Documentation ¶
Index ¶
- func PossibleValuesForAlertDetail() []string
- func PossibleValuesForAlertRuleKind() []string
- func PossibleValuesForAlertSeverity() []string
- func PossibleValuesForAttackTactic() []string
- func PossibleValuesForEntityMappingType() []string
- func PossibleValuesForEventGroupingAggregationKind() []string
- func PossibleValuesForMatchingMethod() []string
- func PossibleValuesForMicrosoftSecurityProductName() []string
- func PossibleValuesForTriggerOperator() []string
- func ValidateAlertRuleID(input interface{}, key string) (warnings []string, errors []error)
- func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error)
- type AlertDetail
- type AlertDetailsOverride
- type AlertRule
- type AlertRuleId
- type AlertRuleKind
- type AlertRuleOperationPredicate
- type AlertRulesClient
- func (c AlertRulesClient) CreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result CreateOrUpdateOperationResponse, err error)
- func (c AlertRulesClient) Delete(ctx context.Context, id AlertRuleId) (result DeleteOperationResponse, err error)
- func (c AlertRulesClient) Get(ctx context.Context, id AlertRuleId) (result GetOperationResponse, err error)
- func (c AlertRulesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error)
- func (c AlertRulesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
- func (c AlertRulesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (result ListCompleteResult, err error)
- type AlertSeverity
- type AttackTactic
- type BaseAlertRuleImpl
- type CreateOrUpdateOperationResponse
- type DeleteOperationResponse
- type EntityMapping
- type EntityMappingType
- type EventGroupingAggregationKind
- type EventGroupingSettings
- type FieldMapping
- type FusionAlertRule
- type FusionAlertRuleProperties
- type GetOperationResponse
- type GroupingConfiguration
- type IncidentConfiguration
- type ListCompleteResult
- type ListCustomPager
- type ListOperationResponse
- type MatchingMethod
- type MicrosoftSecurityIncidentCreationAlertRule
- type MicrosoftSecurityIncidentCreationAlertRuleProperties
- type MicrosoftSecurityProductName
- type RawAlertRuleImpl
- type ScheduledAlertRule
- type ScheduledAlertRuleProperties
- type TriggerOperator
- type WorkspaceId
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PossibleValuesForAlertDetail ¶
func PossibleValuesForAlertDetail() []string
func PossibleValuesForAlertRuleKind ¶
func PossibleValuesForAlertRuleKind() []string
func PossibleValuesForAlertSeverity ¶
func PossibleValuesForAlertSeverity() []string
func PossibleValuesForAttackTactic ¶
func PossibleValuesForAttackTactic() []string
func PossibleValuesForEntityMappingType ¶
func PossibleValuesForEntityMappingType() []string
func PossibleValuesForEventGroupingAggregationKind ¶
func PossibleValuesForEventGroupingAggregationKind() []string
func PossibleValuesForMatchingMethod ¶
func PossibleValuesForMatchingMethod() []string
func PossibleValuesForMicrosoftSecurityProductName ¶
func PossibleValuesForMicrosoftSecurityProductName() []string
func PossibleValuesForTriggerOperator ¶
func PossibleValuesForTriggerOperator() []string
func ValidateAlertRuleID ¶
ValidateAlertRuleID checks that 'input' can be parsed as a Alert Rule ID
func ValidateWorkspaceID ¶
ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID
Types ¶
type AlertDetail ¶
type AlertDetail string
const ( AlertDetailDisplayName AlertDetail = "DisplayName" AlertDetailSeverity AlertDetail = "Severity" )
func (*AlertDetail) UnmarshalJSON ¶
func (s *AlertDetail) UnmarshalJSON(bytes []byte) error
type AlertDetailsOverride ¶
type AlertDetailsOverride struct { AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"` AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"` AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"` AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"` }
type AlertRule ¶
type AlertRule interface {
AlertRule() BaseAlertRuleImpl
}
type AlertRuleId ¶
type AlertRuleId struct { SubscriptionId string ResourceGroupName string WorkspaceName string RuleId string }
AlertRuleId is a struct representing the Resource ID for a Alert Rule
func NewAlertRuleID ¶
func NewAlertRuleID(subscriptionId string, resourceGroupName string, workspaceName string, ruleId string) AlertRuleId
NewAlertRuleID returns a new AlertRuleId struct
func ParseAlertRuleID ¶
func ParseAlertRuleID(input string) (*AlertRuleId, error)
ParseAlertRuleID parses 'input' into a AlertRuleId
func ParseAlertRuleIDInsensitively ¶
func ParseAlertRuleIDInsensitively(input string) (*AlertRuleId, error)
ParseAlertRuleIDInsensitively parses 'input' case-insensitively into a AlertRuleId note: this method should only be used for API response data and not user input
