/
enums.go
1117 lines (969 loc) · 51.8 KB
/
enums.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package securityinsight
// Copyright (c) Microsoft and contributors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by Microsoft (R) AutoRest Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// AlertRuleKind enumerates the values for alert rule kind.
type AlertRuleKind string
const (
// Fusion ...
Fusion AlertRuleKind = "Fusion"
// MicrosoftSecurityIncidentCreation ...
MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
// Scheduled ...
Scheduled AlertRuleKind = "Scheduled"
)
// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.
func PossibleAlertRuleKindValues() []AlertRuleKind {
return []AlertRuleKind{Fusion, MicrosoftSecurityIncidentCreation, Scheduled}
}
// AlertSeverity enumerates the values for alert severity.
type AlertSeverity string
const (
// High High severity
High AlertSeverity = "High"
// Informational Informational severity
Informational AlertSeverity = "Informational"
// Low Low severity
Low AlertSeverity = "Low"
// Medium Medium severity
Medium AlertSeverity = "Medium"
)
// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.
func PossibleAlertSeverityValues() []AlertSeverity {
return []AlertSeverity{High, Informational, Low, Medium}
}
// AlertStatus enumerates the values for alert status.
type AlertStatus string
const (
// AlertStatusDismissed Alert dismissed as false positive
AlertStatusDismissed AlertStatus = "Dismissed"
// AlertStatusInProgress Alert is being handled
AlertStatusInProgress AlertStatus = "InProgress"
// AlertStatusNew New alert
AlertStatusNew AlertStatus = "New"
// AlertStatusResolved Alert closed after handling
AlertStatusResolved AlertStatus = "Resolved"
// AlertStatusUnknown Unknown value
AlertStatusUnknown AlertStatus = "Unknown"
)
// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.
func PossibleAlertStatusValues() []AlertStatus {
return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown}
}
// AttackTactic enumerates the values for attack tactic.
type AttackTactic string
const (
// Collection ...
Collection AttackTactic = "Collection"
// CommandAndControl ...
CommandAndControl AttackTactic = "CommandAndControl"
// CredentialAccess ...
CredentialAccess AttackTactic = "CredentialAccess"
// DefenseEvasion ...
DefenseEvasion AttackTactic = "DefenseEvasion"
// Discovery ...
Discovery AttackTactic = "Discovery"
// Execution ...
Execution AttackTactic = "Execution"
// Exfiltration ...
Exfiltration AttackTactic = "Exfiltration"
// Impact ...
Impact AttackTactic = "Impact"
// InitialAccess ...
InitialAccess AttackTactic = "InitialAccess"
// LateralMovement ...
LateralMovement AttackTactic = "LateralMovement"
// Persistence ...
Persistence AttackTactic = "Persistence"
// PreAttack ...
PreAttack AttackTactic = "PreAttack"
// PrivilegeEscalation ...
PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)
// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.
func PossibleAttackTacticValues() []AttackTactic {
return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PreAttack, PrivilegeEscalation}
}
// CaseSeverity enumerates the values for case severity.
type CaseSeverity string
const (
// CaseSeverityCritical Critical severity
CaseSeverityCritical CaseSeverity = "Critical"
// CaseSeverityHigh High severity
CaseSeverityHigh CaseSeverity = "High"
// CaseSeverityInformational Informational severity
CaseSeverityInformational CaseSeverity = "Informational"
// CaseSeverityLow Low severity
CaseSeverityLow CaseSeverity = "Low"
// CaseSeverityMedium Medium severity
CaseSeverityMedium CaseSeverity = "Medium"
)
// PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.
func PossibleCaseSeverityValues() []CaseSeverity {
return []CaseSeverity{CaseSeverityCritical, CaseSeverityHigh, CaseSeverityInformational, CaseSeverityLow, CaseSeverityMedium}
}
// CaseStatus enumerates the values for case status.
