
type FileHashEntityProperties ¶
type FileHashEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Algorithm *FileHashAlgorithm `json:"algorithm,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HashValue *string `json:"hashValue,omitempty"` }
type GeoLocation ¶
type GeoLocation struct { Asn *int64 `json:"asn,omitempty"` City *string `json:"city,omitempty"` CountryCode *string `json:"countryCode,omitempty"` CountryName *string `json:"countryName,omitempty"` Latitude *float64 `json:"latitude,omitempty"` Longitude *float64 `json:"longitude,omitempty"` State *string `json:"state,omitempty"` }
type GetInsightsError ¶
type GetInsightsError string
const (
GetInsightsErrorInsight GetInsightsError = "Insight"
)
func (*GetInsightsError) UnmarshalJSON ¶
func (s *GetInsightsError) UnmarshalJSON(bytes []byte) error
type GetInsightsErrorKind ¶
type GetInsightsErrorKind struct { ErrorMessage string `json:"errorMessage"` Kind GetInsightsError `json:"kind"` QueryId *string `json:"queryId,omitempty"` }
type GetInsightsOperationResponse ¶
type GetInsightsOperationResponse struct { HttpResponse *http.Response OData *odata.OData Model *EntityGetInsightsResponse }
type GetInsightsResultsMetadata ¶
type GetInsightsResultsMetadata struct { Errors *[]GetInsightsErrorKind `json:"errors,omitempty"` TotalCount int64 `json:"totalCount"` }
type GetOperationResponse ¶
type GetQueriesResponse ¶
type GetQueriesResponse struct {
Value *[]EntityQueryItem `json:"value,omitempty"`
}
func (*GetQueriesResponse) UnmarshalJSON ¶
func (s *GetQueriesResponse) UnmarshalJSON(bytes []byte) error
type GetTimelinelistOperationResponse ¶
type GetTimelinelistOperationResponse struct { HttpResponse *http.Response OData *odata.OData Model *EntityTimelineResponse }
type HostEntity ¶
type HostEntity struct { Properties *HostEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (HostEntity) Entity ¶
func (s HostEntity) Entity() BaseEntityImpl
func (HostEntity) MarshalJSON ¶
func (s HostEntity) MarshalJSON() ([]byte, error)
type HostEntityProperties ¶
type HostEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` AzureID *string `json:"azureID,omitempty"` DnsDomain *string `json:"dnsDomain,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostName *string `json:"hostName,omitempty"` IsDomainJoined *bool `json:"isDomainJoined,omitempty"` NetBiosName *string `json:"netBiosName,omitempty"` NtDomain *string `json:"ntDomain,omitempty"` OmsAgentID *string `json:"omsAgentID,omitempty"` OsFamily *OSFamily `json:"osFamily,omitempty"` OsVersion *string `json:"osVersion,omitempty"` }
type HuntingBookmark ¶
type HuntingBookmark struct { Properties *HuntingBookmarkProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (HuntingBookmark) Entity ¶
func (s HuntingBookmark) Entity() BaseEntityImpl
func (HuntingBookmark) MarshalJSON ¶
func (s HuntingBookmark) MarshalJSON() ([]byte, error)
type HuntingBookmarkProperties ¶
type HuntingBookmarkProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Created *string `json:"created,omitempty"` CreatedBy *UserInfo `json:"createdBy,omitempty"` DisplayName string `json:"displayName"` EventTime *string `json:"eventTime,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` Labels *[]string `json:"labels,omitempty"` Notes *string `json:"notes,omitempty"` Query string `json:"query"` QueryResult *string `json:"queryResult,omitempty"` Updated *string `json:"updated,omitempty"` UpdatedBy *UserInfo `json:"updatedBy,omitempty"` }
func (*HuntingBookmarkProperties) GetCreatedAsTime ¶
func (o *HuntingBookmarkProperties) GetCreatedAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) GetEventTimeAsTime ¶
func (o *HuntingBookmarkProperties) GetEventTimeAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) GetUpdatedAsTime ¶
func (o *HuntingBookmarkProperties) GetUpdatedAsTime() (*time.Time, error)
func (*HuntingBookmarkProperties) SetCreatedAsTime ¶
func (o *HuntingBookmarkProperties) SetCreatedAsTime(input time.Time)
func (*HuntingBookmarkProperties) SetEventTimeAsTime ¶
func (o *HuntingBookmarkProperties) SetEventTimeAsTime(input time.Time)
func (*HuntingBookmarkProperties) SetUpdatedAsTime ¶
