From 37f057421847e810b23f786d35cf9373dca4b4e2 Mon Sep 17 00:00:00 2001 From: Jiahui Peng <46921893+Alancere@users.noreply.github.com> Date: Wed, 8 Jun 2022 20:57:56 +0800 Subject: [PATCH] [Release] sdk/resourcemanager/securityinsights/armsecurityinsights/2.0.0-beta.1 generation from spec commit: 792db17291c758b2bfdbbc0d35d0e2f5b5a1bd05 (#18229) --- .../armsecurityinsights/CHANGELOG.md | 883 +++ .../armsecurityinsights/autorest.md | 7 +- .../armsecurityinsights/go.mod | 2 +- ...e_generated_example_actions_client_test.go | 10 +- ...enerated_example_alertrules_client_test.go | 237 +- ..._example_alertruletemplates_client_test.go | 6 +- ...ted_example_automationrules_client_test.go | 10 +- ..._generated_example_bookmark_client_test.go | 48 + ...d_example_bookmarkrelations_client_test.go | 124 + ...generated_example_bookmarks_client_test.go | 27 +- ...ated_example_dataconnectors_client_test.go | 181 +- ...connectorscheckrequirements_client_test.go | 46 + ...nerated_example_domainwhois_client_test.go | 39 + ..._generated_example_entities_client_test.go | 151 + ...example_entitiesgettimeline_client_test.go | 48 + ...d_example_entitiesrelations_client_test.go | 48 + ...rated_example_entityqueries_client_test.go | 140 + ...xample_entityquerytemplates_client_test.go | 67 + ...ted_example_entityrelations_client_test.go | 41 + ...ed_example_incidentcomments_client_test.go | 10 +- ...d_example_incidentrelations_client_test.go | 12 +- ...generated_example_incidents_client_test.go | 64 +- ...generated_example_ipgeodata_client_test.go | 39 + ..._generated_example_metadata_client_test.go | 228 + ...ated_example_officeconsents_client_test.go | 87 + ...enerated_example_operations_client_test.go | 4 +- ...ted_example_productsettings_client_test.go | 112 + ...securitymlanalyticssettings_client_test.go | 181 + ...le_sentinelonboardingstates_client_test.go | 10 +- ...rated_example_sourcecontrol_client_test.go | 44 + ...ated_example_sourcecontrols_client_test.go | 136 + ...threatintelligenceindicator_client_test.go | 30 +- ...ntelligenceindicatormetrics_client_test.go | 4 +- ...hreatintelligenceindicators_client_test.go | 6 +- ...ated_example_watchlistitems_client_test.go | 10 +- ...enerated_example_watchlists_client_test.go | 13 +- .../zz_generated_actions_client.go | 16 +- .../zz_generated_alertrules_client.go | 16 +- .../zz_generated_alertruletemplates_client.go | 8 +- .../zz_generated_automationrules_client.go | 24 +- .../zz_generated_bookmark_client.go | 117 + .../zz_generated_bookmarkrelations_client.go | 334 + .../zz_generated_bookmarks_client.go | 16 +- .../zz_generated_constants.go | 1029 ++- .../zz_generated_dataconnectors_client.go | 122 +- ..._dataconnectorscheckrequirements_client.go | 113 + .../zz_generated_date_type.go | 59 + .../zz_generated_domainwhois_client.go | 108 + .../zz_generated_entities_client.go | 372 + ...zz_generated_entitiesgettimeline_client.go | 118 + .../zz_generated_entitiesrelations_client.go | 142 + .../zz_generated_entityqueries_client.go | 303 + ...z_generated_entityquerytemplates_client.go | 190 + .../zz_generated_entityrelations_client.go | 122 + .../zz_generated_incidentcomments_client.go | 24 +- .../zz_generated_incidentrelations_client.go | 24 +- .../zz_generated_incidents_client.go | 165 +- .../zz_generated_ipgeodata_client.go | 108 + .../zz_generated_metadata_client.go | 374 + .../zz_generated_models.go | 6738 ++++++++++++++--- .../zz_generated_models_serde.go | 6384 +++++++++++++--- .../zz_generated_officeconsents_client.go | 237 + .../zz_generated_operations_client.go | 4 +- .../zz_generated_polymorphic_helpers.go | 320 +- .../zz_generated_productsettings_client.go | 286 + .../zz_generated_response_types.go | 321 +- ...ated_securitymlanalyticssettings_client.go | 303 + ...nerated_sentinelonboardingstates_client.go | 16 +- .../zz_generated_sourcecontrol_client.go | 126 + .../zz_generated_sourcecontrols_client.go | 299 + ...ated_threatintelligenceindicator_client.go | 28 +- ...reatintelligenceindicatormetrics_client.go | 4 +- ...ted_threatintelligenceindicators_client.go | 10 +- .../zz_generated_watchlistitems_client.go | 36 +- .../zz_generated_watchlists_client.go | 47 +- 75 files changed, 19355 insertions(+), 2813 deletions(-) create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmark_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarkrelations_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectorscheckrequirements_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_domainwhois_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entities_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesgettimeline_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesrelations_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityqueries_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityquerytemplates_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityrelations_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_ipgeodata_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_metadata_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_officeconsents_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_productsettings_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_securitymlanalyticssettings_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrol_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrols_client_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmark_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarkrelations_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectorscheckrequirements_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_date_type.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_domainwhois_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entities_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesgettimeline_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesrelations_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityqueries_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityquerytemplates_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityrelations_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_ipgeodata_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_metadata_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_officeconsents_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_productsettings_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_securitymlanalyticssettings_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrol_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrols_client.go diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md b/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md index 7a1ac657d465..52c043d1131d 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md @@ -1,5 +1,888 @@ # Release History +## 2.0.0-beta.1 (2022-05-24) +### Breaking Changes + +- Type of `IncidentEntitiesResultsMetadata.EntityKind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `FileHashEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `HuntingBookmark.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `WatchlistProperties.Source` has been changed from `*Source` to `*string` +- Type of `MailMessageEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `DNSEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `WatchlistItemProperties.EntityMapping` has been changed from `interface{}` to `map[string]interface{}` +- Type of `WatchlistItemProperties.ItemsKeyValue` has been changed from `interface{}` to `map[string]interface{}` +- Type of `ThreatIntelligenceIndicatorModel.Kind` has been changed from `*ThreatIntelligenceResourceInnerKind` to `*ThreatIntelligenceResourceKindEnum` +- Type of `Entity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `HostEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `IPEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `RegistryValueEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `SubmissionMailEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `MailClusterEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `ProcessEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `IncidentPropertiesAction.Owner` has been changed from `*IncidentOwnerInfoAutoGenerated` to `*IncidentOwnerInfo` +- Type of `URLEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `ThreatIntelligenceSortingCriteria.SortOrder` has been changed from `*ThreatIntelligenceSortingOrder` to `*ThreatIntelligenceSortingCriteriaEnum` +- Type of `SecurityGroupEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `RegistryKeyEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `AccountEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `ThreatIntelligenceInformation.Kind` has been changed from `*ThreatIntelligenceResourceInnerKind` to `*ThreatIntelligenceResourceKindEnum` +- Type of `MailboxEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `SecurityAlert.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `FileEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `MalwareEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `CloudApplicationEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `IoTDeviceEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Type of `AzureResourceEntity.Kind` has been changed from `*EntityKindEnum` to `*EntityKind` +- Const `EntityKindEnumBookmark` has been removed +- Const `EntityKindEnumAzureResource` has been removed +- Const `EntityKindEnumFileHash` has been removed +- Const `EntityKindEnumRegistryValue` has been removed +- Const `EntityKindEnumSubmissionMail` has been removed +- Const `EntityKindEnumMailMessage` has been removed +- Const `EntityKindEnumIP` has been removed +- Const `EntityKindEnumCloudApplication` has been removed +- Const `EntityKindEnumFile` has been removed +- Const `EntityKindEnumSecurityGroup` has been removed +- Const `SourceLocalFile` has been removed +- Const `EntityKindEnumMailbox` has been removed +- Const `EntityKindEnumIoTDevice` has been removed +- Const `ThreatIntelligenceResourceInnerKindIndicator` has been removed +- Const `EntityKindEnumMalware` has been removed +- Const `ThreatIntelligenceSortingOrderDescending` has been removed +- Const `EntityKindEnumDNSResolution` has been removed +- Const `EntityKindEnumProcess` has been removed +- Const `EntityKindEnumRegistryKey` has been removed +- Const `ThreatIntelligenceSortingOrderUnsorted` has been removed +- Const `SourceRemoteStorage` has been removed +- Const `EntityKindEnumURL` has been removed +- Const `ThreatIntelligenceSortingOrderAscending` has been removed +- Const `EntityKindEnumAccount` has been removed +- Const `EntityKindEnumHost` has been removed +- Const `EntityKindEnumSecurityAlert` has been removed +- Const `EntityKindEnumMailCluster` has been removed +- Function `PossibleEntityKindEnumValues` has been removed +- Function `PossibleSourceValues` has been removed +- Function `PossibleThreatIntelligenceResourceInnerKindValues` has been removed +- Function `PossibleThreatIntelligenceSortingOrderValues` has been removed +- Struct `IncidentOwnerInfoAutoGenerated` has been removed + +### Features Added + +- New const `EntityKindIP` +- New const `EntityKindURL` +- New const `SupportTierCommunity` +- New const `EntityKindMailbox` +- New const `DataConnectorKindOfficeATP` +- New const `EntityTimelineKindBookmark` +- New const `KindAnalyticsRule` +- New const `SettingTypeInfoMessage` +- New const `DeploymentResultFailed` +- New const `UebaDataSourcesAzureActivity` +- New const `EntityTypeFileHash` +- New const `EntityKindRegistryKey` +- New const `SettingKindUeba` +- New const `SettingKindAnomalies` +- New const `KindWorkbookTemplate` +- New const `SourceKindLocalWorkspace` +- New const `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts` +- New const `KindSolution` +- New const `ConditionTypePropertyArrayChanged` +- New const `EntityTypeRegistryKey` +- New const `EntityKindFileHash` +- New const `ConnectAuthKindBasic` +- New const `EntityTypeURL` +- New const `DataConnectorLicenseStateUnknown` +- New const `EntityQueryKindActivity` +- New const `EntityTypeSecurityAlert` +- New const `EntityTimelineKindActivity` +- New const `EntityTypeCloudApplication` +- New const `DeploymentStateInProgress` +- New const `EntityKindBookmark` +- New const `Enum13Expansion` +- New const `MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection` +- New const `EntityKindRegistryValue` +- New const `DataConnectorKindThreatIntelligenceTaxii` +- New const `EntityKindMailMessage` +- New const `DataConnectorKindOffice365Project` +- New const `SecurityMLAnalyticsSettingsKindAnomaly` +- New const `EntityKindSecurityAlert` +- New const `VersionV2` +- New const `ConnectivityTypeIsConnectedQuery` +- New const `EntityTypeIP` +- New const `DataConnectorKindOfficePowerBI` +- New const `PermissionProviderScopeSubscription` +- New const `PollingFrequencyOnceADay` +- New const `EntityTypeIoTDevice` +- New const `SourceKindCommunity` +- New const `DeploymentFetchStatusSuccess` +- New const `SupportTierPartner` +- New const `KindHuntingQuery` +- New const `EntityQueryKindExpansion` +- New const `RepoTypeDevOps` +- New const `UebaDataSourcesSecurityEvent` +- New const `DeploymentFetchStatusNotFound` +- New const `EntityTypeMailbox` +- New const `ContentTypeWorkbook` +- New const `DataConnectorKindMicrosoftThreatIntelligence` +- New const `SettingTypeCopyableLabel` +- New const `EntityTypeSubmissionMail` +- New const `GetInsightsErrorInsight` +- New const `EntityKindDNSResolution` +- New const `MicrosoftSecurityProductNameOffice365AdvancedThreatProtection` +- New const `KindAzureFunction` +- New const `EntityTypeFile` +- New const `TriggersWhenUpdated` +- New const `ProviderNameMicrosoftOperationalInsightsWorkspaces` +- New const `ConnectAuthKindOAuth2` +- New const `AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded` +- New const `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments` +- New const `DataConnectorKindGenericUI` +- New const `EntityProvidersActiveDirectory` +- New const `KindAutomationRule` +- New const `AlertRuleKindThreatIntelligence` +- New const `EntityProvidersAzureActiveDirectory` +- New const `EntityTypeAccount` +- New const `ConditionTypePropertyChanged` +- New const `OutputTypeNumber` +- New const `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics` +- New