func (*AlertRuleId) FromParseResult ¶
func (id *AlertRuleId) FromParseResult(input resourceids.ParseResult) error
func (AlertRuleId) Segments ¶
func (id AlertRuleId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Alert Rule ID
func (AlertRuleId) String ¶
func (id AlertRuleId) String() string
String returns a human-readable description of this Alert Rule ID
type AlertRuleKind ¶
type AlertRuleKind string
const ( AlertRuleKindFusion AlertRuleKind = "Fusion" AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" AlertRuleKindScheduled AlertRuleKind = "Scheduled" )
func (*AlertRuleKind) UnmarshalJSON ¶
func (s *AlertRuleKind) UnmarshalJSON(bytes []byte) error
type AlertRuleOperationPredicate ¶
type AlertRuleOperationPredicate struct { }
func (AlertRuleOperationPredicate) Matches ¶
func (p AlertRuleOperationPredicate) Matches(input AlertRule) bool
type AlertRulesClient ¶
type AlertRulesClient struct {
Client *resourcemanager.Client
}
func NewAlertRulesClientWithBaseURI ¶
func NewAlertRulesClientWithBaseURI(sdkApi sdkEnv.Api) (*AlertRulesClient, error)
func (AlertRulesClient) CreateOrUpdate ¶
func (c AlertRulesClient) CreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result CreateOrUpdateOperationResponse, err error)
CreateOrUpdate ...
func (AlertRulesClient) Delete ¶
func (c AlertRulesClient) Delete(ctx context.Context, id AlertRuleId) (result DeleteOperationResponse, err error)
Delete ...
func (AlertRulesClient) Get ¶
func (c AlertRulesClient) Get(ctx context.Context, id AlertRuleId) (result GetOperationResponse, err error)
Get ...
func (AlertRulesClient) List ¶
func (c AlertRulesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error)
List ...
func (AlertRulesClient) ListComplete ¶
func (c AlertRulesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error)
ListComplete retrieves all the results into a single object
func (AlertRulesClient) ListCompleteMatchingPredicate ¶
func (c AlertRulesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (result ListCompleteResult, err error)
ListCompleteMatchingPredicate retrieves all the results and then applies the predicate
type AlertSeverity ¶
type AlertSeverity string
const ( AlertSeverityHigh AlertSeverity = "High" AlertSeverityInformational AlertSeverity = "Informational" AlertSeverityLow AlertSeverity = "Low" AlertSeverityMedium AlertSeverity = "Medium" )
func (*AlertSeverity) UnmarshalJSON ¶
func (s *AlertSeverity) UnmarshalJSON(bytes []byte) error
type AttackTactic ¶
type AttackTactic string
const ( AttackTacticCollection AttackTactic = "Collection" AttackTacticCommandAndControl AttackTactic = "CommandAndControl" AttackTacticCredentialAccess AttackTactic = "CredentialAccess" AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" AttackTacticDiscovery AttackTactic = "Discovery" AttackTacticExecution AttackTactic = "Execution" AttackTacticExfiltration AttackTactic = "Exfiltration" AttackTacticImpact AttackTactic = "Impact" AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" AttackTacticInitialAccess AttackTactic = "InitialAccess" AttackTacticLateralMovement AttackTactic = "LateralMovement" AttackTacticPersistence AttackTactic = "Persistence" AttackTacticPreAttack AttackTactic = "PreAttack" AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" AttackTacticReconnaissance AttackTactic = "Reconnaissance" AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" )
func (*AttackTactic) UnmarshalJSON ¶
func (s *AttackTactic) UnmarshalJSON(bytes []byte) error
type BaseAlertRuleImpl ¶
type BaseAlertRuleImpl struct { Etag *string `json:"etag,omitempty"` Id *string `json:"id,omitempty"` Kind AlertRuleKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (BaseAlertRuleImpl) AlertRule ¶
func (s BaseAlertRuleImpl) AlertRule() BaseAlertRuleImpl
type DeleteOperationResponse ¶
type EntityMapping ¶
type EntityMapping struct { EntityType *EntityMappingType `json:"entityType,omitempty"` FieldMappings *[]FieldMapping `json:"fieldMappings,omitempty"` }
type EntityMappingType ¶
type EntityMappingType string
const ( EntityMappingTypeAccount EntityMappingType = "Account" EntityMappingTypeAzureResource EntityMappingType = "AzureResource" EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" EntityMappingTypeDNS EntityMappingType = "DNS" EntityMappingTypeFile EntityMappingType = "File" EntityMappingTypeFileHash EntityMappingType = "FileHash" EntityMappingTypeHost EntityMappingType = "Host" EntityMappingTypeIP EntityMappingType = "IP" EntityMappingTypeMailCluster EntityMappingType = "MailCluster" EntityMappingTypeMailMessage EntityMappingType = "MailMessage" EntityMappingTypeMailbox EntityMappingType = "Mailbox" EntityMappingTypeMalware EntityMappingType = "Malware" EntityMappingTypeProcess EntityMappingType = "Process" EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" EntityMappingTypeURL EntityMappingType = "URL" )