func (o *HuntingBookmarkProperties) SetUpdatedAsTime(input time.Time)
type IPEntity ¶
type IPEntity struct { Properties *IPEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (IPEntity) Entity ¶
func (s IPEntity) Entity() BaseEntityImpl
func (IPEntity) MarshalJSON ¶
type IPEntityProperties ¶
type IPEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Address *string `json:"address,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` Location *GeoLocation `json:"location,omitempty"` ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` }
type IncidentInfo ¶
type IncidentInfo struct { IncidentId *string `json:"incidentId,omitempty"` RelationName *string `json:"relationName,omitempty"` Severity *IncidentSeverity `json:"severity,omitempty"` Title *string `json:"title,omitempty"` }
type IncidentSeverity ¶
type IncidentSeverity string
const ( IncidentSeverityHigh IncidentSeverity = "High" IncidentSeverityInformational IncidentSeverity = "Informational" IncidentSeverityLow IncidentSeverity = "Low" IncidentSeverityMedium IncidentSeverity = "Medium" )
func (*IncidentSeverity) UnmarshalJSON ¶
func (s *IncidentSeverity) UnmarshalJSON(bytes []byte) error
type InsightQueryItem ¶
type InsightQueryItem struct { Properties *InsightQueryItemProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityQueryKind `json:"kind"` Name *string `json:"name,omitempty"` Type *string `json:"type,omitempty"` }
func (InsightQueryItem) EntityQueryItem ¶
func (s InsightQueryItem) EntityQueryItem() BaseEntityQueryItemImpl
func (InsightQueryItem) MarshalJSON ¶
func (s InsightQueryItem) MarshalJSON() ([]byte, error)
type InsightQueryItemProperties ¶
type InsightQueryItemProperties struct { AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"` BaseQuery *string `json:"baseQuery,omitempty"` ChartQuery *interface{} `json:"chartQuery,omitempty"` DataTypes *[]EntityQueryItemPropertiesDataTypesInlined `json:"dataTypes,omitempty"` DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"` Description *string `json:"description,omitempty"` DisplayName *string `json:"displayName,omitempty"` EntitiesFilter *interface{} `json:"entitiesFilter,omitempty"` InputEntityType *EntityType `json:"inputEntityType,omitempty"` ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"` RequiredInputFieldsSets *[][]string `json:"requiredInputFieldsSets,omitempty"` TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"` }
type InsightQueryItemPropertiesReferenceTimeRange ¶
type InsightQueryItemPropertiesReferenceTimeRange struct {
BeforeRange *string `json:"beforeRange,omitempty"`
}
type InsightQueryItemPropertiesTableQuery ¶
type InsightQueryItemPropertiesTableQuery struct { ColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined `json:"columnsDefinitions,omitempty"` QueriesDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined `json:"queriesDefinitions,omitempty"` }
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined ¶
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsInlined struct { Header *string `json:"header,omitempty"` OutputType *OutputType `json:"outputType,omitempty"` SupportDeepLink *bool `json:"supportDeepLink,omitempty"` }
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined ¶
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlined struct { Filter *string `json:"filter,omitempty"` LinkColumnsDefinitions *[]InsightQueryItemPropertiesTableQueryQueriesDefinitionsInlinedLinkColumnsDefinitionsInlined `json:"linkColumnsDefinitions,omitempty"` Project *string `json:"project,omitempty"` Summarize *string `json:"summarize,omitempty"` }
type InsightsTableResult ¶
type InsightsTableResult struct { Columns *[]InsightsTableResultColumnsInlined `json:"columns,omitempty"` Rows *[][]string `json:"rows,omitempty"` }
type IoTDeviceEntity ¶
type IoTDeviceEntity struct { Properties *IoTDeviceEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (IoTDeviceEntity) Entity ¶
func (s IoTDeviceEntity) Entity() BaseEntityImpl
func (IoTDeviceEntity) MarshalJSON ¶
func (s IoTDeviceEntity) MarshalJSON() ([]byte, error)
type IoTDeviceEntityProperties ¶
type IoTDeviceEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` DeviceId *string `json:"deviceId,omitempty"` DeviceName *string `json:"deviceName,omitempty"` DeviceSubType *string `json:"deviceSubType,omitempty"` DeviceType *string `json:"deviceType,omitempty"` EdgeId *string `json:"edgeId,omitempty"` FirmwareVersion *string `json:"firmwareVersion,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostEntityId *string `json:"hostEntityId,omitempty"` IPAddressEntityId *string `json:"ipAddressEntityId,omitempty"` Importance *DeviceImportance `json:"importance,omitempty"` IotHubEntityId *string `json:"iotHubEntityId,omitempty"` IotSecurityAgentId *string `json:"iotSecurityAgentId,omitempty"` IsAuthorized *bool `json:"isAuthorized,omitempty"` IsProgramming *bool `json:"isProgramming,omitempty"` IsScanner *bool `json:"isScanner,omitempty"` MacAddress *string `json:"macAddress,omitempty"` Model *string `json:"model,omitempty"` NicEntityIds *[]string `json:"nicEntityIds,omitempty"` OperatingSystem *string `json:"operatingSystem,omitempty"` Owners *[]string `json:"owners,omitempty"` Protocols *[]string `json:"protocols,omitempty"` PurdueLayer *string `json:"purdueLayer,omitempty"` Sensor *string `json:"sensor,omitempty"` SerialNumber *string `json:"serialNumber,omitempty"` Site *string `json:"site,omitempty"` Source *string `json:"source,omitempty"` ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` Vendor *string `json:"vendor,omitempty"` Zone *string `json:"zone,omitempty"` }
type KillChainIntent ¶
type KillChainIntent string
const ( KillChainIntentCollection KillChainIntent = "Collection" KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" KillChainIntentDiscovery KillChainIntent = "Discovery" KillChainIntentExecution KillChainIntent = "Execution" KillChainIntentExfiltration KillChainIntent = "Exfiltration" KillChainIntentExploitation KillChainIntent = "Exploitation" KillChainIntentImpact KillChainIntent = "Impact" KillChainIntentLateralMovement KillChainIntent = "LateralMovement" KillChainIntentPersistence KillChainIntent = "Persistence" KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" KillChainIntentProbing KillChainIntent = "Probing" KillChainIntentUnknown KillChainIntent = "Unknown" )
func (*KillChainIntent) UnmarshalJSON ¶
func (s *KillChainIntent) UnmarshalJSON(bytes []byte) error
type ListCompleteResult ¶
type ListCustomPager ¶
func (*ListCustomPager) NextPageLink ¶
func (p *ListCustomPager) NextPageLink() *odata.Link
type ListOperationResponse ¶
type MailClusterEntity ¶
type MailClusterEntity struct { Properties *MailClusterEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (MailClusterEntity) Entity ¶
func (s MailClusterEntity) Entity() BaseEntityImpl
func (MailClusterEntity) MarshalJSON ¶
func (s MailClusterEntity) MarshalJSON() ([]byte, error)
type MailClusterEntityProperties ¶
type MailClusterEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` ClusterGroup *string `json:"clusterGroup,omitempty"` ClusterQueryEndTime *string `json:"clusterQueryEndTime,omitempty"` ClusterQueryStartTime *string `json:"clusterQueryStartTime,omitempty"` ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty"` ClusterSourceType *string `json:"clusterSourceType,omitempty"` CountByDeliveryStatus *interface{} `json:"countByDeliveryStatus,omitempty"` CountByProtectionStatus *interface{} `json:"countByProtectionStatus,omitempty"` CountByThreatType *interface{} `json:"countByThreatType,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty"` MailCount *int64 `json:"mailCount,omitempty"` NetworkMessageIds *[]string `json:"networkMessageIds,omitempty"` Query *string `json:"query,omitempty"` QueryTime *string `json:"queryTime,omitempty"` Source *string `json:"source,omitempty"` Threats *[]string `json:"threats,omitempty"` }
func (*MailClusterEntityProperties) GetClusterQueryEndTimeAsTime ¶
func (o *MailClusterEntityProperties) GetClusterQueryEndTimeAsTime() (*time.Time, error)
func (*MailClusterEntityProperties) GetClusterQueryStartTimeAsTime ¶
func (o *MailClusterEntityProperties) GetClusterQueryStartTimeAsTime() (*time.Time, error)
func (*MailClusterEntityProperties) GetQueryTimeAsTime ¶
func (o *MailClusterEntityProperties) GetQueryTimeAsTime() (*time.Time, error)