const `EntityKindIoTDevice` +- New const `SettingTypeInstructionStepsGroup` +- New const `Enum15Activity` +- New const `AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo` +- New const `ThreatIntelligenceSortingCriteriaEnumDescending` +- New const `DataConnectorKindIOT` +- New const `SourceKindSourceRepository` +- New const `EntityQueryTemplateKindActivity` +- New const `DeploymentResultSuccess` +- New const `PollingFrequencyOnceAMinute` +- New const `SourceTypeRemoteStorage` +- New const `ContentTypeAnalyticRule` +- New const `DeploymentFetchStatusUnauthorized` +- New const `DeploymentStateCompleted` +- New const `ProviderNameMicrosoftAuthorizationPolicyAssignments` +- New const `DataConnectorAuthorizationStateInvalid` +- New const `EntityTypeProcess` +- New const `UebaDataSourcesAuditLogs` +- New const `DeploymentStateCanceling` +- New const `AttackTacticReconnaissance` +- New const `EntityTypeMalware` +- New const `AttackTacticImpairProcessControl` +- New const `EntityKindAccount` +- New const `OperatorAND` +- New const `DataConnectorKindOfficeIRM` +- New const `OutputTypeEntity` +- New const `EntityKindAzureResource` +- New const `CustomEntityQueryKindActivity` +- New const `KindParser` +- New const `ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys` +- New const `OutputTypeDate` +- New const `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity` +- New const `EntityTimelineKindAnomaly` +- New const `KindDataConnector` +- New const `EntityQueryKindInsight` +- New const `RepoTypeGithub` +- New const `DataConnectorKindAPIPolling` +- New const `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner` +- New const `KindDataType` +- New const `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus` +- New const `EntityKindCloudApplication` +- New const `KindWatchlist` +- New const `KindPlaybookTemplate` +- New const `EntityTypeSecurityGroup` +- New const `EntityTypeHuntingBookmark` +- New const `AlertRuleKindMLBehaviorAnalytics` +- New const `EntityKindHost` +- New const `EntityTypeHost` +- New const `SettingKindEyesOn` +- New const `ThreatIntelligenceSortingCriteriaEnumAscending` +- New const `EntityTimelineKindSecurityAlert` +- New const `SettingsStatusProduction` +- New const `SourceTypeLocalFile` +- New const `PollingFrequencyOnceAnHour` +- New const `SettingsStatusFlighting` +- New const `DataConnectorLicenseStateInvalid` +- New const `AttackTacticResourceDevelopment` +- New const `OperatorOR` +- New const `EntityTypeRegistryValue` +- New const `ProviderNameMicrosoftOperationalInsightsSolutions` +- New const `AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom` +- New const `KindWorkbook` +- New const `UebaDataSourcesSigninLogs` +- New const `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels` +- New const `DeploymentResultCanceled` +- New const `OutputTypeString` +- New const `KindInvestigationQuery` +- New const `ThreatIntelligenceResourceKindEnumIndicator` +- New const `SettingKindEntityAnalytics` +- New const `EntityItemQueryKindInsight` +- New const `ProviderNameMicrosoftAadiamDiagnosticSettings` +- New const `Enum13Activity` +- New const `EntityTypeMailCluster` +- New const `DeploymentStateQueued` +- New const `EntityTypeMailMessage` +- New const `SupportTierMicrosoft` +- New const `EntityTypeDNS` +- New const `EntityKindSecurityGroup` +- New const `DataConnectorKindDynamics365` +- New const `ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources` +- New const `KindWatchlistTemplate` +- New const `EntityKindSubmissionMail` +- New const `ThreatIntelligenceSortingCriteriaEnumUnsorted` +- New const `EntityKindMalware` +- New const `AlertRuleKindNRT` +- New const `DataConnectorAuthorizationStateValid` +- New const `PermissionProviderScopeWorkspace` +- New const `DataConnectorLicenseStateValid` +- New const `EntityKindProcess` +- New const `SourceKindSolution` +- New const `ConnectAuthKindAPIKey` +- New const `EntityKindMailCluster` +- New const `PermissionProviderScopeResourceGroup` +- New const `KindAnalyticsRuleTemplate` +- New const `DataConnectorKindMicrosoftThreatProtection` +- New const `VersionV1` +- New const `EntityTypeAzureResource` +- New const `DataConnectorKindAmazonWebServicesS3` +- New const `KindPlaybook` +- New const `KindLogicAppsCustomConnector` +- New const `EntityKindFile` +- New const `AttackTacticInhibitResponseFunction` +- New function `PossibleGetInsightsErrorValues() []GetInsightsError` +- New function `MSTIDataConnector.MarshalJSON() ([]byte, error)` +- New function `*MetadataPropertiesPatch.UnmarshalJSON([]byte) error` +- New function `*NrtAlertRule.GetAlertRule() *AlertRule` +- New function `*EntityQueriesClientCreateOrUpdateResponse.UnmarshalJSON([]byte) error` +- New function `*NrtAlertRuleTemplateProperties.UnmarshalJSON([]byte) error` +- New function `*SettingList.UnmarshalJSON([]byte) error` +- New function `*ActivityEntityQueryTemplate.GetEntityQueryTemplate() *EntityQueryTemplate` +- New function `CodelessUIConnectorConfigPropertiesInstructionStepsItem.MarshalJSON() ([]byte, error)` +- New function `AwsCloudTrailCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `MetadataProperties.MarshalJSON() ([]byte, error)` +- New function `*ASCCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*AnomalyTimelineItem.UnmarshalJSON([]byte) error` +- New function `*PropertyArrayChangedConditionProperties.UnmarshalJSON([]byte) error` +- New function `*Deployment.UnmarshalJSON([]byte) error` +- New function `*MCASCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*EntityQueryTemplatesClientGetResponse.UnmarshalJSON([]byte) error` +- New function `*EntityGetInsightsParameters.UnmarshalJSON([]byte) error` +- New function `*EntityTimelineItem.GetEntityTimelineItem() *EntityTimelineItem` +- New function `*BookmarkExpandResponseValue.UnmarshalJSON([]byte) error` +- New function `PossibleRepoTypeValues() []RepoType` +- New function `*DataConnectorsClient.Connect(context.Context, string, string, string, DataConnectorConnectBody, *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error)` +- New function `*IncidentsClient.CreateTeam(context.Context, string, string, string, TeamProperties, *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error)` +- New function `AnomalySecurityMLAnalyticsSettingsProperties.MarshalJSON() ([]byte, error)` +- New function `*MTPDataConnector.GetDataConnector() *DataConnector` +- New function `*MTPDataConnector.UnmarshalJSON([]byte) error` +- New function `*GetQueriesResponse.UnmarshalJSON([]byte) error` +- New function `MetadataPatch.MarshalJSON() ([]byte, error)` +- New function `PossibleKindValues() []Kind` +- New function `PossiblePollingFrequencyValues() []PollingFrequency` +- New function `PossibleConnectAuthKindValues() []ConnectAuthKind` +- New function `*ActivityCustomEntityQuery.GetCustomEntityQuery() *CustomEntityQuery` +- New function `EntityGetInsightsParameters.MarshalJSON() ([]byte, error)` +- New function `ExpansionEntityQueriesProperties.MarshalJSON() ([]byte, error)` +- New function `PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedArrayType` +- New function `*OfficeIRMCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*CodelessAPIPollingDataConnector.GetDataConnector() *DataConnector` +- New function `PropertyChangedConditionProperties.MarshalJSON() ([]byte, error)` +- New function `FusionTemplateSourceSetting.MarshalJSON() ([]byte, error)` +- New function `PossibleOutputTypeValues() []OutputType` +- New function `OfficeATPCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `Repository.MarshalJSON() ([]byte, error)` +- New function `EntityTimelineParameters.MarshalJSON() ([]byte, error)` +- New function `*ThreatIntelligenceAlertRule.GetAlertRule() *AlertRule` +- New function `*DataConnectorsCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*MLBehaviorAnalyticsAlertRuleProperties.UnmarshalJSON([]byte) error` +- New function `OfficePowerBICheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*ThreatIntelligenceAlertRuleProperties.UnmarshalJSON([]byte) error` +- New function `ActivityEntityQueryTemplateProperties.MarshalJSON() ([]byte, error)` +- New function `*MSTICheckRequirements.UnmarshalJSON([]byte) error` +- New function `PossibleDeploymentStateValues() []DeploymentState` +- New function `ActivityEntityQueriesProperties.MarshalJSON() ([]byte, error)` +- New function `*Office365ProjectDataConnector.GetDataConnector() *DataConnector` +- New function `*IoTDataConnector.GetDataConnector() *DataConnector` +- New function `*MtpCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*EntityList.UnmarshalJSON([]byte) error` +- New function `*ProductSettingsClientGetResponse.UnmarshalJSON([]byte) error` +- New function `*ProductSettingsClientUpdateResponse.UnmarshalJSON([]byte) error` +- New function `Deployment.MarshalJSON() ([]byte, error)` +- New function `TeamProperties.MarshalJSON() ([]byte, error)` +- New function `AlertRuleTemplatePropertiesBase.MarshalJSON() ([]byte, error)` +- New function `*TiTaxiiCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*ActivityEntityQueriesProperties.UnmarshalJSON([]byte) error` +- New function `EntityAnalyticsProperties.MarshalJSON() ([]byte, error)` +- New function `*InsightQueryItem.GetEntityQueryItem() *EntityQueryItem` +- New function `FusionSubTypeSeverityFilter.MarshalJSON() ([]byte, error)` +- New function `FusionTemplateSubTypeSeverityFilter.MarshalJSON() ([]byte, error)` +- New function `*PropertyChangedConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*OfficeIRMDataConnector.GetDataConnector() *DataConnector` +- New function `PossibleProviderNameValues() []ProviderName` +- New function `*Anomalies.UnmarshalJSON([]byte) error` +- New function `*AADCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*OfficePowerBIDataConnector.UnmarshalJSON([]byte) error` +- New function `PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind` +- New function `NrtAlertRuleTemplate.MarshalJSON() ([]byte, error)` +- New function `PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind` +- New function `*NrtAlertRuleProperties.UnmarshalJSON([]byte) error` +- New function `*EntityTimelineParameters.UnmarshalJSON([]byte) error` +- New function `ThreatIntelligenceAlertRuleTemplate.MarshalJSON() ([]byte, error)` +- New function `MLBehaviorAnalyticsAlertRuleProperties.MarshalJSON() ([]byte, error)` +- New function `CodelessConnectorPollingResponseProperties.MarshalJSON() ([]byte, error)` +- New function `PossibleEntityItemQueryKindValues() []EntityItemQueryKind` +- New function `*EntityQueryTemplateList.UnmarshalJSON([]byte) error` +- New function `*TiTaxiiDataConnector.UnmarshalJSON([]byte) error` +- New function `MDATPCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*Dynamics365DataConnector.UnmarshalJSON([]byte) error` +- New function `*EntityQueriesClientGetResponse.UnmarshalJSON([]byte) error` +- New function `DataConnectorConnectBody.MarshalJSON() ([]byte, error)` +- New function `*MtpCheckRequirements.UnmarshalJSON([]byte) error` +- New function `ExpansionEntityQuery.MarshalJSON() ([]byte, error)` +- New function `*IoTCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*ActivityEntityQuery.UnmarshalJSON([]byte) error` +- New function `ActivityEntityQuery.MarshalJSON() ([]byte, error)` +- New function `PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum` +- New function `MetadataCategories.MarshalJSON() ([]byte, error)` +- New function `IoTDataConnector.MarshalJSON() ([]byte, error)` +- New function `*EntityAnalytics.UnmarshalJSON([]byte) error` +- New function `*MLBehaviorAnalyticsAlertRule.GetAlertRule() *AlertRule` +- New function `PossibleDeploymentFetchStatusValues() []DeploymentFetchStatus` +- New function `OfficeIRMDataConnector.MarshalJSON() ([]byte, error)` +- New function `PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues() []AutomationRulePropertyChangedConditionSupportedPropertyType` +- New function `MLBehaviorAnalyticsAlertRule.MarshalJSON() ([]byte, error)` +- New function `PossibleEntityTimelineKindValues() []EntityTimelineKind` +- New function `*TiTaxiiDataConnector.GetDataConnector() *DataConnector` +- New function `*Dynamics365CheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse.UnmarshalJSON([]byte) error` +- New function `PossibleEntityTypeValues() []EntityType` +- New function `*EntityQueryList.UnmarshalJSON([]byte) error` +- New function `ThreatIntelligenceAlertRule.MarshalJSON() ([]byte, error)` +- New function `AwsS3DataConnectorProperties.MarshalJSON() ([]byte, error)` +- New function `*SecurityAlertTimelineItem.UnmarshalJSON([]byte) error` +- New function `*EntityQuery.GetEntityQuery() *EntityQuery` +- New function `PossibleSupportTierValues() []SupportTier` +- New function `*AnomalyTimelineItem.GetEntityTimelineItem() *EntityTimelineItem` +- New function `Anomalies.MarshalJSON() ([]byte, error)` +- New function `MSTICheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*OfficePowerBIDataConnector.GetDataConnector() *DataConnector` +- New function `*BookmarkTimelineItem.GetEntityTimelineItem() *EntityTimelineItem` +- New function `PossibleEntityQueryKindValues() []EntityQueryKind` +- New function `Office365ProjectDataConnector.MarshalJSON() ([]byte, error)` +- New function `AnomalySecurityMLAnalyticsSettings.MarshalJSON() ([]byte, error)` +- New function `IoTCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*EyesOn.GetSettings() *Settings` +- New function `BookmarkExpandParameters.MarshalJSON() ([]byte, error)` +- New function `*NrtAlertRule.UnmarshalJSON([]byte) error` +- New function `*OfficePowerBICheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*CodelessUIDataConnector.GetDataConnector() *DataConnector` +- New function `*ActivityTimelineItem.UnmarshalJSON([]byte) error` +- New function `TiTaxiiCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*AnomalySecurityMLAnalyticsSettingsProperties.UnmarshalJSON([]byte) error` +- New function `*DataConnectorsClient.Disconnect(context.Context, string, string, string, *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error)` +- New function `Dynamics365CheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*AwsS3CheckRequirements.UnmarshalJSON([]byte) error` +- New function `*Ueba.UnmarshalJSON([]byte) error` +- New function `*OfficeATPCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*EntityExpandResponseValue.UnmarshalJSON([]byte) error` +- New function `PossibleEntityKindValues() []EntityKind` +- New function `*IoTDataConnector.UnmarshalJSON([]byte) error` +- New function `*ASCCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `NrtAlertRuleProperties.MarshalJSON() ([]byte, error)` +- New function `*EnrichmentDomainWhois.UnmarshalJSON([]byte) error` +- New function `PossibleSourceTypeValues() []SourceType` +- New function `PossibleSettingKindValues() []SettingKind` +- New function `PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState` +- New function `*CodelessUIDataConnector.UnmarshalJSON([]byte) error` +- New function `ThreatIntelligenceAlertRuleTemplateProperties.MarshalJSON() ([]byte, error)` +- New function `PossibleEnum15Values() []Enum15` +- New function `*SecurityAlertTimelineItem.GetEntityTimelineItem() *EntityTimelineItem` +- New function `Dynamics365DataConnector.MarshalJSON() ([]byte, error)` +- New function `TiTaxiiDataConnectorProperties.MarshalJSON() ([]byte, error)` +- New function `EyesOn.MarshalJSON() ([]byte, error)` +- New function `*AnomalySecurityMLAnalyticsSettings.GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting` +- New function `AATPCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*MLBehaviorAnalyticsAlertRule.UnmarshalJSON([]byte) error` +- New function `ASCCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*BookmarkTimelineItem.UnmarshalJSON([]byte) error` +- New function `PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind` +- New function `*SecurityMLAnalyticsSettingsList.UnmarshalJSON([]byte) error` +- New function `*OfficeIRMDataConnector.UnmarshalJSON([]byte) error` +- New function `BookmarkEntityMappings.MarshalJSON() ([]byte, error)` +- New function `*NrtAlertRuleTemplate.GetAlertRuleTemplate() *AlertRuleTemplate` +- New function `*ActivityEntityQueryTemplate.UnmarshalJSON([]byte) error` +- New function `*AlertRuleTemplatePropertiesBase.UnmarshalJSON([]byte) error` +- New function `PossibleUebaDataSourcesValues() []UebaDataSources` +- New function `Ueba.MarshalJSON() ([]byte, error)` +- New function `*TICheckRequirements.UnmarshalJSON([]byte) error` +- New function `EntityExpandParameters.MarshalJSON() ([]byte, error)` +- New function `AlertRuleTemplateWithMitreProperties.MarshalJSON() ([]byte, error)` +- New function `*AADCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*EntityInsightItemQueryTimeInterval.UnmarshalJSON([]byte) error` +- New function `*MSTIDataConnector.GetDataConnector() *DataConnector` +- New function `*MSTICheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*ActivityTimelineItem.GetEntityTimelineItem() *EntityTimelineItem` +- New function `*EyesOn.UnmarshalJSON([]byte) error` +- New function `NrtAlertRule.MarshalJSON() ([]byte, error)` +- New function `OfficeATPDataConnector.MarshalJSON() ([]byte, error)` +- New function `*TeamInformation.UnmarshalJSON([]byte) error` +- New function `EntityAnalytics.MarshalJSON() ([]byte, error)` +- New function `*ActivityCustomEntityQuery.UnmarshalJSON([]byte) error` +- New function `*PropertyChangedConditionProperties.UnmarshalJSON([]byte) error` +- New function `PossibleVersionValues() []Version` +- New function `AutomationRulePropertyValuesChangedCondition.MarshalJSON() ([]byte, error)` +- New function `ActivityCustomEntityQuery.MarshalJSON() ([]byte, error)` +- New function `PossibleOperatorValues() []Operator` +- New function `*CodelessAPIPollingDataConnector.UnmarshalJSON([]byte) error` +- New function `*ExpansionEntityQuery.UnmarshalJSON([]byte) error` +- New function `*OfficeATPDataConnector.UnmarshalJSON([]byte) error` +- New function `OfficePowerBIDataConnector.MarshalJSON() ([]byte, error)` +- New function `*IncidentsClient.RunPlaybook(context.Context, string, string, string, *IncidentsClientRunPlaybookOptions) (IncidentsClientRunPlaybookResponse, error)` +- New function `*AATPCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*Settings.GetSettings() *Settings` +- New function `PossibleEnum13Values() []Enum13` +- New function `Permissions.MarshalJSON() ([]byte, error)` +- New function `*TiTaxiiCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `Office365ProjectCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*IoTCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*ThreatIntelligenceAlertRule.UnmarshalJSON([]byte) error` +- New function `*AwsS3CheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `SecurityMLAnalyticsSettingsDataSource.MarshalJSON() ([]byte, error)` +- New function `PossibleContentTypeValues() []ContentType` +- New function `*SecurityMLAnalyticsSetting.GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting` +- New function `*AlertRuleTemplateWithMitreProperties.UnmarshalJSON([]byte) error` +- New function `*CustomEntityQuery.GetCustomEntityQuery() *CustomEntityQuery` +- New function `*MCASCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `*EntityQueryTemplate.GetEntityQueryTemplate() *EntityQueryTemplate` +- New function `*MDATPCheckRequirements.UnmarshalJSON([]byte) error` +- New function `PropertyArrayChangedConditionProperties.MarshalJSON() ([]byte, error)` +- New function `MtpCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*BookmarkExpandParameters.UnmarshalJSON([]byte) error` +- New function `PossiblePermissionProviderScopeValues() []PermissionProviderScope` +- New function `NrtAlertRuleTemplateProperties.MarshalJSON() ([]byte, error)` +- New function `*MSTIDataConnector.UnmarshalJSON([]byte) error` +- New function `*Ueba.GetSettings() *Settings` +- New function `ConnectivityCriteria.MarshalJSON() ([]byte, error)` +- New function `*AwsS3DataConnector.UnmarshalJSON([]byte) error` +- New function `*TiTaxiiDataConnectorProperties.UnmarshalJSON([]byte) error` +- New function `CodelessAPIPollingDataConnector.MarshalJSON() ([]byte, error)` +- New function `FusionSourceSettings.MarshalJSON() ([]byte, error)` +- New function `*MetadataProperties.UnmarshalJSON([]byte) error` +- New function `*EntitiesClientGetResponse.UnmarshalJSON([]byte) error` +- New function `AwsS3DataConnector.MarshalJSON() ([]byte, error)` +- New function `*AwsCloudTrailCheckRequirements.UnmarshalJSON([]byte) error` +- New function `MetadataDependencies.MarshalJSON() ([]byte, error)` +- New function `MTPDataConnector.MarshalJSON() ([]byte, error)` +- New function `PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState` +- New function `*MLBehaviorAnalyticsAlertRuleTemplate.GetAlertRuleTemplate() *AlertRuleTemplate` +- New function `QueryBasedAlertRuleTemplateProperties.MarshalJSON() ([]byte, error)` +- New function `InstructionSteps.MarshalJSON() ([]byte, error)` +- New function `CodelessUIDataConnector.MarshalJSON() ([]byte, error)` +- New function `*OfficeATPDataConnector.GetDataConnector() *DataConnector` +- New function `ActivityEntityQueryTemplate.MarshalJSON() ([]byte, error)` +- New function `MCASCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `ThreatIntelligenceAlertRuleProperties.MarshalJSON() ([]byte, error)` +- New function `*Office365ProjectDataConnector.UnmarshalJSON([]byte) error` +- New function `*ExpansionEntityQuery.GetEntityQuery() *EntityQuery` +- New function `*OfficeATPCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*EntityAnalytics.GetSettings() *Settings` +- New function `TeamInformation.MarshalJSON() ([]byte, error)` +- New function `MLBehaviorAnalyticsAlertRuleTemplateProperties.MarshalJSON() ([]byte, error)` +- New function `PossibleSettingTypeValues() []SettingType` +- New function `*MLBehaviorAnalyticsAlertRuleTemplate.UnmarshalJSON([]byte) error` +- New function `*PropertyArrayChangedConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*TICheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum` +- New function `*Dynamics365DataConnector.GetDataConnector() *DataConnector` +- New function `*InsightQueryItem.UnmarshalJSON([]byte) error` +- New function `*Office365ProjectCheckRequirements.UnmarshalJSON([]byte) error` +- New function `UebaProperties.MarshalJSON() ([]byte, error)` +- New function `*MDATPCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `PossibleSettingsStatusValues() []SettingsStatus` +- New function `AADCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*AnomalySecurityMLAnalyticsSettings.UnmarshalJSON([]byte) error` +- New function `MetadataPropertiesPatch.MarshalJSON() ([]byte, error)` +- New function `*OfficeIRMCheckRequirements.UnmarshalJSON([]byte) error` +- New function `*AwsCloudTrailCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `AwsS3CheckRequirements.MarshalJSON() ([]byte, error)` +- New function `OfficeIRMCheckRequirements.MarshalJSON() ([]byte, error)` +- New function `PossibleSourceKindValues() []SourceKind` +- New function `SourceControlProperties.MarshalJSON() ([]byte, error)` +- New function `TICheckRequirements.MarshalJSON() ([]byte, error)` +- New function `*Office365ProjectCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New function `PossibleDeploymentResultValues() []DeploymentResult` +- New function `*ThreatIntelligenceAlertRuleTemplate.UnmarshalJSON([]byte) error` +- New function `PossibleConnectivityTypeValues() []ConnectivityType` +- New function `TiTaxiiDataConnector.MarshalJSON() ([]byte, error)` +- New function `*OfficePowerBICheckRequirements.UnmarshalJSON([]byte) error` +- New function `*EntityExpandParameters.UnmarshalJSON([]byte) error` +- New function `*EntityQueryItem.GetEntityQueryItem() *EntityQueryItem` +- New function `PossibleEntityProvidersValues() []EntityProviders` +- New function `*ActivityEntityQuery.GetEntityQuery() *EntityQuery` +- New function `MLBehaviorAnalyticsAlertRuleTemplate.MarshalJSON() ([]byte, error)` +- New function `*ThreatIntelligenceAlertRuleTemplateProperties.UnmarshalJSON([]byte) error` +- New function `*Anomalies.GetSettings() *Settings` +- New function `*MLBehaviorAnalyticsAlertRuleTemplateProperties.UnmarshalJSON([]byte) error` +- New function `*NrtAlertRuleTemplate.UnmarshalJSON([]byte) error` +- New function `PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedChangeType` +- New function `CodelessUIConnectorConfigProperties.MarshalJSON() ([]byte, error)` +- New function `*EntityTimelineResponse.UnmarshalJSON([]byte) error` +- New function `*ThreatIntelligenceAlertRuleTemplate.GetAlertRuleTemplate() *AlertRuleTemplate` +- New function `*AwsS3DataConnector.GetDataConnector() *DataConnector` +- New function `CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem.MarshalJSON() ([]byte, error)` +- New function `PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues() []AutomationRulePropertyChangedConditionSupportedChangedType` +- New function `*SecurityMLAnalyticsSettingsClientGetResponse.UnmarshalJSON([]byte) error` +- New function `*Dynamics365CheckRequirements.UnmarshalJSON([]byte) error` +- New function `*AATPCheckRequirements.GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements` +- New struct `AADCheckRequirements` +- New struct `AADCheckRequirementsProperties` +- New struct `AATPCheckRequirements` +- New struct `AATPCheckRequirementsProperties` +- New struct `APIPollingParameters` +- New struct `ASCCheckRequirements` +- New struct `ASCCheckRequirementsProperties` +- New struct `ActivityCustomEntityQuery` +- New struct `ActivityEntityQueriesProperties` +- New struct `ActivityEntityQueriesPropertiesQueryDefinitions` +- New struct `ActivityEntityQuery` +- New struct `ActivityEntityQueryTemplate` +- New struct `ActivityEntityQueryTemplateProperties` +- New struct `ActivityEntityQueryTemplatePropertiesQueryDefinitions` +- New struct `ActivityTimelineItem` +- New struct `AlertRuleTemplatePropertiesBase` +- New struct `AlertRuleTemplateWithMitreProperties` +- New struct `Anomalies` +- New struct `AnomaliesSettingsProperties` +- New struct `AnomalySecurityMLAnalyticsSettings` +- New struct `AnomalySecurityMLAnalyticsSettingsProperties` +- New struct `AnomalyTimelineItem` +- New struct `AutomationRulePropertyArrayChangedValuesCondition` +- New struct `AutomationRulePropertyValuesChangedCondition` +- New struct `Availability` +- New struct `AwsCloudTrailCheckRequirements` +- New struct `AwsS3CheckRequirements` +- New struct `AwsS3DataConnector` +- New struct `AwsS3DataConnectorDataTypes` +- New struct `AwsS3DataConnectorDataTypesLogs` +- New struct `AwsS3DataConnectorProperties` +- New struct `AzureDevOpsResourceInfo` +- New struct `BookmarkClientExpandOptions` +- New struct `BookmarkClientExpandResponse` +- New struct `BookmarkEntityMappings` +- New struct `BookmarkExpandParameters` +- New struct `BookmarkExpandResponse` +- New struct `BookmarkExpandResponseValue` +- New struct `BookmarkRelationsClientCreateOrUpdateOptions` +- New struct `BookmarkRelationsClientCreateOrUpdateResponse` +- New struct `BookmarkRelationsClientDeleteOptions` +- New struct `BookmarkRelationsClientDeleteResponse` +- New struct `BookmarkRelationsClientGetOptions` +- New struct `BookmarkRelationsClientGetResponse` +- New struct `BookmarkRelationsClientListOptions` +- New struct `BookmarkRelationsClientListResponse` +- New struct `BookmarkTimelineItem` +- New struct `CodelessAPIPollingDataConnector` +- New struct `CodelessConnectorPollingAuthProperties` +- New struct `CodelessConnectorPollingConfigProperties` +- New struct `CodelessConnectorPollingPagingProperties` +- New struct `CodelessConnectorPollingRequestProperties` +- New struct `CodelessConnectorPollingResponseProperties` +- New struct `CodelessParameters` +- New struct `CodelessUIConnectorConfigProperties` +- New struct `CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem` +- New struct `CodelessUIConnectorConfigPropertiesDataTypesItem` +- New struct `CodelessUIConnectorConfigPropertiesGraphQueriesItem` +- New struct `CodelessUIConnectorConfigPropertiesInstructionStepsItem` +- New struct `CodelessUIConnectorConfigPropertiesSampleQueriesItem` +- New struct `CodelessUIDataConnector` +- New struct `ConnectedEntity` +- New struct `ConnectivityCriteria` +- New struct `ConnectorInstructionModelBase` +- New struct `ContentPathMap` +- New struct `CustomEntityQuery` +- New struct `Customs` +- New struct `CustomsPermission` +- New struct `DataConnectorConnectBody` +- New struct `DataConnectorRequirementsState` +- New struct `DataConnectorsCheckRequirements` +- New struct `DataConnectorsCheckRequirementsClientPostOptions` +- New struct `DataConnectorsCheckRequirementsClientPostResponse` +- New struct `DataConnectorsClientConnectOptions` +- New struct `DataConnectorsClientConnectResponse` +- New struct `DataConnectorsClientDisconnectOptions` +- New struct `DataConnectorsClientDisconnectResponse` +- New struct `DataTypeDefinitions` +- New struct `Deployment` +- New struct `DeploymentInfo` +- New struct `DomainWhoisClientGetOptions` +- New struct `DomainWhoisClientGetResponse` +- New struct `Dynamics365CheckRequirements` +- New struct `Dynamics365CheckRequirementsProperties` +- New struct `Dynamics365DataConnector` +- New struct `Dynamics365DataConnectorDataTypes` +- New struct `Dynamics365DataConnectorDataTypesDynamics365CdsActivities` +- New struct `Dynamics365DataConnectorProperties` +- New struct `EnrichmentDomainWhois` +- New struct `EnrichmentDomainWhoisContact` +- New struct `EnrichmentDomainWhoisContacts` +- New struct `EnrichmentDomainWhoisDetails` +- New struct `EnrichmentDomainWhoisRegistrarDetails` +- New struct `EnrichmentIPGeodata` +- New struct `EntitiesClientExpandOptions` +- New struct `EntitiesClientExpandResponse` +- New struct `EntitiesClientGetInsightsOptions` +- New struct `EntitiesClientGetInsightsResponse` +- New struct `EntitiesClientGetOptions` +- New struct `EntitiesClientGetResponse` +- New struct `EntitiesClientListOptions` +- New struct `EntitiesClientListResponse` +- New struct `EntitiesClientQueriesOptions` +- New struct `EntitiesClientQueriesResponse` +- New struct `EntitiesGetTimelineClientListOptions` +- New struct `EntitiesGetTimelineClientListResponse` +- New struct `EntitiesRelationsClientListOptions` +- New struct `EntitiesRelationsClientListResponse` +- New struct `EntityAnalytics` +- New struct `EntityAnalyticsProperties` +- New struct `EntityEdges` +- New struct `EntityExpandParameters` +- New struct `EntityExpandResponse` +- New struct `EntityExpandResponseValue` +- New struct `EntityFieldMapping` +- New struct `EntityGetInsightsParameters` +- New struct `EntityGetInsightsResponse` +- New struct `EntityInsightItem` +- New struct `EntityInsightItemQueryTimeInterval` +- New struct `EntityList` +- New struct `EntityQueriesClientCreateOrUpdateOptions` +- New struct `EntityQueriesClientCreateOrUpdateResponse` +- New struct `EntityQueriesClientDeleteOptions` +- New struct `EntityQueriesClientDeleteResponse` +- New struct `EntityQueriesClientGetOptions` +- New struct `EntityQueriesClientGetResponse` +- New struct `EntityQueriesClientListOptions` +- New struct `EntityQueriesClientListResponse` +- New struct `EntityQuery` +- New struct `EntityQueryItem` +- New struct `EntityQueryItemProperties` +- New struct `EntityQueryItemPropertiesDataTypesItem` +- New struct `EntityQueryList` +- New struct `EntityQueryTemplate` +- New struct `EntityQueryTemplateList` +- New struct `EntityQueryTemplatesClientGetOptions` +- New struct `EntityQueryTemplatesClientGetResponse` +- New struct `EntityQueryTemplatesClientListOptions` +- New struct `EntityQueryTemplatesClientListResponse` +- New struct `EntityRelationsClientGetRelationOptions` +- New struct `EntityRelationsClientGetRelationResponse` +- New struct `EntityTimelineItem` +- New struct `EntityTimelineParameters` +- New struct `EntityTimelineResponse` +- New struct `ExpansionEntityQueriesProperties` +- New struct `ExpansionEntityQuery` +- New struct `ExpansionResultAggregation` +- New struct `ExpansionResultsMetadata` +- New struct `EyesOn` +- New struct `EyesOnSettingsProperties` +- New struct `FusionScenarioExclusionPattern` +- New struct `FusionSourceSettings` +- New struct `FusionSourceSubTypeSetting` +- New struct `FusionSubTypeSeverityFilter` +- New struct `FusionSubTypeSeverityFiltersItem` +- New struct `FusionTemplateSourceSetting` +- New struct `FusionTemplateSourceSubType` +- New struct `FusionTemplateSubTypeSeverityFilter` +- New struct `GetInsightsErrorKind` +- New struct `GetInsightsResultsMetadata` +- New struct `GetQueriesResponse` +- New struct `GitHubResourceInfo` +- New struct `GraphQueries` +- New struct `IPGeodataClientGetOptions` +- New struct `IPGeodataClientGetResponse` +- New struct `IncidentsClientCreateTeamOptions` +- New struct `IncidentsClientCreateTeamResponse` +- New struct `IncidentsClientRunPlaybookOptions` +- New struct `IncidentsClientRunPlaybookResponse` +- New struct `InsightQueryItem` +- New struct `InsightQueryItemProperties` +- New struct `InsightQueryItemPropertiesAdditionalQuery` +- New struct `InsightQueryItemPropertiesDefaultTimeRange` +- New struct `InsightQueryItemPropertiesReferenceTimeRange` +- New struct `InsightQueryItemPropertiesTableQuery` +- New struct `InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem` +- New struct `InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem` +- New struct `InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem` +- New struct `InsightsTableResult` +- New struct `InsightsTableResultColumnsItem` +- New struct `InstructionSteps` +- New struct `InstructionStepsInstructionsItem` +- New struct `IoTCheckRequirements` +- New struct `IoTCheckRequirementsProperties` +- New struct `IoTDataConnector` +- New struct `IoTDataConnectorProperties` +- New struct `LastDataReceivedDataType` +- New struct `MCASCheckRequirements` +- New struct `MCASCheckRequirementsProperties` +- New struct `MDATPCheckRequirements` +- New struct `MDATPCheckRequirementsProperties` +- New struct `MLBehaviorAnalyticsAlertRule` +- New struct `MLBehaviorAnalyticsAlertRuleProperties` +- New struct `MLBehaviorAnalyticsAlertRuleTemplate` +- New struct `MLBehaviorAnalyticsAlertRuleTemplateProperties` +- New struct `MSTICheckRequirements` +- New struct `MSTICheckRequirementsProperties` +- New struct `MSTIDataConnector` +- New struct `MSTIDataConnectorDataTypes` +- New struct `MSTIDataConnectorDataTypesBingSafetyPhishingURL` +- New struct `MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed` +- New struct `MSTIDataConnectorProperties` +- New struct `MTPCheckRequirementsProperties` +- New struct `MTPDataConnector` +- New struct `MTPDataConnectorDataTypes` +- New struct `MTPDataConnectorDataTypesIncidents` +- New struct `MTPDataConnectorProperties` +- New struct `ManualTriggerRequestBody` +- New struct `MetadataAuthor` +- New struct `MetadataCategories` +- New struct `MetadataClientCreateOptions` +- New struct `MetadataClientCreateResponse` +- New struct `MetadataClientDeleteOptions` +- New struct `MetadataClientDeleteResponse` +- New struct `MetadataClientGetOptions` +- New struct `MetadataClientGetResponse` +- New struct `MetadataClientListOptions` +- New struct `MetadataClientListResponse` +- New struct `MetadataClientUpdateOptions` +- New struct `MetadataClientUpdateResponse` +- New struct `MetadataDependencies` +- New struct `MetadataList` +- New struct `MetadataModel` +- New struct `MetadataPatch` +- New struct `MetadataProperties` +- New struct `MetadataPropertiesPatch` +- New struct `MetadataSource` +- New struct `MetadataSupport` +- New struct `MtpCheckRequirements` +- New struct `NrtAlertRule` +- New struct `NrtAlertRuleProperties` +- New struct `NrtAlertRuleTemplate` +- New struct `NrtAlertRuleTemplateProperties` +- New struct `Office365ProjectCheckRequirements` +- New struct `Office365ProjectCheckRequirementsProperties` +- New struct `Office365ProjectConnectorDataTypes` +- New struct `Office365ProjectConnectorDataTypesLogs` +- New struct `Office365ProjectDataConnector` +- New struct `Office365ProjectDataConnectorProperties` +- New struct `OfficeATPCheckRequirements` +- New struct `OfficeATPCheckRequirementsProperties` +- New struct `OfficeATPDataConnector` +- New struct `OfficeATPDataConnectorProperties` +- New struct `OfficeConsent` +- New struct `OfficeConsentList` +- New struct `OfficeConsentProperties` +- New struct `OfficeConsentsClientDeleteOptions` +- New struct `OfficeConsentsClientDeleteResponse` +- New struct `OfficeConsentsClientGetOptions` +- New struct `OfficeConsentsClientGetResponse` +- New struct `OfficeConsentsClientListOptions` +- New struct `OfficeConsentsClientListResponse` +- New struct `OfficeIRMCheckRequirements` +- New struct `OfficeIRMCheckRequirementsProperties` +- New struct `OfficeIRMDataConnector` +- New struct `OfficeIRMDataConnectorProperties` +- New struct `OfficePowerBICheckRequirements` +- New struct `OfficePowerBICheckRequirementsProperties` +- New struct `OfficePowerBIConnectorDataTypes` +- New struct `OfficePowerBIConnectorDataTypesLogs` +- New struct `OfficePowerBIDataConnector` +- New struct `OfficePowerBIDataConnectorProperties` +- New struct `Permissions` +- New struct `PermissionsCustomsItem` +- New struct `PermissionsResourceProviderItem` +- New struct `ProductSettingsClientDeleteOptions` +- New struct `ProductSettingsClientDeleteResponse` +- New struct `ProductSettingsClientGetOptions` +- New struct `ProductSettingsClientGetResponse` +- New struct `ProductSettingsClientListOptions` +- New struct `ProductSettingsClientListResponse` +- New struct `ProductSettingsClientUpdateOptions` +- New struct `ProductSettingsClientUpdateResponse` +- New struct `PropertyArrayChangedConditionProperties` +- New struct `PropertyChangedConditionProperties` +- New struct `QueryBasedAlertRuleTemplateProperties` +- New struct `Repo` +- New struct `RepoList` +- New struct `Repository` +- New struct `RepositoryResourceInfo` +- New struct `RequiredPermissions` +- New struct `ResourceProvider` +- New struct `SampleQueries` +- New struct `SecurityAlertTimelineItem` +- New struct `SecurityMLAnalyticsSetting` +- New struct `SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions` +- New struct `SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse` +- New struct `SecurityMLAnalyticsSettingsClientDeleteOptions` +- New struct `SecurityMLAnalyticsSettingsClientDeleteResponse` +- New struct `SecurityMLAnalyticsSettingsClientGetOptions` +- New struct `SecurityMLAnalyticsSettingsClientGetResponse` +- New struct `SecurityMLAnalyticsSettingsClientListOptions` +- New struct `SecurityMLAnalyticsSettingsClientListResponse` +- New struct `SecurityMLAnalyticsSettingsDataSource` +- New struct `SecurityMLAnalyticsSettingsList` +- New struct `SettingList` +- New struct `Settings` +- New struct `SourceControl` +- New struct `SourceControlClientListRepositoriesOptions` +- New struct `SourceControlClientListRepositoriesResponse` +- New struct `SourceControlList` +- New struct `SourceControlProperties` +- New struct `SourceControlsClientCreateOptions` +- New struct `SourceControlsClientCreateResponse` +- New struct `SourceControlsClientDeleteOptions` +- New struct `SourceControlsClientDeleteResponse` +- New struct `SourceControlsClientGetOptions` +- New struct `SourceControlsClientGetResponse` +- New struct `SourceControlsClientListOptions` +- New struct `SourceControlsClientListResponse` +- New struct `TICheckRequirements` +- New struct `TICheckRequirementsProperties` +- New struct `TeamInformation` +- New struct `TeamProperties` +- New struct `ThreatIntelligenceAlertRule` +- New struct `ThreatIntelligenceAlertRuleProperties` +- New struct `ThreatIntelligenceAlertRuleTemplate` +- New struct `ThreatIntelligenceAlertRuleTemplateProperties` +- New struct `TiTaxiiCheckRequirements` +- New struct `TiTaxiiCheckRequirementsProperties` +- New struct `TiTaxiiDataConnector` +- New struct `TiTaxiiDataConnectorDataTypes` +- New struct `TiTaxiiDataConnectorDataTypesTaxiiClient` +- New struct `TiTaxiiDataConnectorProperties` +- New struct `TimelineAggregation` +- New struct `TimelineError` +- New struct `TimelineResultsMetadata` +- New struct `Ueba` +- New struct `UebaProperties` +- New struct `Webhook` +- New field `SourceSettings` in struct `FusionAlertRuleTemplateProperties` +- New field `Techniques` in struct `FusionAlertRuleTemplateProperties` +- New field `AzureAsyncOperation` in struct `WatchlistsClientCreateOrUpdateResponse` +- New field `OwnerType` in struct `IncidentOwnerInfo` +- New field `ScenarioExclusionPatterns` in struct `FusionAlertRuleProperties` +- New field `Techniques` in struct `FusionAlertRuleProperties` +- New field `SourceSettings` in struct `FusionAlertRuleProperties` +- New field `ProviderIncidentID` in struct `IncidentProperties` +- New field `TeamInformation` in struct `IncidentProperties` +- New field `ProviderName` in struct `IncidentProperties` +- New field `Techniques` in struct `ScheduledAlertRuleTemplateProperties` +- New field `Techniques` in struct `IncidentAdditionalData` +- New field `ProviderIncidentURL` in struct `IncidentAdditionalData` +- New field `Techniques` in struct `ScheduledAlertRuleProperties` +- New field `SourceType` in struct `WatchlistProperties` +- New field `Tactics` in struct `BookmarkProperties` +- New field `EntityMappings` in struct `BookmarkProperties` +- New field `Techniques` in struct `BookmarkProperties` +- New field `AzureAsyncOperation` in struct `WatchlistsClientDeleteResponse` + + ## 1.0.0 (2022-05-17) The package of `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights` is using our [next generation design principles](https://azure.github.io/azure-sdk/general_introduction.html) since version 1.0.0, which contains breaking changes. diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md b/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md index 8e24ca40c633..44cd857de62a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md @@ -4,12 +4,11 @@ ``` yaml azure-arm: true -tag: package-2021-10 require: -- https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/readme.md -- https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/readme.go.md +- https://github.com/Azure/azure-rest-api-specs/blob/792db17291c758b2bfdbbc0d35d0e2f5b5a1bd05/specification/securityinsights/resource-manager/readme.md +- https://github.com/Azure/azure-rest-api-specs/blob/792db17291c758b2bfdbbc0d35d0e2f5b5a1bd05/specification/securityinsights/resource-manager/readme.go.md license-header: MICROSOFT_MIT_NO_VERSION -module-version: 1.0.0 +module-version: 2.0.0-beta.1 modelerfour: lenient-model-deduplication: true ``` \ No newline at end of file diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod index 59faa3d62030..e546832e2d20 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod @@ -1,4 +1,4 @@ -module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights +module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2 go 1.18 diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_actions_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_actions_client_test.go index f3ddb70f8e78..20a8109b9748 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_actions_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_actions_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/GetAllActionsByAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/actions/GetAllActionsByAlertRule.json func ExampleActionsClient_NewListByAlertRulePager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -44,7 +44,7 @@ func ExampleActionsClient_NewListByAlertRulePager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/GetActionOfAlertRuleById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/actions/GetActionOfAlertRuleById.json func ExampleActionsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -68,7 +68,7 @@ func ExampleActionsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/CreateActionOfAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/actions/CreateActionOfAlertRule.json func ExampleActionsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -99,7 +99,7 @@ func ExampleActionsClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/DeleteActionOfAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/actions/DeleteActionOfAlertRule.json func ExampleActionsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertrules_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertrules_client_test.go index fcd11324ad4c..82d6e34a4474 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertrules_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertrules_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetAllAlertRules.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRules/GetAllAlertRules.json func ExampleAlertRulesClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -43,7 +43,7 @@ func ExampleAlertRulesClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetFusionAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRules/GetFusionAlertRule.json func ExampleAlertRulesClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -66,7 +66,7 @@ func ExampleAlertRulesClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/CreateFusionAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json func ExampleAlertRulesClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -87,6 +87,233 @@ func ExampleAlertRulesClient_CreateOrUpdate() { Properties: &armsecurityinsights.FusionAlertRuleProperties{ AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), Enabled: to.Ptr(true), + SourceSettings: []*armsecurityinsights.FusionSourceSettings{ + { + Enabled: to.Ptr(true), + SourceName: to.Ptr("Anomalies"), + }, + { + Enabled: to.Ptr(true), + SourceName: to.Ptr("Alert providers"), + SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Azure Defender"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Azure Defender for IoT"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), + }, + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ + Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), + }, + { + Enabled: to.Ptr(true), + Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), + }}, + }, + SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), + }}, + }, + { + Enabled: to.Ptr(true), + SourceName: to.Ptr("Raw logs from other sources"), + SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ + { + Enabled: to.Ptr(true), + SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{}, + SourceSubTypeName: to.Ptr("Palo Alto Networks"), + }}, + }}, }, }, nil) @@ -97,7 +324,7 @@ func ExampleAlertRulesClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/DeleteAlertRule.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRules/DeleteAlertRule.json func ExampleAlertRulesClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertruletemplates_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertruletemplates_client_test.go index f44af2cb0731..03ffb29caeed 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertruletemplates_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_alertruletemplates_client_test.go @@ -13,10 +13,10 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json func ExampleAlertRuleTemplatesClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -42,7 +42,7 @@ func ExampleAlertRuleTemplatesClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json func ExampleAlertRuleTemplatesClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_automationrules_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_automationrules_client_test.go index e7bc167597d3..6aa9f5db644d 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_automationrules_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_automationrules_client_test.go @@ -13,10 +13,10 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_Get.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Get.json func ExampleAutomationRulesClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -39,7 +39,7 @@ func ExampleAutomationRulesClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_CreateOrUpdate.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json func ExampleAutomationRulesClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -62,7 +62,7 @@ func ExampleAutomationRulesClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_Delete.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Delete.json func ExampleAutomationRulesClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -85,7 +85,7 @@ func ExampleAutomationRulesClient_Delete() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_List.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_List.json func ExampleAutomationRulesClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmark_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmark_client_test.go new file mode 100644 index 000000000000..4c18b78b5c46 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmark_client_test.go @@ -0,0 +1,48 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "time" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +func ExampleBookmarkClient_Expand() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewBookmarkClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Expand(ctx, + "myRg", + "myWorkspace", + "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + armsecurityinsights.BookmarkExpandParameters{ + EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-24T17:21:00.000Z"); return t }()), + ExpansionID: to.Ptr("27f76e63-c41b-480f-bb18-12ad2e011d49"), + StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-25T17:21:00.000Z"); return t }()), + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarkrelations_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarkrelations_client_test.go new file mode 100644 index 000000000000..710b324e2bec --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarkrelations_client_test.go @@ -0,0 +1,124 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +func ExampleBookmarkRelationsClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewBookmarkRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + "2216d0e1-91e3-4902-89fd-d2df8c535096", + &armsecurityinsights.BookmarkRelationsClientListOptions{Filter: nil, + Orderby: nil, + Top: nil, + SkipToken: nil, + }) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +func ExampleBookmarkRelationsClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewBookmarkRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "2216d0e1-91e3-4902-89fd-d2df8c535096", + "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +func ExampleBookmarkRelationsClient_CreateOrUpdate() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewBookmarkRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.CreateOrUpdate(ctx, + "myRg", + "myWorkspace", + "2216d0e1-91e3-4902-89fd-d2df8c535096", + "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + armsecurityinsights.Relation{ + Properties: &armsecurityinsights.RelationProperties{ + RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"), + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +func ExampleBookmarkRelationsClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewBookmarkRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "2216d0e1-91e3-4902-89fd-d2df8c535096", + "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarks_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarks_client_test.go index 4fe8e88b8366..d16a6d19e55d 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarks_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_bookmarks_client_test.go @@ -16,10 +16,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/GetBookmarks.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/GetBookmarks.json func ExampleBookmarksClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -45,7 +45,7 @@ func ExampleBookmarksClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/GetBookmarkById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/GetBookmarkById.json func ExampleBookmarksClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -68,7 +68,7 @@ func ExampleBookmarksClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/CreateBookmark.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/CreateBookmark.json func ExampleBookmarksClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -86,18 +86,31 @@ func ExampleBookmarksClient_CreateOrUpdate() { armsecurityinsights.Bookmark{ Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), Properties: &armsecurityinsights.BookmarkProperties{ - Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t }()), + Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()), CreatedBy: &armsecurityinsights.UserInfo{ ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), }, DisplayName: to.Ptr("My bookmark"), + EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{ + { + EntityType: to.Ptr("Account"), + FieldMappings: []*armsecurityinsights.EntityFieldMapping{ + { + Identifier: to.Ptr("Fullname"), + Value: to.Ptr("johndoe@microsoft.com"), + }}, + }}, Labels: []*string{ to.Ptr("Tag1"), to.Ptr("Tag2")}, Notes: to.Ptr("Found a suspicious activity"), Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"), QueryResult: to.Ptr("Security Event query result"), - Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t }()), + Tactics: []*armsecurityinsights.AttackTactic{ + to.Ptr(armsecurityinsights.AttackTacticExecution)}, + Techniques: []*string{ + to.Ptr("T1609")}, + Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()), UpdatedBy: &armsecurityinsights.UserInfo{ ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), }, @@ -111,7 +124,7 @@ func ExampleBookmarksClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/DeleteBookmark.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/bookmarks/DeleteBookmark.json func ExampleBookmarksClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectors_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectors_client_test.go index 92da7c052e9e..a847b5c2a268 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectors_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectors_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetDataConnectors.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/GetDataConnectors.json func ExampleDataConnectorsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -43,7 +43,7 @@ func ExampleDataConnectorsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetAzureSecurityCenterById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/GetAPIPolling.json func ExampleDataConnectorsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -57,7 +57,7 @@ func ExampleDataConnectorsClient_Get() { res, err := client.Get(ctx, "myRg", "myWorkspace", - "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) if err != nil { log.Fatalf("failed to finish the request: %v", err) @@ -66,7 +66,7 @@ func ExampleDataConnectorsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/CreateOfficeDataConnetor.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/CreateAPIPolling.json func ExampleDataConnectorsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -80,23 +80,111 @@ func ExampleDataConnectorsClient_CreateOrUpdate() { res, err := client.CreateOrUpdate(ctx, "myRg", "myWorkspace", - "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - &armsecurityinsights.OfficeDataConnector{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365), - Properties: &armsecurityinsights.OfficeDataConnectorProperties{ - DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{ - Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), + "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + &armsecurityinsights.CodelessAPIPollingDataConnector{ + Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling), + Properties: &armsecurityinsights.APIPollingParameters{ + ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ + Availability: &armsecurityinsights.Availability{ + IsPreview: to.Ptr(true), + Status: to.Ptr[int32](1), }, - SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), + ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ + { + Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")), + Value: []*string{}, + }}, + DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ + { + Name: to.Ptr("{{graphQueriesTableName}}"), + LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), + }}, + DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."), + GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ + { + BaseQuery: to.Ptr("{{graphQueriesTableName}}"), + Legend: to.Ptr("GitHub audit log events"), + MetricName: to.Ptr("Total events received"), + }}, + GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"), + InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ + { + Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"), + Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ + { + Type: to.Ptr(armsecurityinsights.SettingType("APIKey")), + Parameters: map[string]interface{}{ + "enable": "true", + "userRequestPlaceHoldersInput": []interface{}{ + map[string]interface{}{ + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint", + }, + }, + }, + }}, + Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"), + }}, + Permissions: &armsecurityinsights.Permissions{ + Customs: []*armsecurityinsights.PermissionsCustomsItem{ + { + Name: to.Ptr("GitHub API personal token Key"), + Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"), + }}, + ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ + { + PermissionsDisplayText: to.Ptr("read and write permissions are required."), + Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), + ProviderDisplayName: to.Ptr("Workspace"), + RequiredPermissions: &armsecurityinsights.RequiredPermissions{ + Delete: to.Ptr(true), + Read: to.Ptr(true), + Write: to.Ptr(true), + }, + Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), + }}, }, - Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), + Publisher: to.Ptr("GitHub"), + SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ + { + Description: to.Ptr("All logs"), + Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 "), + }}, + Title: to.Ptr("GitHub Enterprise Audit Log"), + }, + PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{ + Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{ + APIKeyIdentifier: to.Ptr("token"), + APIKeyName: to.Ptr("Authorization"), + AuthType: to.Ptr("APIKey"), + }, + Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{ + PageSizeParaName: to.Ptr("per_page"), + PagingType: to.Ptr("LinkHeader"), + }, + Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{ + EventsJSONPaths: []*string{ + to.Ptr("$")}, + }, + Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{ + APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"), + Headers: map[string]interface{}{ + "Accept": "application/json", + "User-Agent": "Scuba", + }, + HTTPMethod: to.Ptr("Get"), + QueryParameters: map[string]interface{}{ + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", + }, + QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"), + QueryWindowInMin: to.Ptr[int32](15), + RateLimitQPS: to.Ptr[int32](50), + RetryCount: to.Ptr[int32](2), + TimeoutInSeconds: to.Ptr[int32](60), }, }, - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), }, }, nil) @@ -107,7 +195,7 @@ func ExampleDataConnectorsClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/DeleteOfficeDataConnetor.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/DeleteAPIPolling.json func ExampleDataConnectorsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -121,7 +209,60 @@ func ExampleDataConnectorsClient_Delete() { _, err = client.Delete(ctx, "myRg", "myWorkspace", - "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/ConnectAPIPolling.json +func ExampleDataConnectorsClient_Connect() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewDataConnectorsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Connect(ctx, + "myRg", + "myWorkspace", + "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + armsecurityinsights.DataConnectorConnectBody{ + APIKey: to.Ptr("123456789"), + Kind: to.Ptr(armsecurityinsights.ConnectAuthKindAPIKey), + RequestConfigUserInputValues: []interface{}{ + map[string]interface{}{ + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint", + }}, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +func ExampleDataConnectorsClient_Disconnect() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewDataConnectorsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Disconnect(ctx, + "myRg", + "myWorkspace", + "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) if err != nil { log.Fatalf("failed to finish the request: %v", err) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectorscheckrequirements_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectorscheckrequirements_client_test.go new file mode 100644 index 000000000000..d9bd9bb6b934 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_dataconnectorscheckrequirements_client_test.go @@ -0,0 +1,46 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +func ExampleDataConnectorsCheckRequirementsClient_Post() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewDataConnectorsCheckRequirementsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Post(ctx, + "myRg", + "myWorkspace", + &armsecurityinsights.AADCheckRequirements{ + Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), + Properties: &armsecurityinsights.AADCheckRequirementsProperties{ + TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_domainwhois_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_domainwhois_client_test.go new file mode 100644 index 000000000000..5316fe5a5496 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_domainwhois_client_test.go @@ -0,0 +1,39 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/enrichment/GetWhoisByDomainName.json +func ExampleDomainWhoisClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewDomainWhoisClient("bd794837-4d29-4647-9105-6339bfdb4e6a", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "microsoft.com", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entities_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entities_client_test.go new file mode 100644 index 000000000000..3cd96e9bcb65 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entities_client_test.go @@ -0,0 +1,151 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "time" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/GetEntities.json +func ExampleEntitiesClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + nil) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/GetCloudApplicationEntityById.json +func ExampleEntitiesClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "e1d3d618-e11f-478b-98e3-bb381539a8e1", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/expand/PostExpandEntity.json +func ExampleEntitiesClient_Expand() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Expand(ctx, + "myRg", + "myWorkspace", + "e1d3d618-e11f-478b-98e3-bb381539a8e1", + armsecurityinsights.EntityExpandParameters{ + EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-05-26T00:00:00.000Z"); return t }()), + ExpansionID: to.Ptr("a77992f3-25e9-4d01-99a4-5ff606cc410a"), + StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-04-25T00:00:00.000Z"); return t }()), + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/GetQueries.json +func ExampleEntitiesClient_Queries() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Queries(ctx, + "myRg", + "myWorkspace", + "e1d3d618-e11f-478b-98e3-bb381539a8e1", + armsecurityinsights.EntityItemQueryKindInsight, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/insights/PostGetInsights.json +func ExampleEntitiesClient_GetInsights() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.GetInsights(ctx, + "myRg", + "myWorkspace", + "e1d3d618-e11f-478b-98e3-bb381539a8e1", + armsecurityinsights.EntityGetInsightsParameters{ + AddDefaultExtendedTimeRange: to.Ptr(false), + EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), + InsightQueryIDs: []*string{ + to.Ptr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4")}, + StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesgettimeline_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesgettimeline_client_test.go new file mode 100644 index 000000000000..a6999843f7c2 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesgettimeline_client_test.go @@ -0,0 +1,48 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "time" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/timeline/PostTimelineEntity.json +func ExampleEntitiesGetTimelineClient_List() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesGetTimelineClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.List(ctx, + "myRg", + "myWorkspace", + "e1d3d618-e11f-478b-98e3-bb381539a8e1", + armsecurityinsights.EntityTimelineParameters{ + EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), + NumberOfBucket: to.Ptr[int32](4), + StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesrelations_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesrelations_client_test.go new file mode 100644 index 000000000000..671afc361056 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entitiesrelations_client_test.go @@ -0,0 +1,48 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/relations/GetAllEntityRelations.json +func ExampleEntitiesRelationsClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntitiesRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + "afbd324f-6c48-459c-8710-8d1e1cd03812", + &armsecurityinsights.EntitiesRelationsClientListOptions{Filter: nil, + Orderby: nil, + Top: nil, + SkipToken: nil, + }) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityqueries_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityqueries_client_test.go new file mode 100644 index 000000000000..d89d267cf986 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityqueries_client_test.go @@ -0,0 +1,140 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueries/GetEntityQueries.json +func ExampleEntityQueriesClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueriesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + &armsecurityinsights.EntityQueriesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum13Expansion)}) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +func ExampleEntityQueriesClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueriesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +func ExampleEntityQueriesClient_CreateOrUpdate() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueriesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.CreateOrUpdate(ctx, + "myRg", + "myWorkspace", + "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + &armsecurityinsights.ActivityCustomEntityQuery{ + Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), + Kind: to.Ptr(armsecurityinsights.CustomEntityQueryKindActivity), + Properties: &armsecurityinsights.ActivityEntityQueriesProperties{ + Description: to.Ptr("Account deleted on host"), + Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), + Enabled: to.Ptr(true), + EntitiesFilter: map[string][]*string{ + "Host_OsFamily": { + to.Ptr("Windows")}, + }, + InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), + QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{ + Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), + }, + RequiredInputFieldsSets: [][]*string{ + { + to.Ptr("Host_HostName"), + to.Ptr("Host_NTDomain")}, + { + to.Ptr("Host_HostName"), + to.Ptr("Host_DnsDomain")}, + { + to.Ptr("Host_AzureID")}, + { + to.Ptr("Host_OMSAgentID")}}, + Title: to.Ptr("An account was deleted on this host"), + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueries/DeleteEntityQuery.json +func ExampleEntityQueriesClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueriesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityquerytemplates_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityquerytemplates_client_test.go new file mode 100644 index 000000000000..3be62acde0a2 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityquerytemplates_client_test.go @@ -0,0 +1,67 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +func ExampleEntityQueryTemplatesClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueryTemplatesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + &armsecurityinsights.EntityQueryTemplatesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum15Activity)}) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +func ExampleEntityQueryTemplatesClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityQueryTemplatesClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityrelations_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityrelations_client_test.go new file mode 100644 index 000000000000..aed367dd35d5 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_entityrelations_client_test.go @@ -0,0 +1,41 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/entities/relations/GetEntityRelationByName.json +func ExampleEntityRelationsClient_GetRelation() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewEntityRelationsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.GetRelation(ctx, + "myRg", + "myWorkspace", + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentcomments_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentcomments_client_test.go index 40265d7df520..355b3cb95986 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentcomments_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentcomments_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/GetAllIncidentComments.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/comments/GetAllIncidentComments.json func ExampleIncidentCommentsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -48,7 +48,7 @@ func ExampleIncidentCommentsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/GetIncidentCommentById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/comments/GetIncidentCommentById.json func ExampleIncidentCommentsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -72,7 +72,7 @@ func ExampleIncidentCommentsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/CreateIncidentComment.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/comments/CreateIncidentComment.json func ExampleIncidentCommentsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -101,7 +101,7 @@ func ExampleIncidentCommentsClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/DeleteIncidentComment.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/comments/DeleteIncidentComment.json func ExampleIncidentCommentsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentrelations_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentrelations_client_test.go index 40fe88e039de..ce6da0a4666b 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentrelations_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidentrelations_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/GetAllIncidentRelations.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/relations/GetAllIncidentRelations.json func ExampleIncidentRelationsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -48,7 +48,7 @@ func ExampleIncidentRelationsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/GetIncidentRelationByName.