type CaseStatus string
const (
// CaseStatusClosed A non active case
CaseStatusClosed CaseStatus = "Closed"
// CaseStatusDraft Case that wasn't promoted yet to active
CaseStatusDraft CaseStatus = "Draft"
// CaseStatusInProgress An active case which is handled
CaseStatusInProgress CaseStatus = "InProgress"
// CaseStatusNew An active case which isn't handled currently
CaseStatusNew CaseStatus = "New"
)
// PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.
func PossibleCaseStatusValues() []CaseStatus {
return []CaseStatus{CaseStatusClosed, CaseStatusDraft, CaseStatusInProgress, CaseStatusNew}
}
// CloseReason enumerates the values for close reason.
type CloseReason string
const (
// Dismissed Case was dismissed
Dismissed CloseReason = "Dismissed"
// FalsePositive Case was false positive
FalsePositive CloseReason = "FalsePositive"
// Other Case was closed for another reason
Other CloseReason = "Other"
// Resolved Case was resolved
Resolved CloseReason = "Resolved"
// TruePositive Case was true positive
TruePositive CloseReason = "TruePositive"
)
// PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.
func PossibleCloseReasonValues() []CloseReason {
return []CloseReason{Dismissed, FalsePositive, Other, Resolved, TruePositive}
}
// ConfidenceLevel enumerates the values for confidence level.
type ConfidenceLevel string
const (
// ConfidenceLevelHigh High confidence that the alert is true positive malicious
ConfidenceLevelHigh ConfidenceLevel = "High"
// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
// attack
ConfidenceLevelLow ConfidenceLevel = "Low"
// ConfidenceLevelUnknown Unknown confidence, the is the default value
ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)
// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.
func PossibleConfidenceLevelValues() []ConfidenceLevel {
return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown}
}
// ConfidenceScoreStatus enumerates the values for confidence score status.
type ConfidenceScoreStatus string
const (
// Final Final score was calculated and available
Final ConfidenceScoreStatus = "Final"
// InProcess No score was set yet and calculation is in progress
InProcess ConfidenceScoreStatus = "InProcess"
// NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst
NotApplicable ConfidenceScoreStatus = "NotApplicable"
// NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time
// following the processing of additional data
NotFinal ConfidenceScoreStatus = "NotFinal"
)
// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.
func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus {
return []ConfidenceScoreStatus{Final, InProcess, NotApplicable, NotFinal}
}
// DataConnectorAuthorizationState enumerates the values for data connector authorization state.
type DataConnectorAuthorizationState string
const (
// Invalid ...
Invalid DataConnectorAuthorizationState = "Invalid"
// Valid ...
Valid DataConnectorAuthorizationState = "Valid"
)
// PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.
func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState {
return []DataConnectorAuthorizationState{Invalid, Valid}
}
// DataConnectorKind enumerates the values for data connector kind.
type DataConnectorKind string
const (
// DataConnectorKindAmazonWebServicesCloudTrail ...
DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
// DataConnectorKindAzureActiveDirectory ...
DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
// DataConnectorKindAzureAdvancedThreatProtection ...
DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
// DataConnectorKindAzureSecurityCenter ...
DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
// DataConnectorKindMicrosoftCloudAppSecurity ...
DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
// DataConnectorKindOffice365 ...
DataConnectorKindOffice365 DataConnectorKind = "Office365"
// DataConnectorKindOfficeATP ...
DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP"
// DataConnectorKindThreatIntelligence ...
DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
// DataConnectorKindThreatIntelligenceTaxii ...
DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii"
)
// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.
func PossibleDataConnectorKindValues() []DataConnectorKind {
return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii}
}
// DataConnectorLicenseState enumerates the values for data connector license state.
type DataConnectorLicenseState string
const (
// DataConnectorLicenseStateInvalid ...
DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
// DataConnectorLicenseStateUnknown ...
DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
// DataConnectorLicenseStateValid ...
DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid"
)
// PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.
func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState {
return []DataConnectorLicenseState{DataConnectorLicenseStateInvalid, DataConnectorLicenseStateUnknown, DataConnectorLicenseStateValid}
}
// DataTypeState enumerates the values for data type state.
type DataTypeState string
const (
// Disabled ...