func (*EntityMappingType) UnmarshalJSON ¶
func (s *EntityMappingType) UnmarshalJSON(bytes []byte) error
type EventGroupingAggregationKind ¶
type EventGroupingAggregationKind string
const ( EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" )
func (*EventGroupingAggregationKind) UnmarshalJSON ¶
func (s *EventGroupingAggregationKind) UnmarshalJSON(bytes []byte) error
type EventGroupingSettings ¶
type EventGroupingSettings struct {
AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}
type FieldMapping ¶
type FusionAlertRule ¶
type FusionAlertRule struct { Properties *FusionAlertRuleProperties `json:"properties,omitempty"` Etag *string `json:"etag,omitempty"` Id *string `json:"id,omitempty"` Kind AlertRuleKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (FusionAlertRule) AlertRule ¶
func (s FusionAlertRule) AlertRule() BaseAlertRuleImpl
func (FusionAlertRule) MarshalJSON ¶
func (s FusionAlertRule) MarshalJSON() ([]byte, error)
type FusionAlertRuleProperties ¶
type FusionAlertRuleProperties struct { AlertRuleTemplateName string `json:"alertRuleTemplateName"` Description *string `json:"description,omitempty"` DisplayName *string `json:"displayName,omitempty"` Enabled bool `json:"enabled"` LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` Severity *AlertSeverity `json:"severity,omitempty"` Tactics *[]AttackTactic `json:"tactics,omitempty"` Techniques *[]string `json:"techniques,omitempty"` }
func (*FusionAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *FusionAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*FusionAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *FusionAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type GetOperationResponse ¶
type GroupingConfiguration ¶
type GroupingConfiguration struct { Enabled bool `json:"enabled"` GroupByAlertDetails *[]AlertDetail `json:"groupByAlertDetails,omitempty"` GroupByCustomDetails *[]string `json:"groupByCustomDetails,omitempty"` GroupByEntities *[]EntityMappingType `json:"groupByEntities,omitempty"` LookbackDuration string `json:"lookbackDuration"` MatchingMethod MatchingMethod `json:"matchingMethod"` ReopenClosedIncident bool `json:"reopenClosedIncident"` }
type IncidentConfiguration ¶
type IncidentConfiguration struct { CreateIncident bool `json:"createIncident"` GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` }
type ListCompleteResult ¶
type ListCustomPager ¶
func (*ListCustomPager) NextPageLink ¶
func (p *ListCustomPager) NextPageLink() *odata.Link
type ListOperationResponse ¶
type MatchingMethod ¶
type MatchingMethod string
const ( MatchingMethodAllEntities MatchingMethod = "AllEntities" MatchingMethodAnyAlert MatchingMethod = "AnyAlert" MatchingMethodSelected MatchingMethod = "Selected" )
func (*MatchingMethod) UnmarshalJSON ¶
func (s *MatchingMethod) UnmarshalJSON(bytes []byte) error
type MicrosoftSecurityIncidentCreationAlertRule ¶
type MicrosoftSecurityIncidentCreationAlertRule struct { Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` Etag *string `json:"etag,omitempty"` Id *string `json:"id,omitempty"` Kind AlertRuleKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (MicrosoftSecurityIncidentCreationAlertRule) AlertRule ¶
func (s MicrosoftSecurityIncidentCreationAlertRule) AlertRule() BaseAlertRuleImpl
func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON ¶
func (s MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
type MicrosoftSecurityIncidentCreationAlertRuleProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` Enabled bool `json:"enabled"` LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` ProductFilter MicrosoftSecurityProductName `json:"productFilter"` SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type MicrosoftSecurityProductName ¶
type MicrosoftSecurityProductName string
const ( MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" )
func (*MicrosoftSecurityProductName) UnmarshalJSON ¶
func (s *MicrosoftSecurityProductName) UnmarshalJSON(bytes []byte) error
type RawAlertRuleImpl ¶
type RawAlertRuleImpl struct { Type string Values map[string]interface{} // contains filtered or unexported fields }
RawAlertRuleImpl is returned when the Discriminated Value doesn't match any of the defined types NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) and is used only for Deserialization (e.g. this cannot be used as a Request Payload).