func (*MailClusterEntityProperties) SetClusterQueryEndTimeAsTime ¶
func (o *MailClusterEntityProperties) SetClusterQueryEndTimeAsTime(input time.Time)
func (*MailClusterEntityProperties) SetClusterQueryStartTimeAsTime ¶
func (o *MailClusterEntityProperties) SetClusterQueryStartTimeAsTime(input time.Time)
func (*MailClusterEntityProperties) SetQueryTimeAsTime ¶
func (o *MailClusterEntityProperties) SetQueryTimeAsTime(input time.Time)
type MailMessageEntity ¶
type MailMessageEntity struct { Properties *MailMessageEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (MailMessageEntity) Entity ¶
func (s MailMessageEntity) Entity() BaseEntityImpl
func (MailMessageEntity) MarshalJSON ¶
func (s MailMessageEntity) MarshalJSON() ([]byte, error)
type MailMessageEntityProperties ¶
type MailMessageEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"` BodyFingerprintBin1 *int64 `json:"bodyFingerprintBin1,omitempty"` BodyFingerprintBin2 *int64 `json:"bodyFingerprintBin2,omitempty"` BodyFingerprintBin3 *int64 `json:"bodyFingerprintBin3,omitempty"` BodyFingerprintBin4 *int64 `json:"bodyFingerprintBin4,omitempty"` BodyFingerprintBin5 *int64 `json:"bodyFingerprintBin5,omitempty"` DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"` DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"` FileEntityIds *[]string `json:"fileEntityIds,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` InternetMessageId *string `json:"internetMessageId,omitempty"` Language *string `json:"language,omitempty"` NetworkMessageId *string `json:"networkMessageId,omitempty"` P1Sender *string `json:"p1Sender,omitempty"` P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty"` P1SenderDomain *string `json:"p1SenderDomain,omitempty"` P2Sender *string `json:"p2Sender,omitempty"` P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty"` P2SenderDomain *string `json:"p2SenderDomain,omitempty"` ReceiveDate *string `json:"receiveDate,omitempty"` Recipient *string `json:"recipient,omitempty"` SenderIP *string `json:"senderIP,omitempty"` Subject *string `json:"subject,omitempty"` ThreatDetectionMethods *[]string `json:"threatDetectionMethods,omitempty"` Threats *[]string `json:"threats,omitempty"` Urls *[]string `json:"urls,omitempty"` }
func (*MailMessageEntityProperties) GetReceiveDateAsTime ¶
func (o *MailMessageEntityProperties) GetReceiveDateAsTime() (*time.Time, error)
func (*MailMessageEntityProperties) SetReceiveDateAsTime ¶
func (o *MailMessageEntityProperties) SetReceiveDateAsTime(input time.Time)
type MailboxEntity ¶
type MailboxEntity struct { Properties *MailboxEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (MailboxEntity) Entity ¶
func (s MailboxEntity) Entity() BaseEntityImpl
func (MailboxEntity) MarshalJSON ¶
func (s MailboxEntity) MarshalJSON() ([]byte, error)
type MailboxEntityProperties ¶
type MailboxEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` DisplayName *string `json:"displayName,omitempty"` ExternalDirectoryObjectId *string `json:"externalDirectoryObjectId,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty"` Upn *string `json:"upn,omitempty"` }
type MalwareEntity ¶
type MalwareEntity struct { Properties *MalwareEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (MalwareEntity) Entity ¶
func (s MalwareEntity) Entity() BaseEntityImpl
func (MalwareEntity) MarshalJSON ¶
func (s MalwareEntity) MarshalJSON() ([]byte, error)
type MalwareEntityProperties ¶
type MalwareEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` Category *string `json:"category,omitempty"` FileEntityIds *[]string `json:"fileEntityIds,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` MalwareName *string `json:"malwareName,omitempty"` ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` }
type NicEntity ¶
type NicEntity struct { Properties *NicEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (NicEntity) Entity ¶
func (s NicEntity) Entity() BaseEntityImpl
func (NicEntity) MarshalJSON ¶
type NicEntityProperties ¶
type NicEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` IPAddressEntityId *string `json:"ipAddressEntityId,omitempty"` MacAddress *string `json:"macAddress,omitempty"` Vlans *[]string `json:"vlans,omitempty"` }