Disabled DataTypeState = "Disabled"
// Enabled ...
Enabled DataTypeState = "Enabled"
)
// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.
func PossibleDataTypeStateValues() []DataTypeState {
return []DataTypeState{Disabled, Enabled}
}
// ElevationToken enumerates the values for elevation token.
type ElevationToken string
const (
// Default Default elevation token
Default ElevationToken = "Default"
// Full Full elevation token
Full ElevationToken = "Full"
// Limited Limited elevation token
Limited ElevationToken = "Limited"
)
// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.
func PossibleElevationTokenValues() []ElevationToken {
return []ElevationToken{Default, Full, Limited}
}
// EntitiesMatchingMethod enumerates the values for entities matching method.
type EntitiesMatchingMethod string
const (
// All Grouping alerts into a single incident if all the entities match
All EntitiesMatchingMethod = "All"
// Custom Grouping alerts into a single incident if the selected entities match
Custom EntitiesMatchingMethod = "Custom"
// None Grouping all alerts triggered by this rule into a single incident
None EntitiesMatchingMethod = "None"
)
// PossibleEntitiesMatchingMethodValues returns an array of possible values for the EntitiesMatchingMethod const type.
func PossibleEntitiesMatchingMethodValues() []EntitiesMatchingMethod {
return []EntitiesMatchingMethod{All, Custom, None}
}
// EntityKind enumerates the values for entity kind.
type EntityKind string
const (
// EntityKindAccount Entity represents account in the system.
EntityKindAccount EntityKind = "Account"
// EntityKindAzureResource Entity represents azure resource in the system.
EntityKindAzureResource EntityKind = "AzureResource"
// EntityKindBookmark Entity represents bookmark in the system.
EntityKindBookmark EntityKind = "Bookmark"
// EntityKindCloudApplication Entity represents cloud application in the system.
EntityKindCloudApplication EntityKind = "CloudApplication"
// EntityKindDNSResolution Entity represents dns resolution in the system.
EntityKindDNSResolution EntityKind = "DnsResolution"
// EntityKindFile Entity represents file in the system.
EntityKindFile EntityKind = "File"
// EntityKindFileHash Entity represents file hash in the system.
EntityKindFileHash EntityKind = "FileHash"
// EntityKindHost Entity represents host in the system.
EntityKindHost EntityKind = "Host"
// EntityKindIoTDevice Entity represents IoT device in the system.
EntityKindIoTDevice EntityKind = "IoTDevice"
// EntityKindIP Entity represents ip in the system.
EntityKindIP EntityKind = "Ip"
// EntityKindMalware Entity represents malware in the system.
EntityKindMalware EntityKind = "Malware"
// EntityKindProcess Entity represents process in the system.
EntityKindProcess EntityKind = "Process"
// EntityKindRegistryKey Entity represents registry key in the system.
EntityKindRegistryKey EntityKind = "RegistryKey"
// EntityKindRegistryValue Entity represents registry value in the system.
EntityKindRegistryValue EntityKind = "RegistryValue"
// EntityKindSecurityAlert Entity represents security alert in the system.
EntityKindSecurityAlert EntityKind = "SecurityAlert"
// EntityKindSecurityGroup Entity represents security group in the system.
EntityKindSecurityGroup EntityKind = "SecurityGroup"
// EntityKindURL Entity represents url in the system.
EntityKindURL EntityKind = "Url"
)
// PossibleEntityKindValues returns an array of possible values for the EntityKind const type.
func PossibleEntityKindValues() []EntityKind {
return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIoTDevice, EntityKindIP, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindURL}
}
// EntityTimelineKind enumerates the values for entity timeline kind.
type EntityTimelineKind string
const (
// EntityTimelineKindActivity activity
EntityTimelineKindActivity EntityTimelineKind = "Activity"
// EntityTimelineKindBookmark bookmarks
EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
// EntityTimelineKindSecurityAlert security alerts
EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)
// PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.
func PossibleEntityTimelineKindValues() []EntityTimelineKind {
return []EntityTimelineKind{EntityTimelineKindActivity, EntityTimelineKindBookmark, EntityTimelineKindSecurityAlert}
}
// EntityType enumerates the values for entity type.
type EntityType string
const (
// EntityTypeAccount Entity represents account in the system.