func (RawAlertRuleImpl) AlertRule ¶
func (s RawAlertRuleImpl) AlertRule() BaseAlertRuleImpl
type ScheduledAlertRule ¶
type ScheduledAlertRule struct { Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` Etag *string `json:"etag,omitempty"` Id *string `json:"id,omitempty"` Kind AlertRuleKind `json:"kind"` Name *string `json:"name,omitempty"` SystemData *systemdata.SystemData `json:"systemData,omitempty"` Type *string `json:"type,omitempty"` }
func (ScheduledAlertRule) AlertRule ¶
func (s ScheduledAlertRule) AlertRule() BaseAlertRuleImpl
func (ScheduledAlertRule) MarshalJSON ¶
func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)
type ScheduledAlertRuleProperties ¶
type ScheduledAlertRuleProperties struct { AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` CustomDetails *map[string]string `json:"customDetails,omitempty"` Description *string `json:"description,omitempty"` DisplayName string `json:"displayName"` Enabled bool `json:"enabled"` EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"` EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` Query *string `json:"query,omitempty"` QueryFrequency *string `json:"queryFrequency,omitempty"` QueryPeriod *string `json:"queryPeriod,omitempty"` Severity *AlertSeverity `json:"severity,omitempty"` SuppressionDuration string `json:"suppressionDuration"` SuppressionEnabled bool `json:"suppressionEnabled"` Tactics *[]AttackTactic `json:"tactics,omitempty"` Techniques *[]string `json:"techniques,omitempty"` TemplateVersion *string `json:"templateVersion,omitempty"` TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` TriggerThreshold *int64 `json:"triggerThreshold,omitempty"` }
func (*ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime ¶
func (o *ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error)
func (*ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime ¶
func (o *ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time)
type TriggerOperator ¶
type TriggerOperator string
const ( TriggerOperatorEqual TriggerOperator = "Equal" TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" TriggerOperatorLessThan TriggerOperator = "LessThan" TriggerOperatorNotEqual TriggerOperator = "NotEqual" )
func (*TriggerOperator) UnmarshalJSON ¶
func (s *TriggerOperator) UnmarshalJSON(bytes []byte) error
type WorkspaceId ¶
WorkspaceId is a struct representing the Resource ID for a Workspace
func NewWorkspaceID ¶
func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId
NewWorkspaceID returns a new WorkspaceId struct
func ParseWorkspaceID ¶
func ParseWorkspaceID(input string) (*WorkspaceId, error)
ParseWorkspaceID parses 'input' into a WorkspaceId
func ParseWorkspaceIDInsensitively ¶
func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error)
ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId note: this method should only be used for API response data and not user input
func (*WorkspaceId) FromParseResult ¶
func (id *WorkspaceId) FromParseResult(input resourceids.ParseResult) error
func (WorkspaceId) Segments ¶
func (id WorkspaceId) Segments() []resourceids.Segment
Segments returns a slice of Resource ID Segments which comprise this Workspace ID
func (WorkspaceId) String ¶
func (id WorkspaceId) String() string
String returns a human-readable description of this Workspace ID
Source Files ¶
- client.go
- constants.go
- id_alertrule.go
- id_workspace.go
- method_createorupdate.go
- method_delete.go
- method_get.go
- method_list.go
- model_alertdetailsoverride.go
- model_alertrule.go
- model_entitymapping.go
- model_eventgroupingsettings.go
- model_fieldmapping.go
- model_fusionalertrule.go
- model_fusionalertruleproperties.go
- model_groupingconfiguration.go
- model_incidentconfiguration.go
- model_microsoftsecurityincidentcreationalertrule.go
- model_microsoftsecurityincidentcreationalertruleproperties.go
- model_scheduledalertrule.go
- model_scheduledalertruleproperties.go
- predicates.go
- version.go