type OutputType ¶
type OutputType string
const ( OutputTypeDate OutputType = "Date" OutputTypeEntity OutputType = "Entity" OutputTypeNumber OutputType = "Number" OutputTypeString OutputType = "String" )
func (*OutputType) UnmarshalJSON ¶
func (s *OutputType) UnmarshalJSON(bytes []byte) error
type ProcessEntity ¶
type ProcessEntity struct { Properties *ProcessEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (ProcessEntity) Entity ¶
func (s ProcessEntity) Entity() BaseEntityImpl
func (ProcessEntity) MarshalJSON ¶
func (s ProcessEntity) MarshalJSON() ([]byte, error)
type ProcessEntityProperties ¶
type ProcessEntityProperties struct { AccountEntityId *string `json:"accountEntityId,omitempty"` AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` CommandLine *string `json:"commandLine,omitempty"` CreationTimeUtc *string `json:"creationTimeUtc,omitempty"` ElevationToken *ElevationToken `json:"elevationToken,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` HostEntityId *string `json:"hostEntityId,omitempty"` HostLogonSessionEntityId *string `json:"hostLogonSessionEntityId,omitempty"` ImageFileEntityId *string `json:"imageFileEntityId,omitempty"` ParentProcessEntityId *string `json:"parentProcessEntityId,omitempty"` ProcessId *string `json:"processId,omitempty"` }
func (*ProcessEntityProperties) GetCreationTimeUtcAsTime ¶
func (o *ProcessEntityProperties) GetCreationTimeUtcAsTime() (*time.Time, error)
func (*ProcessEntityProperties) SetCreationTimeUtcAsTime ¶
func (o *ProcessEntityProperties) SetCreationTimeUtcAsTime(input time.Time)
type QueriesOperationOptions ¶
type QueriesOperationOptions struct {
Kind *EntityItemQueryKind
}
func DefaultQueriesOperationOptions ¶
func DefaultQueriesOperationOptions() QueriesOperationOptions
func (QueriesOperationOptions) ToHeaders ¶
func (o QueriesOperationOptions) ToHeaders() *client.Headers
func (QueriesOperationOptions) ToOData ¶
func (o QueriesOperationOptions) ToOData() *odata.Query
func (QueriesOperationOptions) ToQuery ¶
func (o QueriesOperationOptions) ToQuery() *client.QueryParams
type QueriesOperationResponse ¶
type QueriesOperationResponse struct { HttpResponse *http.Response OData *odata.OData Model *GetQueriesResponse }
type RawEntityImpl ¶
type RawEntityImpl struct { Type string Values map[string]interface{} // contains filtered or unexported fields }
RawEntityImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
func (RawEntityImpl) Entity ¶
func (s RawEntityImpl) Entity() BaseEntityImpl
type RawEntityQueryItemImpl ¶
type RawEntityQueryItemImpl struct { Type string Values map[string]interface{} // contains filtered or unexported fields }
RawEntityQueryItemImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
func (RawEntityQueryItemImpl) EntityQueryItem ¶
func (s RawEntityQueryItemImpl) EntityQueryItem() BaseEntityQueryItemImpl
type RawEntityTimelineItemImpl ¶
type RawEntityTimelineItemImpl struct { Type string Values map[string]interface{} // contains filtered or unexported fields }
RawEntityTimelineItemImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
func (RawEntityTimelineItemImpl) EntityTimelineItem ¶
func (s RawEntityTimelineItemImpl) EntityTimelineItem() BaseEntityTimelineItemImpl
type RegistryHive ¶
type RegistryHive string
const ( RegistryHiveHKEYA RegistryHive = "HKEY_A" RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS" )
func (*RegistryHive) UnmarshalJSON ¶
func (s *RegistryHive) UnmarshalJSON(bytes []byte) error
type RegistryKeyEntity ¶
type RegistryKeyEntity struct { Properties *RegistryKeyEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (RegistryKeyEntity) Entity ¶
func (s RegistryKeyEntity) Entity() BaseEntityImpl
func (RegistryKeyEntity) MarshalJSON ¶
func (s RegistryKeyEntity) MarshalJSON() ([]byte, error)
type RegistryKeyEntityProperties ¶
type RegistryKeyEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` Hive *RegistryHive `json:"hive,omitempty"` Key *string `json:"key,omitempty"` }
type RegistryValueEntity ¶
type RegistryValueEntity struct { Properties *RegistryValueEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (RegistryValueEntity) Entity ¶