EntityTypeAccount EntityType = "Account"
// EntityTypeAzureResource Entity represents azure resource in the system.
EntityTypeAzureResource EntityType = "AzureResource"
// EntityTypeCloudApplication Entity represents cloud application in the system.
EntityTypeCloudApplication EntityType = "CloudApplication"
// EntityTypeDNS Entity represents dns in the system.
EntityTypeDNS EntityType = "DNS"
// EntityTypeFile Entity represents file in the system.
EntityTypeFile EntityType = "File"
// EntityTypeFileHash Entity represents file hash in the system.
EntityTypeFileHash EntityType = "FileHash"
// EntityTypeHost Entity represents host in the system.
EntityTypeHost EntityType = "Host"
// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
// EntityTypeIoTDevice Entity represents IoT device in the system.
EntityTypeIoTDevice EntityType = "IoTDevice"
// EntityTypeIP Entity represents ip in the system.
EntityTypeIP EntityType = "IP"
// EntityTypeMalware Entity represents malware in the system.
EntityTypeMalware EntityType = "Malware"
// EntityTypeProcess Entity represents process in the system.
EntityTypeProcess EntityType = "Process"
// EntityTypeRegistryKey Entity represents registry key in the system.
EntityTypeRegistryKey EntityType = "RegistryKey"
// EntityTypeRegistryValue Entity represents registry value in the system.
EntityTypeRegistryValue EntityType = "RegistryValue"
// EntityTypeSecurityAlert Entity represents security alert in the system.
EntityTypeSecurityAlert EntityType = "SecurityAlert"
// EntityTypeSecurityGroup Entity represents security group in the system.
EntityTypeSecurityGroup EntityType = "SecurityGroup"
// EntityTypeURL Entity represents url in the system.
EntityTypeURL EntityType = "URL"
)
// PossibleEntityTypeValues returns an array of possible values for the EntityType const type.
func PossibleEntityTypeValues() []EntityType {
return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeURL}
}
// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind.
type EventGroupingAggregationKind string
const (
// AlertPerResult ...
AlertPerResult EventGroupingAggregationKind = "AlertPerResult"
// SingleAlert ...
SingleAlert EventGroupingAggregationKind = "SingleAlert"
)
// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.
func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind {
return []EventGroupingAggregationKind{AlertPerResult, SingleAlert}
}
// FileHashAlgorithm enumerates the values for file hash algorithm.
type FileHashAlgorithm string
const (
// MD5 MD5 hash type
MD5 FileHashAlgorithm = "MD5"
// SHA1 SHA1 hash type
SHA1 FileHashAlgorithm = "SHA1"
// SHA256 SHA256 hash type
SHA256 FileHashAlgorithm = "SHA256"
// SHA256AC SHA256 Authenticode hash type
SHA256AC FileHashAlgorithm = "SHA256AC"
// Unknown Unknown hash algorithm
Unknown FileHashAlgorithm = "Unknown"
)
// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.
func PossibleFileHashAlgorithmValues() []FileHashAlgorithm {
return []FileHashAlgorithm{MD5, SHA1, SHA256, SHA256AC, Unknown}
}
// GroupingEntityType enumerates the values for grouping entity type.
type GroupingEntityType string
const (
// Account Account entity
Account GroupingEntityType = "Account"
// Host Host entity
Host GroupingEntityType = "Host"
// IP Ip entity
IP GroupingEntityType = "Ip"
// URL Url entity
URL GroupingEntityType = "Url"
)
// PossibleGroupingEntityTypeValues returns an array of possible values for the GroupingEntityType const type.
func PossibleGroupingEntityTypeValues() []GroupingEntityType {
return []GroupingEntityType{Account, Host, IP, URL}
}
// IncidentClassification enumerates the values for incident classification.