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/relations/GetIncidentRelationByName.json func ExampleIncidentRelationsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -72,7 +72,7 @@ func ExampleIncidentRelationsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/CreateIncidentRelation.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/relations/CreateIncidentRelation.json func ExampleIncidentRelationsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -90,7 +90,7 @@ func ExampleIncidentRelationsClient_CreateOrUpdate() { "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{ Properties: &armsecurityinsights.RelationProperties{ - RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), + RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), }, }, nil) @@ -101,7 +101,7 @@ func ExampleIncidentRelationsClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/DeleteIncidentRelation.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/relations/DeleteIncidentRelation.json func ExampleIncidentRelationsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidents_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidents_client_test.go index df513884fdf0..14b95b932d4a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidents_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_incidents_client_test.go @@ -16,10 +16,31 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetIncidents.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +func ExampleIncidentsClient_RunPlaybook() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewIncidentsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.RunPlaybook(ctx, + "myRg", + "myWorkspace", + "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + &armsecurityinsights.IncidentsClientRunPlaybookOptions{RequestBody: nil}) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/GetIncidents.json func ExampleIncidentsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -49,7 +70,7 @@ func ExampleIncidentsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetIncidentById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/GetIncidentById.json func ExampleIncidentsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -72,7 +93,7 @@ func ExampleIncidentsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/CreateIncident.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/CreateIncident.json func ExampleIncidentsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -112,7 +133,7 @@ func ExampleIncidentsClient_CreateOrUpdate() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/DeleteIncident.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/DeleteIncident.json func ExampleIncidentsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -133,7 +154,34 @@ func ExampleIncidentsClient_Delete() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentAlerts.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/CreateTeam.json +func ExampleIncidentsClient_CreateTeam() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewIncidentsClient("9023f5b5-df22-4313-8fbf-b4b75af8a6d9", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.CreateTeam(ctx, + "ambawolvese5resourcegroup", + "AmbaE5WestCentralUS", + "69a30280-6a4c-4aa7-9af0-5d63f335d600", + armsecurityinsights.TeamProperties{ + TeamDescription: to.Ptr("Team description"), + TeamName: to.Ptr("Team name"), + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/GetAllIncidentAlerts.json func ExampleIncidentsClient_ListAlerts() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -156,7 +204,7 @@ func ExampleIncidentsClient_ListAlerts() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentBookmarks.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/GetAllIncidentBookmarks.json func ExampleIncidentsClient_ListBookmarks() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -179,7 +227,7 @@ func ExampleIncidentsClient_ListBookmarks() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentEntities.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/incidents/entities/GetAllIncidentEntities.json func ExampleIncidentsClient_ListEntities() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_ipgeodata_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_ipgeodata_client_test.go new file mode 100644 index 000000000000..b06584311c16 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_ipgeodata_client_test.go @@ -0,0 +1,39 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/enrichment/GetGeodataByIp.json +func ExampleIPGeodataClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewIPGeodataClient("bd794837-4d29-4647-9105-6339bfdb4e6a", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "1.2.3.4", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_metadata_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_metadata_client_test.go new file mode 100644 index 000000000000..83dec5c120cd --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_metadata_client_test.go @@ -0,0 +1,228 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "time" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/metadata/GetAllMetadataOData.json +func ExampleMetadataClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewMetadataClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + &armsecurityinsights.MetadataClientListOptions{Filter: nil, + Orderby: nil, + Top: nil, + Skip: nil, + }) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/metadata/GetMetadata.json +func ExampleMetadataClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewMetadataClient("2e1dc338-d04d-4443-b721-037eff4fdcac", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "metadataName", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/metadata/DeleteMetadata.json +func ExampleMetadataClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewMetadataClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "metadataName", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/metadata/PutMetadata.json +func ExampleMetadataClient_Create() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewMetadataClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Create(ctx, + "myRg", + "myWorkspace", + "metadataName", + armsecurityinsights.MetadataModel{ + Properties: &armsecurityinsights.MetadataProperties{ + Author: &armsecurityinsights.MetadataAuthor{ + Name: to.Ptr("User Name"), + Email: to.Ptr("email@microsoft.com"), + }, + Categories: &armsecurityinsights.MetadataCategories{ + Domains: []*string{ + to.Ptr("Application"), + to.Ptr("Security – Insider Threat")}, + Verticals: []*string{ + to.Ptr("Healthcare")}, + }, + ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), + ContentSchemaVersion: to.Ptr("2.0"), + CustomVersion: to.Ptr("1.0"), + Dependencies: &armsecurityinsights.MetadataDependencies{ + Criteria: []*armsecurityinsights.MetadataDependencies{ + { + Criteria: []*armsecurityinsights.MetadataDependencies{ + { + Name: to.Ptr("Microsoft Defender for Endpoint"), + ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"), + Kind: to.Ptr(armsecurityinsights.KindDataConnector), + }, + { + ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"), + Kind: to.Ptr(armsecurityinsights.KindDataConnector), + }, + { + ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"), + Kind: to.Ptr(armsecurityinsights.KindDataConnector), + Version: to.Ptr("2.0"), + }}, + Operator: to.Ptr(armsecurityinsights.OperatorOR), + }, + { + ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"), + Kind: to.Ptr(armsecurityinsights.KindPlaybook), + Version: to.Ptr("1.0"), + }, + { + ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"), + Kind: to.Ptr(armsecurityinsights.KindParser), + }}, + Operator: to.Ptr(armsecurityinsights.OperatorAND), + }, + FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), + Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), + LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), + ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), + PreviewImages: []*string{ + to.Ptr("firstImage.png"), + to.Ptr("secondImage.jpeg")}, + PreviewImagesDark: []*string{ + to.Ptr("firstImageDark.png"), + to.Ptr("secondImageDark.jpeg")}, + Providers: []*string{ + to.Ptr("Amazon"), + to.Ptr("Microsoft")}, + Source: &armsecurityinsights.MetadataSource{ + Name: to.Ptr("Contoso Solution 1.0"), + Kind: to.Ptr(armsecurityinsights.SourceKindSolution), + SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), + }, + Support: &armsecurityinsights.MetadataSupport{ + Name: to.Ptr("Microsoft"), + Email: to.Ptr("support@microsoft.com"), + Link: to.Ptr("https://support.microsoft.com/"), + Tier: to.Ptr(armsecurityinsights.SupportTierPartner), + }, + ThreatAnalysisTactics: []*string{ + to.Ptr("reconnaissance"), + to.Ptr("commandandcontrol")}, + ThreatAnalysisTechniques: []*string{ + to.Ptr("T1548"), + to.Ptr("T1548.001")}, + Version: to.Ptr("1.0.0.0"), + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/metadata/PatchMetadata.json +func ExampleMetadataClient_Update() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewMetadataClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Update(ctx, + "myRg", + "myWorkspace", + "metadataName", + armsecurityinsights.MetadataPatch{ + Properties: &armsecurityinsights.MetadataPropertiesPatch{ + Author: &armsecurityinsights.MetadataAuthor{ + Name: to.Ptr("User Name"), + Email: to.Ptr("email@microsoft.com"), + }, + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_officeconsents_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_officeconsents_client_test.go new file mode 100644 index 000000000000..bab894f1861a --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_officeconsents_client_test.go @@ -0,0 +1,87 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/officeConsents/GetOfficeConsents.json +func ExampleOfficeConsentsClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewOfficeConsentsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + nil) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/officeConsents/GetOfficeConsentsById.json +func ExampleOfficeConsentsClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewOfficeConsentsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/officeConsents/DeleteOfficeConsents.json +func ExampleOfficeConsentsClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewOfficeConsentsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_operations_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_operations_client_test.go index f30c142e0fc3..ab1e242a4e87 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_operations_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_operations_client_test.go @@ -13,10 +13,10 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/operations/ListOperations.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/operations/ListOperations.json func ExampleOperationsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_productsettings_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_productsettings_client_test.go new file mode 100644 index 000000000000..ffb276d1759c --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_productsettings_client_test.go @@ -0,0 +1,112 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/settings/GetAllSettings.json +func ExampleProductSettingsClient_List() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewProductSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.List(ctx, + "myRg", + "myWorkspace", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/settings/GetEyesOnSetting.json +func ExampleProductSettingsClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewProductSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "EyesOn", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/settings/DeleteEyesOnSetting.json +func ExampleProductSettingsClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewProductSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "EyesOn", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/settings/UpdateEyesOnSetting.json +func ExampleProductSettingsClient_Update() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewProductSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Update(ctx, + "myRg", + "myWorkspace", + "EyesOn", + &armsecurityinsights.EyesOn{ + Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), + Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn), + Properties: &armsecurityinsights.EyesOnSettingsProperties{}, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_securitymlanalyticssettings_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_securitymlanalyticssettings_client_test.go new file mode 100644 index 000000000000..2d4d7ea316d9 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_securitymlanalyticssettings_client_test.go @@ -0,0 +1,181 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +func ExampleSecurityMLAnalyticsSettingsClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSecurityMLAnalyticsSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + nil) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +func ExampleSecurityMLAnalyticsSettingsClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSecurityMLAnalyticsSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "myFirstAnomalySettings", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +func ExampleSecurityMLAnalyticsSettingsClient_CreateOrUpdate() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSecurityMLAnalyticsSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.CreateOrUpdate(ctx, + "myRg", + "myWorkspace", + "f209187f-1d17-4431-94af-c141bf5f23db", + &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{ + Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), + Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly), + Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{ + Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."), + AnomalySettingsVersion: to.Ptr[int32](0), + AnomalyVersion: to.Ptr("1.0.5"), + CustomizableObservations: map[string]interface{}{ + "multiSelectObservations": nil, + "prioritizeExcludeObservations": nil, + "singleSelectObservations": []interface{}{ + map[string]interface{}{ + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": float64(1), + "supportedValues": []interface{}{ + "Palo Alto Networks", + "Fortinet", + "Check Point", + }, + "supportedValuesKql": nil, + "value": []interface{}{ + "Palo Alto Networks", + }, + "valuesKql": nil, + }, + }, + "singleValueObservations": nil, + "thresholdObservations": []interface{}{ + map[string]interface{}{ + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": float64(1), + "value": "25", + }, + map[string]interface{}{ + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": float64(2), + "value": "3", + }, + }, + }, + DisplayName: to.Ptr("Login from unusual region"), + Enabled: to.Ptr(true), + Frequency: to.Ptr("PT1H"), + IsDefaultSettings: to.Ptr(true), + RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{ + { + ConnectorID: to.Ptr("AWS"), + DataTypes: []*string{ + to.Ptr("AWSCloudTrail")}, + }}, + SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), + SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction), + Tactics: []*armsecurityinsights.AttackTactic{ + to.Ptr(armsecurityinsights.AttackTacticExfiltration), + to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)}, + Techniques: []*string{ + to.Ptr("T1037"), + to.Ptr("T1021")}, + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +func ExampleSecurityMLAnalyticsSettingsClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSecurityMLAnalyticsSettingsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "f209187f-1d17-4431-94af-c141bf5f23db", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sentinelonboardingstates_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sentinelonboardingstates_client_test.go index bca89f7569b3..5968a2c62dd4 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sentinelonboardingstates_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sentinelonboardingstates_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/GetSentinelOnboardingState.