func (s RegistryValueEntity) Entity() BaseEntityImpl
func (RegistryValueEntity) MarshalJSON ¶
func (s RegistryValueEntity) MarshalJSON() ([]byte, error)
type RegistryValueEntityProperties ¶
type RegistryValueEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` KeyEntityId *string `json:"keyEntityId,omitempty"` ValueData *string `json:"valueData,omitempty"` ValueName *string `json:"valueName,omitempty"` ValueType *RegistryValueKind `json:"valueType,omitempty"` }
type RegistryValueKind ¶
type RegistryValueKind string
const ( RegistryValueKindBinary RegistryValueKind = "Binary" RegistryValueKindDWord RegistryValueKind = "DWord" RegistryValueKindExpandString RegistryValueKind = "ExpandString" RegistryValueKindMultiString RegistryValueKind = "MultiString" RegistryValueKindNone RegistryValueKind = "None" RegistryValueKindQWord RegistryValueKind = "QWord" RegistryValueKindString RegistryValueKind = "String" RegistryValueKindUnknown RegistryValueKind = "Unknown" )
func (*RegistryValueKind) UnmarshalJSON ¶
func (s *RegistryValueKind) UnmarshalJSON(bytes []byte) error
type SecurityAlert ¶
type SecurityAlert struct { Properties *SecurityAlertProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (SecurityAlert) Entity ¶
func (s SecurityAlert) Entity() BaseEntityImpl
func (SecurityAlert) MarshalJSON ¶
func (s SecurityAlert) MarshalJSON() ([]byte, error)
type SecurityAlertProperties ¶
type SecurityAlertProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` AlertDisplayName *string `json:"alertDisplayName,omitempty"` AlertLink *string `json:"alertLink,omitempty"` AlertType *string `json:"alertType,omitempty"` CompromisedEntity *string `json:"compromisedEntity,omitempty"` ConfidenceLevel *ConfidenceLevel `json:"confidenceLevel,omitempty"` ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsInlined `json:"confidenceReasons,omitempty"` ConfidenceScore *float64 `json:"confidenceScore,omitempty"` ConfidenceScoreStatus *ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` Description *string `json:"description,omitempty"` EndTimeUtc *string `json:"endTimeUtc,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` Intent *KillChainIntent `json:"intent,omitempty"` ProcessingEndTime *string `json:"processingEndTime,omitempty"` ProductComponentName *string `json:"productComponentName,omitempty"` ProductName *string `json:"productName,omitempty"` ProductVersion *string `json:"productVersion,omitempty"` ProviderAlertId *string `json:"providerAlertId,omitempty"` RemediationSteps *[]string `json:"remediationSteps,omitempty"` ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"` Severity *AlertSeverity `json:"severity,omitempty"` StartTimeUtc *string `json:"startTimeUtc,omitempty"` Status *AlertStatus `json:"status,omitempty"` SystemAlertId *string `json:"systemAlertId,omitempty"` Tactics *[]AttackTactic `json:"tactics,omitempty"` TimeGenerated *string `json:"timeGenerated,omitempty"` VendorName *string `json:"vendorName,omitempty"` }
func (*SecurityAlertProperties) GetEndTimeUtcAsTime ¶
func (o *SecurityAlertProperties) GetEndTimeUtcAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetProcessingEndTimeAsTime ¶
func (o *SecurityAlertProperties) GetProcessingEndTimeAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetStartTimeUtcAsTime ¶
func (o *SecurityAlertProperties) GetStartTimeUtcAsTime() (*time.Time, error)
func (*SecurityAlertProperties) GetTimeGeneratedAsTime ¶
func (o *SecurityAlertProperties) GetTimeGeneratedAsTime() (*time.Time, error)
func (*SecurityAlertProperties) SetEndTimeUtcAsTime ¶
func (o *SecurityAlertProperties) SetEndTimeUtcAsTime(input time.Time)
func (*SecurityAlertProperties) SetProcessingEndTimeAsTime ¶
func (o *SecurityAlertProperties) SetProcessingEndTimeAsTime(input time.Time)
func (*SecurityAlertProperties) SetStartTimeUtcAsTime ¶
func (o *SecurityAlertProperties) SetStartTimeUtcAsTime(input time.Time)
func (*SecurityAlertProperties) SetTimeGeneratedAsTime ¶
func (o *SecurityAlertProperties) SetTimeGeneratedAsTime(input time.Time)
type SecurityAlertTimelineItem ¶