type IncidentClassification string
const (
// IncidentClassificationBenignPositive Incident was benign positive
IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
// IncidentClassificationFalsePositive Incident was false positive
IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
// IncidentClassificationTruePositive Incident was true positive
IncidentClassificationTruePositive IncidentClassification = "TruePositive"
// IncidentClassificationUndetermined Incident classification was undetermined
IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)
// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.
func PossibleIncidentClassificationValues() []IncidentClassification {
return []IncidentClassification{IncidentClassificationBenignPositive, IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUndetermined}
}
// IncidentClassificationReason enumerates the values for incident classification reason.
type IncidentClassificationReason string
const (
// InaccurateData Classification reason was inaccurate data
InaccurateData IncidentClassificationReason = "InaccurateData"
// IncorrectAlertLogic Classification reason was incorrect alert logic
IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
// SuspiciousActivity Classification reason was suspicious activity
SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
// SuspiciousButExpected Classification reason was suspicious but expected
SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)
// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.
func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason {
return []IncidentClassificationReason{InaccurateData, IncorrectAlertLogic, SuspiciousActivity, SuspiciousButExpected}
}
// IncidentLabelType enumerates the values for incident label type.
type IncidentLabelType string
const (
// System Label automatically created by the system
System IncidentLabelType = "System"
// User Label manually created by a user
User IncidentLabelType = "User"
)
// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.
func PossibleIncidentLabelTypeValues() []IncidentLabelType {
return []IncidentLabelType{System, User}
}
// IncidentSeverity enumerates the values for incident severity.
type IncidentSeverity string
const (
// IncidentSeverityHigh High severity
IncidentSeverityHigh IncidentSeverity = "High"
// IncidentSeverityInformational Informational severity
IncidentSeverityInformational IncidentSeverity = "Informational"
// IncidentSeverityLow Low severity
IncidentSeverityLow IncidentSeverity = "Low"
// IncidentSeverityMedium Medium severity
IncidentSeverityMedium IncidentSeverity = "Medium"
)
// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.
func PossibleIncidentSeverityValues() []IncidentSeverity {
return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium}
}
// IncidentStatus enumerates the values for incident status.
type IncidentStatus string
const (
// IncidentStatusActive An active incident which is being handled
IncidentStatusActive IncidentStatus = "Active"
// IncidentStatusClosed A non-active incident
IncidentStatusClosed IncidentStatus = "Closed"
// IncidentStatusNew An active incident which isn't being handled currently
IncidentStatusNew IncidentStatus = "New"
)
// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.
func PossibleIncidentStatusValues() []IncidentStatus {
return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew}
}
// KillChainIntent enumerates the values for kill chain intent.
type KillChainIntent string
const (
// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
// such as sensitive files, from a target network prior to exfiltration. This category also covers
// locations on a system or network where the adversary may look for information to exfiltrate.
KillChainIntentCollection KillChainIntent = "Collection"
// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
// with systems under their control within a target network.
KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
// control over system, domain, or service credentials that are used within an enterprise environment.
// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
// (local system administrator or domain users with administrator access) to use within the network. With
// sufficient access within a network, an adversary can create accounts for later use within the
// environment.
KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
// in other categories that have the added benefit of subverting a particular defense or mitigation.
KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
// about the system and internal network. When adversaries gain access to a new system, they must orient
// themselves to what they now have control of and what benefits operating from that system give to their
// current objective or overall goals during the intrusion. The operating system provides many native tools
// that aid in this post-compromise information-gathering phase.
KillChainIntentDiscovery KillChainIntent = "Discovery"
// KillChainIntentExecution The execution tactic represents techniques that result in execution of
// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
// lateral movement to expand access to remote systems on a network.
KillChainIntentExecution KillChainIntent = "Execution"
// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
// adversary removing files and information from a target network. This category also covers locations on a
// system or network where the adversary may look for information to exfiltrate.
KillChainIntentExfiltration KillChainIntent = "Exfiltration"
// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
// user accounts, certificates etc. Adversaries will often be able to control the resource after this
// stage.
