Versions in this module Expand all Collapse all v0 v0.20241126.2320 Nov 26, 2024 v0.20241126.1723 Nov 26, 2024 Changes in this version + func PossibleValuesForAlertDetail() []string + func PossibleValuesForAlertProperty() []string + func PossibleValuesForAlertRuleKind() []string + func PossibleValuesForAlertSeverity() []string + func PossibleValuesForAttackTactic() []string + func PossibleValuesForEntityMappingType() []string + func PossibleValuesForEventGroupingAggregationKind() []string + func PossibleValuesForMatchingMethod() []string + func PossibleValuesForMicrosoftSecurityProductName() []string + func PossibleValuesForTriggerOperator() []string + func ValidateAlertRuleID(input interface{}, key string) (warnings []string, errors []error) + func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error) + type AlertDetail string + const AlertDetailDisplayName + const AlertDetailSeverity + func (s *AlertDetail) UnmarshalJSON(bytes []byte) error + type AlertDetailsOverride struct + AlertDescriptionFormat *string + AlertDisplayNameFormat *string + AlertDynamicProperties *[]AlertPropertyMapping + AlertSeverityColumnName *string + AlertTacticsColumnName *string + type AlertProperty string + const AlertPropertyAlertLink + const AlertPropertyConfidenceLevel + const AlertPropertyConfidenceScore + const AlertPropertyExtendedLinks + const AlertPropertyProductComponentName + const AlertPropertyProductName + const AlertPropertyProviderName + const AlertPropertyRemediationSteps + const AlertPropertyTechniques + func (s *AlertProperty) UnmarshalJSON(bytes []byte) error + type AlertPropertyMapping struct + AlertProperty *AlertProperty + Value *string + type AlertRule interface + AlertRule func() BaseAlertRuleImpl + func UnmarshalAlertRuleImplementation(input []byte) (AlertRule, error) + type AlertRuleId struct + ResourceGroupName string + RuleId string + SubscriptionId string + WorkspaceName string + func NewAlertRuleID(subscriptionId string, resourceGroupName string, workspaceName string, ...) AlertRuleId + func ParseAlertRuleID(input string) (*AlertRuleId, error) + func ParseAlertRuleIDInsensitively(input string) (*AlertRuleId, error) + func (id *AlertRuleId) FromParseResult(input resourceids.ParseResult) error + func (id AlertRuleId) ID() string + func (id AlertRuleId) Segments() []resourceids.Segment + func (id AlertRuleId) String() string + type AlertRuleKind string + const AlertRuleKindFusion + const AlertRuleKindMLBehaviorAnalytics + const AlertRuleKindMicrosoftSecurityIncidentCreation + const AlertRuleKindNRT + const AlertRuleKindScheduled + const AlertRuleKindThreatIntelligence + func (s *AlertRuleKind) UnmarshalJSON(bytes []byte) error + type AlertRuleOperationPredicate struct + func (p AlertRuleOperationPredicate) Matches(input AlertRule) bool + type AlertRulesClient struct + Client *resourcemanager.Client + func NewAlertRulesClientWithBaseURI(sdkApi sdkEnv.Api) (*AlertRulesClient, error) + func (c AlertRulesClient) CreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result CreateOrUpdateOperationResponse, err error) + func (c AlertRulesClient) Delete(ctx context.Context, id AlertRuleId) (result DeleteOperationResponse, err error) + func (c AlertRulesClient) Get(ctx context.Context, id AlertRuleId) (result GetOperationResponse, err error) + func (c AlertRulesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error) + func (c AlertRulesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error) + func (c AlertRulesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (result ListCompleteResult, err error) + type AlertSeverity string + const AlertSeverityHigh + const AlertSeverityInformational + const AlertSeverityLow + const AlertSeverityMedium + func (s *AlertSeverity) UnmarshalJSON(bytes []byte) error + type AttackTactic string + const AttackTacticCollection + const AttackTacticCommandAndControl + const AttackTacticCredentialAccess + const AttackTacticDefenseEvasion + const AttackTacticDiscovery + const AttackTacticExecution + const AttackTacticExfiltration + const AttackTacticImpact + const AttackTacticImpairProcessControl + const AttackTacticInhibitResponseFunction + const AttackTacticInitialAccess + const AttackTacticLateralMovement + const AttackTacticPersistence + const AttackTacticPreAttack + const AttackTacticPrivilegeEscalation + const AttackTacticReconnaissance + const AttackTacticResourceDevelopment + func (s *AttackTactic) UnmarshalJSON(bytes []byte) error + type BaseAlertRuleImpl struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + SystemData *systemdata.SystemData + Type *string + func (s BaseAlertRuleImpl) AlertRule() BaseAlertRuleImpl + type CreateOrUpdateOperationResponse struct + HttpResponse *http.Response + Model AlertRule + OData *odata.OData + type DeleteOperationResponse struct + HttpResponse *http.Response + OData *odata.OData + type EntityMapping struct + EntityType *EntityMappingType + FieldMappings *[]FieldMapping + type EntityMappingType string + const EntityMappingTypeAccount + const EntityMappingTypeAzureResource + const EntityMappingTypeCloudApplication + const EntityMappingTypeDNS + const EntityMappingTypeFile + const EntityMappingTypeFileHash + const EntityMappingTypeHost + const EntityMappingTypeIP + const EntityMappingTypeMailCluster + const EntityMappingTypeMailMessage + const EntityMappingTypeMailbox + const EntityMappingTypeMalware + const EntityMappingTypeProcess + const EntityMappingTypeRegistryKey + const EntityMappingTypeRegistryValue + const EntityMappingTypeSecurityGroup + const EntityMappingTypeSubmissionMail + const EntityMappingTypeURL + func (s *EntityMappingType) UnmarshalJSON(bytes []byte) error + type EventGroupingAggregationKind string + const EventGroupingAggregationKindAlertPerResult + const EventGroupingAggregationKindSingleAlert + func (s *EventGroupingAggregationKind) UnmarshalJSON(bytes []byte) error + type EventGroupingSettings struct + AggregationKind *EventGroupingAggregationKind + type FieldMapping struct + ColumnName *string + Identifier *string + type FusionAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *FusionAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s FusionAlertRule) AlertRule() BaseAlertRuleImpl + func (s FusionAlertRule) MarshalJSON() ([]byte, error) + type FusionAlertRuleProperties struct + AlertRuleTemplateName string + Description *string + DisplayName *string + Enabled bool + LastModifiedUtc *string + ScenarioExclusionPatterns *[]FusionScenarioExclusionPattern + Severity *AlertSeverity + SourceSettings *[]FusionSourceSettings + Tactics *[]AttackTactic + Techniques *[]string + func (o *FusionAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *FusionAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type FusionScenarioExclusionPattern struct + DateAddedInUTC string + ExclusionPattern string + type FusionSourceSettings struct + Enabled bool + SourceName string + SourceSubTypes *[]FusionSourceSubTypeSetting + type FusionSourceSubTypeSetting struct + Enabled bool + SeverityFilters FusionSubTypeSeverityFilter + SourceSubTypeDisplayName *string + SourceSubTypeName string + type FusionSubTypeSeverityFilter struct + Filters *[]FusionSubTypeSeverityFiltersItem + IsSupported *bool + type FusionSubTypeSeverityFiltersItem struct + Enabled bool + Severity AlertSeverity + type GetOperationResponse struct + HttpResponse *http.Response + Model AlertRule + OData *odata.OData + type GroupingConfiguration struct + Enabled bool + GroupByAlertDetails *[]AlertDetail + GroupByCustomDetails *[]string + GroupByEntities *[]EntityMappingType + LookbackDuration string + MatchingMethod MatchingMethod + ReopenClosedIncident bool + type IncidentConfiguration struct + CreateIncident bool + GroupingConfiguration *GroupingConfiguration + type ListCompleteResult struct + Items []AlertRule + LatestHttpResponse *http.Response + type ListCustomPager struct + NextLink *odata.Link + func (p *ListCustomPager) NextPageLink() *odata.Link + type ListOperationResponse struct + HttpResponse *http.Response + Model *[]AlertRule + OData *odata.OData + type MLBehaviorAnalyticsAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *MLBehaviorAnalyticsAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s MLBehaviorAnalyticsAlertRule) AlertRule() BaseAlertRuleImpl + func (s MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error) + type MLBehaviorAnalyticsAlertRuleProperties struct + AlertRuleTemplateName string + Description *string + DisplayName *string + Enabled bool + LastModifiedUtc *string + Severity *AlertSeverity + Tactics *[]AttackTactic + Techniques *[]string + func (o *MLBehaviorAnalyticsAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *MLBehaviorAnalyticsAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type MatchingMethod string + const MatchingMethodAllEntities + const MatchingMethodAnyAlert + const MatchingMethodSelected + func (s *MatchingMethod) UnmarshalJSON(bytes []byte) error + type MicrosoftSecurityIncidentCreationAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s MicrosoftSecurityIncidentCreationAlertRule) AlertRule() BaseAlertRuleImpl + func (s MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) + type