type SecurityAlertTimelineItem struct { AlertType string `json:"alertType"` AzureResourceId string `json:"azureResourceId"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` EndTimeUtc string `json:"endTimeUtc"` Intent *KillChainIntent `json:"intent,omitempty"` ProductName *string `json:"productName,omitempty"` Severity AlertSeverity `json:"severity"` StartTimeUtc string `json:"startTimeUtc"` Techniques *[]string `json:"techniques,omitempty"` TimeGenerated string `json:"timeGenerated"` Kind EntityTimelineKind `json:"kind"` }
func (SecurityAlertTimelineItem) EntityTimelineItem ¶
func (s SecurityAlertTimelineItem) EntityTimelineItem() BaseEntityTimelineItemImpl
func (SecurityAlertTimelineItem) MarshalJSON ¶
func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)
type SecurityGroupEntity ¶
type SecurityGroupEntity struct { Properties *SecurityGroupEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (SecurityGroupEntity) Entity ¶
func (s SecurityGroupEntity) Entity() BaseEntityImpl
func (SecurityGroupEntity) MarshalJSON ¶
func (s SecurityGroupEntity) MarshalJSON() ([]byte, error)
type SecurityGroupEntityProperties ¶
type SecurityGroupEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` DistinguishedName *string `json:"distinguishedName,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` ObjectGuid *string `json:"objectGuid,omitempty"` Sid *string `json:"sid,omitempty"` }
type SubmissionMailEntity ¶
type SubmissionMailEntity struct { Properties *SubmissionMailEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (SubmissionMailEntity) Entity ¶
func (s SubmissionMailEntity) Entity() BaseEntityImpl
func (SubmissionMailEntity) MarshalJSON ¶
func (s SubmissionMailEntity) MarshalJSON() ([]byte, error)
type SubmissionMailEntityProperties ¶
type SubmissionMailEntityProperties struct { AdditionalData *map[string]interface{} `json:"additionalData,omitempty"` FriendlyName *string `json:"friendlyName,omitempty"` NetworkMessageId *string `json:"networkMessageId,omitempty"` Recipient *string `json:"recipient,omitempty"` ReportType *string `json:"reportType,omitempty"` Sender *string `json:"sender,omitempty"` SenderIP *string `json:"senderIp,omitempty"` Subject *string `json:"subject,omitempty"` SubmissionDate *string `json:"submissionDate,omitempty"` SubmissionId *string `json:"submissionId,omitempty"` Submitter *string `json:"submitter,omitempty"` Timestamp *string `json:"timestamp,omitempty"` }
func (*SubmissionMailEntityProperties) GetSubmissionDateAsTime ¶
func (o *SubmissionMailEntityProperties) GetSubmissionDateAsTime() (*time.Time, error)
func (*SubmissionMailEntityProperties) GetTimestampAsTime ¶
func (o *SubmissionMailEntityProperties) GetTimestampAsTime() (*time.Time, error)
func (*SubmissionMailEntityProperties) SetSubmissionDateAsTime ¶
func (o *SubmissionMailEntityProperties) SetSubmissionDateAsTime(input time.Time)
func (*SubmissionMailEntityProperties) SetTimestampAsTime ¶
func (o *SubmissionMailEntityProperties) SetTimestampAsTime(input time.Time)
type ThreatIntelligence ¶
type ThreatIntelligence struct { Confidence *float64 `json:"confidence,omitempty"` ProviderName *string `json:"providerName,omitempty"` ReportLink *string `json:"reportLink,omitempty"` ThreatDescription *string `json:"threatDescription,omitempty"` ThreatName *string `json:"threatName,omitempty"` ThreatType *string `json:"threatType,omitempty"` }
type TimelineAggregation ¶
type TimelineAggregation struct { Count int64 `json:"count"` Kind EntityTimelineKind `json:"kind"` }
type TimelineError ¶
type TimelineError struct { ErrorMessage string `json:"errorMessage"` Kind EntityTimelineKind `json:"kind"` QueryId *string `json:"queryId,omitempty"` }
type TimelineResultsMetadata ¶
type TimelineResultsMetadata struct { Aggregations []TimelineAggregation `json:"aggregations"` Errors *[]TimelineError `json:"errors,omitempty"` TotalCount int64 `json:"totalCount"` }
type URLEntity ¶
type URLEntity struct { Properties *URLEntityProperties `json:"properties,omitempty"` Id *string `json:"id,omitempty"` Kind EntityKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (URLEntity) Entity ¶
func (s URLEntity) Entity() BaseEntityImpl
func (URLEntity) MarshalJSON ¶
type URLEntityProperties ¶
type WorkspaceId ¶