KillChainIntentExploitation KillChainIntent = "Exploitation"
// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
// integrity of a system, service, or network; including manipulation of data to impact a business or
// operational process. This would often refer to techniques such as ransom-ware, defacement, data
// manipulation and others.
KillChainIntentImpact KillChainIntent = "Impact"
// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
// access and control remote systems on a network and could, but does not necessarily, include execution of
// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
// from a system without needing additional tools, such as a remote access tool. An adversary can use
// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
// access to specific information or files, access to additional credentials, or to cause an effect.
KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
// to systems through interruptions such as system restarts, loss of credentials, or other failures that
// would require a remote access tool to restart or alternate backdoor for them to regain access.
KillChainIntentPersistence KillChainIntent = "Persistence"
// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
// higher level of privilege to work and are likely necessary at many points throughout an operation. User
// accounts with permissions to access specific systems or perform specific functions necessary for
// adversaries to achieve their objective may also be considered an escalation of privilege.
KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
// malicious intent or a failed attempt to gain access to a target system to gather information prior to
// exploitation. This step is usually detected as an attempt originating from outside the network in
// attempt to scan the target system and find a way in.
KillChainIntentProbing KillChainIntent = "Probing"
// KillChainIntentUnknown The default value.
KillChainIntentUnknown KillChainIntent = "Unknown"
)
// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.
func PossibleKillChainIntentValues() []KillChainIntent {
return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown}
}
// Kind enumerates the values for kind.
type Kind string
const (
// KindAggregations ...
KindAggregations Kind = "Aggregations"
// KindCasesAggregation ...
KindCasesAggregation Kind = "CasesAggregation"
)
// PossibleKindValues returns an array of possible values for the Kind const type.
func PossibleKindValues() []Kind {
return []Kind{KindAggregations, KindCasesAggregation}
}
// KindBasicAlertRule enumerates the values for kind basic alert rule.
type KindBasicAlertRule string
const (
// KindAlertRule ...
KindAlertRule KindBasicAlertRule = "AlertRule"
// KindFusion ...
KindFusion KindBasicAlertRule = "Fusion"
// KindMicrosoftSecurityIncidentCreation ...
KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation"
// KindScheduled ...
KindScheduled KindBasicAlertRule = "Scheduled"
)
// PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.
func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule {
return []KindBasicAlertRule{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled}
}
// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template.
type KindBasicAlertRuleTemplate string
const (
// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
// KindBasicAlertRuleTemplateKindFusion ...
KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
// KindBasicAlertRuleTemplateKindScheduled ...
KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
)
// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.
func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate {
return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled}
}
// KindBasicDataConnector enumerates the values for kind basic data connector.
type KindBasicDataConnector string
const (
// KindAmazonWebServicesCloudTrail ...
KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
// KindAzureActiveDirectory ...
KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
// KindAzureAdvancedThreatProtection ...
KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
// KindAzureSecurityCenter ...
KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
// KindDataConnector ...
KindDataConnector KindBasicDataConnector = "DataConnector"
// KindMicrosoftCloudAppSecurity ...
KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
// KindMicrosoftDefenderAdvancedThreatProtection ...
KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
// KindOffice365 ...
KindOffice365 KindBasicDataConnector = "Office365"
// KindOfficeATP ...
KindOfficeATP KindBasicDataConnector = "OfficeATP"
// KindThreatIntelligence ...
KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
// KindThreatIntelligenceTaxii ...
KindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii"
)
// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.
func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector {
return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindOfficeATP, KindThreatIntelligence, KindThreatIntelligenceTaxii}
}
// KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check
// requirements.
type KindBasicDataConnectorsCheckRequirements string
const (
// KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ...
KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail"
// KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ...
KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory"
// KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ...
KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection"
// KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ...
KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter"
// KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ...
KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements"
// KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ...
KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity"
// KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ...
KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection"
// KindBasicDataConnectorsCheckRequirementsKindOfficeATP ...
KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP"
// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ...
KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence"
// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ...
KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii"
)
// PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type.
func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements {
return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii}
}
// KindBasicEntity enumerates the values for kind basic entity.
type KindBasicEntity string
const (
// KindAccount ...
KindAccount KindBasicEntity = "Account"
// KindAzureResource ...
KindAzureResource KindBasicEntity = "AzureResource"
// KindBookmark ...
KindBookmark KindBasicEntity = "Bookmark"
// KindCloudApplication ...
KindCloudApplication KindBasicEntity = "CloudApplication"
// KindDNSResolution ...
KindDNSResolution KindBasicEntity = "DnsResolution"
// KindEntity ...
KindEntity KindBasicEntity = "Entity"
// KindFile ...
KindFile KindBasicEntity = "File"
// KindFileHash ...
KindFileHash KindBasicEntity = "FileHash"
// KindHost ...
KindHost KindBasicEntity = "Host"
// KindIoTDevice ...
KindIoTDevice KindBasicEntity = "IoTDevice"
// KindIP ...
KindIP KindBasicEntity = "Ip"
// KindMalware ...
KindMalware KindBasicEntity = "Malware"
// KindProcess ...
KindProcess KindBasicEntity = "Process"
// KindRegistryKey ...
KindRegistryKey KindBasicEntity = "RegistryKey"
// KindRegistryValue ...
KindRegistryValue KindBasicEntity = "RegistryValue"
// KindSecurityAlert ...
KindSecurityAlert KindBasicEntity = "SecurityAlert"
// KindSecurityGroup ...
KindSecurityGroup KindBasicEntity = "SecurityGroup"
// KindURL ...
KindURL KindBasicEntity = "Url"
)
// PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.
func PossibleKindBasicEntityValues() []KindBasicEntity {
return []KindBasicEntity{KindAccount, KindAzureResource, KindBookmark, KindCloudApplication, KindDNSResolution, KindEntity, KindFile, KindFileHash, KindHost, KindIoTDevice, KindIP, KindMalware, KindProcess, KindRegistryKey, KindRegistryValue, KindSecurityAlert, KindSecurityGroup, KindURL}
}
// KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item.
type KindBasicEntityTimelineItem string
const (
// KindBasicEntityTimelineItemKindActivity ...
KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity"
// KindBasicEntityTimelineItemKindBookmark ...
KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark"
// KindBasicEntityTimelineItemKindEntityTimelineItem ...
KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem"
// KindBasicEntityTimelineItemKindSecurityAlert ...
KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert"
)
// PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type.
func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem {
return []KindBasicEntityTimelineItem{KindBasicEntityTimelineItemKindActivity, KindBasicEntityTimelineItemKindBookmark, KindBasicEntityTimelineItemKindEntityTimelineItem, KindBasicEntityTimelineItemKindSecurityAlert}
}
// KindBasicSettings enumerates the values for kind basic settings.
type KindBasicSettings string
const (
// KindEntityAnalytics ...
KindEntityAnalytics KindBasicSettings = "EntityAnalytics"
// KindEyesOn ...
KindEyesOn KindBasicSettings = "EyesOn"
// KindSettings ...
KindSettings KindBasicSettings = "Settings"
// KindUeba ...
KindUeba KindBasicSettings = "Ueba"
)
// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.
func PossibleKindBasicSettingsValues() []KindBasicSettings {
return []KindBasicSettings{KindEntityAnalytics, KindEyesOn, KindSettings, KindUeba}
}
// KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information.
type KindBasicThreatIntelligenceInformation string
const (
// KindIndicator ...
KindIndicator KindBasicThreatIntelligenceInformation = "indicator"
// KindThreatIntelligenceInformation ...
KindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation"
)
// PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type.
func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation {
return []KindBasicThreatIntelligenceInformation{KindIndicator, KindThreatIntelligenceInformation}
}
// MicrosoftSecurityProductName enumerates the values for microsoft security product name.
type MicrosoftSecurityProductName string
const (
// AzureActiveDirectoryIdentityProtection ...
AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
// AzureAdvancedThreatProtection ...
AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
// AzureSecurityCenter ...
AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
// AzureSecurityCenterforIoT ...
AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT"
// MicrosoftCloudAppSecurity ...
MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
// MicrosoftDefenderAdvancedThreatProtection ...
MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
// Office365AdvancedThreatProtection ...
Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)
// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.
func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName {
return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity, MicrosoftDefenderAdvancedThreatProtection, Office365AdvancedThreatProtection}
}
// OSFamily enumerates the values for os family.
type OSFamily string
const (
// Android Host with Android operating system.
Android OSFamily = "Android"
// IOS Host with IOS operating system.
IOS OSFamily = "IOS"
// Linux Host with Linux operating system.
Linux OSFamily = "Linux"
// Windows Host with Windows operating system.
Windows OSFamily = "Windows"
)
// PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.
func PossibleOSFamilyValues() []OSFamily {
return []OSFamily{Android, IOS, Linux, Windows}
}
// RegistryHive enumerates the values for registry hive.
type RegistryHive string
const (
// HKEYA HKEY_A
HKEYA RegistryHive = "HKEY_A"
// HKEYCLASSESROOT HKEY_CLASSES_ROOT
HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
// HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG
HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
// HKEYCURRENTUSER HKEY_CURRENT_USER
HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
// HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS
HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
// HKEYLOCALMACHINE HKEY_LOCAL_MACHINE
HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
// HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA
HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
// HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT
HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
// HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT
HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
// HKEYUSERS HKEY_USERS
HKEYUSERS RegistryHive = "HKEY_USERS"
)
// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.
func PossibleRegistryHiveValues() []RegistryHive {
return []RegistryHive{HKEYA, HKEYCLASSESROOT, HKEYCURRENTCONFIG, HKEYCURRENTUSER, HKEYCURRENTUSERLOCALSETTINGS, HKEYLOCALMACHINE, HKEYPERFORMANCEDATA, HKEYPERFORMANCENLSTEXT, HKEYPERFORMANCETEXT, HKEYUSERS}
}
// RegistryValueKind enumerates the values for registry value kind.
type RegistryValueKind string
const (
// RegistryValueKindBinary Binary value type
RegistryValueKindBinary RegistryValueKind = "Binary"
// RegistryValueKindDWord DWord value type
RegistryValueKindDWord RegistryValueKind = "DWord"
// RegistryValueKindExpandString ExpandString value type
RegistryValueKindExpandString RegistryValueKind = "ExpandString"
// RegistryValueKindMultiString MultiString value type
RegistryValueKindMultiString RegistryValueKind = "MultiString"
// RegistryValueKindNone None
RegistryValueKindNone RegistryValueKind = "None"
// RegistryValueKindQWord QWord value type
RegistryValueKindQWord RegistryValueKind = "QWord"
// RegistryValueKindString String value type
RegistryValueKindString RegistryValueKind = "String"
// RegistryValueKindUnknown Unknown value type
RegistryValueKindUnknown RegistryValueKind = "Unknown"
)
// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.
func PossibleRegistryValueKindValues() []RegistryValueKind {
return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown}
}
// RelationNodeKind enumerates the values for relation node kind.
type RelationNodeKind string
const (
// RelationNodeKindBookmark Bookmark node part of the relation
RelationNodeKindBookmark RelationNodeKind = "Bookmark"
// RelationNodeKindCase Case node part of the relation
RelationNodeKindCase RelationNodeKind = "Case"
)
// PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.
func PossibleRelationNodeKindValues() []RelationNodeKind {
return []RelationNodeKind{RelationNodeKindBookmark, RelationNodeKindCase}
}
// RelationTypes enumerates the values for relation types.
type RelationTypes string
const (
// CasesToBookmarks Relations between cases and bookmarks
CasesToBookmarks RelationTypes = "CasesToBookmarks"
)
// PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.
func PossibleRelationTypesValues() []RelationTypes {
return []RelationTypes{CasesToBookmarks}
}