MicrosoftSecurityIncidentCreationAlertRuleProperties struct + AlertRuleTemplateName *string + Description *string + DisplayName string + DisplayNamesExcludeFilter *[]string + DisplayNamesFilter *[]string + Enabled bool + LastModifiedUtc *string + ProductFilter MicrosoftSecurityProductName + SeveritiesFilter *[]AlertSeverity + func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type MicrosoftSecurityProductName string + const MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection + const MicrosoftSecurityProductNameAzureAdvancedThreatProtection + const MicrosoftSecurityProductNameAzureSecurityCenter + const MicrosoftSecurityProductNameAzureSecurityCenterForIoT + const MicrosoftSecurityProductNameMicrosoftCloudAppSecurity + const MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection + const MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection + func (s *MicrosoftSecurityProductName) UnmarshalJSON(bytes []byte) error + type NrtAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *NrtAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s NrtAlertRule) AlertRule() BaseAlertRuleImpl + func (s NrtAlertRule) MarshalJSON() ([]byte, error) + type NrtAlertRuleProperties struct + AlertDetailsOverride *AlertDetailsOverride + AlertRuleTemplateName *string + CustomDetails *map[string]string + Description *string + DisplayName string + Enabled bool + EntityMappings *[]EntityMapping + EventGroupingSettings *EventGroupingSettings + IncidentConfiguration *IncidentConfiguration + LastModifiedUtc *string + Query string + SentinelEntitiesMappings *[]SentinelEntityMapping + Severity AlertSeverity + SuppressionDuration string + SuppressionEnabled bool + Tactics *[]AttackTactic + Techniques *[]string + TemplateVersion *string + func (o *NrtAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *NrtAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type RawAlertRuleImpl struct + Type string + Values map[string]interface{} + func (s RawAlertRuleImpl) AlertRule() BaseAlertRuleImpl + type ScheduledAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *ScheduledAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s ScheduledAlertRule) AlertRule() BaseAlertRuleImpl + func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) + type ScheduledAlertRuleProperties struct + AlertDetailsOverride *AlertDetailsOverride + AlertRuleTemplateName *string + CustomDetails *map[string]string + Description *string + DisplayName string + Enabled bool + EntityMappings *[]EntityMapping + EventGroupingSettings *EventGroupingSettings + IncidentConfiguration *IncidentConfiguration + LastModifiedUtc *string + Query *string + QueryFrequency *string + QueryPeriod *string + SentinelEntitiesMappings *[]SentinelEntityMapping + Severity *AlertSeverity + SuppressionDuration string + SuppressionEnabled bool + Tactics *[]AttackTactic + Techniques *[]string + TemplateVersion *string + TriggerOperator *TriggerOperator + TriggerThreshold *int64 + func (o *ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type SentinelEntityMapping struct + ColumnName *string + type ThreatIntelligenceAlertRule struct + Etag *string + Id *string + Kind AlertRuleKind + Name *string + Properties *ThreatIntelligenceAlertRuleProperties + SystemData *systemdata.SystemData + Type *string + func (s ThreatIntelligenceAlertRule) AlertRule() BaseAlertRuleImpl + func (s ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error) + type ThreatIntelligenceAlertRuleProperties struct + AlertRuleTemplateName string + Description *string + DisplayName *string + Enabled bool + LastModifiedUtc *string + Severity *AlertSeverity + Tactics *[]AttackTactic + Techniques *[]string + func (o *ThreatIntelligenceAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) + func (o *ThreatIntelligenceAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) + type TriggerOperator string + const TriggerOperatorEqual + const TriggerOperatorGreaterThan + const TriggerOperatorLessThan + const TriggerOperatorNotEqual + func (s *TriggerOperator) UnmarshalJSON(bytes []byte) error + type WorkspaceId struct + ResourceGroupName string + SubscriptionId string + WorkspaceName string + func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId + func ParseWorkspaceID(input string) (*WorkspaceId, error) + func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error) + func (id *WorkspaceId) FromParseResult(input resourceids.ParseResult) error + func (id WorkspaceId) ID() string + func (id WorkspaceId) Segments() []resourceids.Segment + func (id WorkspaceId) String() string