WorkspaceId is a struct representing the Resource ID for a Workspace
func NewWorkspaceID ¶
func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId
NewWorkspaceID returns a new WorkspaceId struct
func ParseWorkspaceID ¶
func ParseWorkspaceID(input string) (*WorkspaceId, error)
ParseWorkspaceID parses 'input' into a WorkspaceId
func ParseWorkspaceIDInsensitively ¶
func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error)
ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId note: this method should only be used for API response data and not user input
func (*WorkspaceId) FromParseResult ¶
func (id *WorkspaceId) FromParseResult(input resourceids.ParseResult) error
func (WorkspaceId) Segments ¶
func (id WorkspaceId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Workspace ID
func (WorkspaceId) String ¶
func (id WorkspaceId) String() string
String returns a human-readable description of this Workspace ID
Source Files ¶
- client.go
- constants.go
- id_entity.go
- id_workspace.go
- method_expand.go
- method_get.go
- method_getinsights.go
- method_gettimelinelist.go
- method_list.go
- method_queries.go
- model_accountentity.go
- model_accountentityproperties.go
- model_activitytimelineitem.go
- model_anomalytimelineitem.go
- model_azureresourceentity.go
- model_azureresourceentityproperties.go
- model_bookmarktimelineitem.go
- model_cloudapplicationentity.go
- model_cloudapplicationentityproperties.go
- model_dnsentity.go
- model_dnsentityproperties.go
- model_entity.go
- model_entityedges.go
- model_entityexpandparameters.go
- model_entityexpandresponse.go
- model_entityexpandresponsevalue.go
- model_entitygetinsightsparameters.go
- model_entitygetinsightsresponse.go
- model_entityinsightitem.go
- model_entityinsightitemquerytimeinterval.go
- model_entityqueryitem.go
- model_entityqueryitempropertiesdatatypesinlined.go
- model_entitytimelineitem.go
- model_entitytimelineparameters.go
- model_entitytimelineresponse.go
- model_expansionresultaggregation.go
- model_expansionresultsmetadata.go
- model_fileentity.go
- model_fileentityproperties.go
- model_filehashentity.go
- model_filehashentityproperties.go
- model_geolocation.go
- model_getinsightserrorkind.go
- model_getinsightsresultsmetadata.go
- model_getqueriesresponse.go
- model_hostentity.go
- model_hostentityproperties.go
- model_huntingbookmark.go
- model_huntingbookmarkproperties.go
- model_incidentinfo.go
- model_insightqueryitem.go
- model_insightqueryitemproperties.go
- model_insightqueryitempropertiesadditionalquery.go
- model_insightqueryitempropertiesdefaulttimerange.go
- model_insightqueryitempropertiesreferencetimerange.go
- model_insightqueryitempropertiestablequery.go
- model_insightqueryitempropertiestablequerycolumnsdefinitionsinlined.go
- model_insightqueryitempropertiestablequeryqueriesdefinitionsinlined.go
- model_insightqueryitempropertiestablequeryqueriesdefinitionsinlinedlinkcolumnsdefinitionsinlined.go
- model_insightstableresult.go
- model_insightstableresultcolumnsinlined.go
- model_iotdeviceentity.go
- model_iotdeviceentityproperties.go
- model_ipentity.go
- model_ipentityproperties.go
- model_mailboxentity.go
- model_mailboxentityproperties.go
- model_mailclusterentity.go
- model_mailclusterentityproperties.go
- model_mailmessageentity.go
- model_mailmessageentityproperties.go
- model_malwareentity.go
- model_malwareentityproperties.go
- model_nicentity.go
- model_nicentityproperties.go
- model_processentity.go
- model_processentityproperties.go
- model_registrykeyentity.go
- model_registrykeyentityproperties.go
- model_registryvalueentity.go
- model_registryvalueentityproperties.go
- model_securityalert.go
- model_securityalertproperties.go
- model_securityalertpropertiesconfidencereasonsinlined.go
- model_securityalerttimelineitem.go
- model_securitygroupentity.go
- model_securitygroupentityproperties.go
- model_submissionmailentity.go
- model_submissionmailentityproperties.go
- model_threatintelligence.go
- model_timelineaggregation.go
- model_timelineerror.go
- model_timelineresultsmetadata.go
- model_urlentity.go
- model_urlentityproperties.go
- model_userinfo.go
- predicates.go
- version.go