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json func ExampleSentinelOnboardingStatesClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -40,7 +40,7 @@ func ExampleSentinelOnboardingStatesClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/CreateSentinelOnboardingState.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json func ExampleSentinelOnboardingStatesClient_Create() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -68,7 +68,7 @@ func ExampleSentinelOnboardingStatesClient_Create() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/DeleteSentinelOnboardingState.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json func ExampleSentinelOnboardingStatesClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -89,7 +89,7 @@ func ExampleSentinelOnboardingStatesClient_Delete() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json func ExampleSentinelOnboardingStatesClient_List() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrol_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrol_client_test.go new file mode 100644 index 000000000000..a8b480010653 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrol_client_test.go @@ -0,0 +1,44 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/repositories/GetRepositories.json +func ExampleSourceControlClient_NewListRepositoriesPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSourceControlClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListRepositoriesPager("myRg", + "myWorkspace", + armsecurityinsights.RepoTypeGithub, + nil) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrols_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrols_client_test.go new file mode 100644 index 000000000000..68a431066ba6 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_sourcecontrols_client_test.go @@ -0,0 +1,136 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights_test + +import ( + "context" + "log" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" +) + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/sourcecontrols/GetSourceControls.json +func ExampleSourceControlsClient_NewListPager() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSourceControlsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + pager := client.NewListPager("myRg", + "myWorkspace", + nil) + for pager.More() { + nextResult, err := pager.NextPage(ctx) + if err != nil { + log.Fatalf("failed to advance page: %v", err) + } + for _, v := range nextResult.Value { + // TODO: use page item + _ = v + } + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/sourcecontrols/GetSourceControlById.json +func ExampleSourceControlsClient_Get() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSourceControlsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Get(ctx, + "myRg", + "myWorkspace", + "789e0c1f-4a3d-43ad-809c-e713b677b04a", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/sourcecontrols/DeleteSourceControl.json +func ExampleSourceControlsClient_Delete() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSourceControlsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + _, err = client.Delete(ctx, + "myRg", + "myWorkspace", + "789e0c1f-4a3d-43ad-809c-e713b677b04a", + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } +} + +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/sourcecontrols/CreateSourceControl.json +func ExampleSourceControlsClient_Create() { + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + log.Fatalf("failed to obtain a credential: %v", err) + } + ctx := context.Background() + client, err := armsecurityinsights.NewSourceControlsClient("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", cred, nil) + if err != nil { + log.Fatalf("failed to create client: %v", err) + } + res, err := client.Create(ctx, + "myRg", + "myWorkspace", + "789e0c1f-4a3d-43ad-809c-e713b677b04a", + armsecurityinsights.SourceControl{ + Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), + Properties: &armsecurityinsights.SourceControlProperties{ + Description: to.Ptr("This is a source control"), + ContentTypes: []*armsecurityinsights.ContentType{ + to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), + to.Ptr(armsecurityinsights.ContentTypeWorkbook)}, + DisplayName: to.Ptr("My Source Control"), + RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub), + Repository: &armsecurityinsights.Repository{ + Branch: to.Ptr("master"), + DisplayURL: to.Ptr("https://github.com/user/repo"), + PathMapping: []*armsecurityinsights.ContentPathMap{ + { + Path: to.Ptr("path/to/rules"), + ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), + }, + { + Path: to.Ptr("path/to/workbooks"), + ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook), + }}, + URL: to.Ptr("https://github.com/user/repo"), + }, + }, + }, + nil) + if err != nil { + log.Fatalf("failed to finish the request: %v", err) + } + // TODO: use response item + _ = res +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicator_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicator_client_test.go index 528e9c701511..b872e9634bb4 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicator_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicator_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/CreateThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/CreateThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_CreateIndicator() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -32,7 +32,7 @@ func ExampleThreatIntelligenceIndicatorClient_CreateIndicator() { "myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceIndicatorModel{ - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator), + Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ Description: to.Ptr("debugging indicators"), Confidence: to.Ptr[int32](78), @@ -51,7 +51,7 @@ func ExampleThreatIntelligenceIndicatorClient_CreateIndicator() { to.Ptr("new schema")}, ThreatTypes: []*string{ to.Ptr("compromised")}, - ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"), + ValidFrom: to.Ptr("2021-09-15T17:44:00.114052Z"), ValidUntil: to.Ptr(""), }, }, @@ -63,7 +63,7 @@ func ExampleThreatIntelligenceIndicatorClient_CreateIndicator() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/GetThreatIntelligenceById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json func ExampleThreatIntelligenceIndicatorClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -86,7 +86,7 @@ func ExampleThreatIntelligenceIndicatorClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/UpdateThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_Create() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -102,7 +102,7 @@ func ExampleThreatIntelligenceIndicatorClient_Create() { "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{ - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator), + Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ Description: to.Ptr("debugging indicators"), Confidence: to.Ptr[int32](78), @@ -133,7 +133,7 @@ func ExampleThreatIntelligenceIndicatorClient_Create() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/DeleteThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -154,7 +154,7 @@ func ExampleThreatIntelligenceIndicatorClient_Delete() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/QueryThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/QueryThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_NewQueryIndicatorsPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -169,14 +169,14 @@ func ExampleThreatIntelligenceIndicatorClient_NewQueryIndicatorsPager() { "myWorkspace", armsecurityinsights.ThreatIntelligenceFilteringCriteria{ MaxConfidence: to.Ptr[int32](80), - MaxValidUntil: to.Ptr("2020-04-25T17:44:00.114052Z"), + MaxValidUntil: to.Ptr("2021-04-25T17:44:00.114052Z"), MinConfidence: to.Ptr[int32](25), - MinValidUntil: to.Ptr("2020-04-05T17:44:00.114052Z"), + MinValidUntil: to.Ptr("2021-04-05T17:44:00.114052Z"), PageSize: to.Ptr[int32](100), SortBy: []*armsecurityinsights.ThreatIntelligenceSortingCriteria{ { ItemKey: to.Ptr("lastUpdatedTimeUtc"), - SortOrder: to.Ptr(armsecurityinsights.ThreatIntelligenceSortingOrderDescending), + SortOrder: to.Ptr(armsecurityinsights.ThreatIntelligenceSortingCriteriaEnumDescending), }}, Sources: []*string{ to.Ptr("Azure Sentinel")}, @@ -194,7 +194,7 @@ func ExampleThreatIntelligenceIndicatorClient_NewQueryIndicatorsPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/AppendTagsThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_AppendTags() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -220,7 +220,7 @@ func ExampleThreatIntelligenceIndicatorClient_AppendTags() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json func ExampleThreatIntelligenceIndicatorClient_ReplaceTags() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -237,7 +237,7 @@ func ExampleThreatIntelligenceIndicatorClient_ReplaceTags() { "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{ Etag: to.Ptr("\"0000262c-0000-0800-0000-5e9767060000\""), - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator), + Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ ThreatIntelligenceTags: []*string{ to.Ptr("patching tags")}, diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicatormetrics_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicatormetrics_client_test.go index 647735ec08f9..184e6ab508c5 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicatormetrics_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicatormetrics_client_test.go @@ -13,10 +13,10 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json func ExampleThreatIntelligenceIndicatorMetricsClient_List() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicators_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicators_client_test.go index 82e288cf61c1..6db79fef9034 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicators_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_threatintelligenceindicators_client_test.go @@ -13,10 +13,10 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/GetThreatIntelligence.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/threatintelligence/GetThreatIntelligence.json func ExampleThreatIntelligenceIndicatorsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -30,9 +30,9 @@ func ExampleThreatIntelligenceIndicatorsClient_NewListPager() { pager := client.NewListPager("myRg", "myWorkspace", &armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil, + Orderby: nil, Top: nil, SkipToken: nil, - Orderby: nil, }) for pager.More() { nextResult, err := pager.NextPage(ctx) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlistitems_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlistitems_client_test.go index d9de3ada7e76..72521705556e 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlistitems_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlistitems_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistItems.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/GetWatchlistItems.json func ExampleWatchlistItemsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -44,7 +44,7 @@ func ExampleWatchlistItemsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistItemById.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/GetWatchlistItemById.json func ExampleWatchlistItemsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -68,7 +68,7 @@ func ExampleWatchlistItemsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/DeleteWatchlistItem.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/DeleteWatchlistItem.json func ExampleWatchlistItemsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -90,7 +90,7 @@ func ExampleWatchlistItemsClient_Delete() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/CreateWatchlistItem.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/CreateWatchlistItem.json func ExampleWatchlistItemsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlists_client_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlists_client_test.go index 65ce5d26652d..75e6db30d398 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlists_client_test.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/ze_generated_example_watchlists_client_test.go @@ -14,10 +14,10 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" ) -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlists.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/GetWatchlists.json func ExampleWatchlistsClient_NewListPager() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -43,7 +43,7 @@ func ExampleWatchlistsClient_NewListPager() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistByAlias.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/GetWatchlistByAlias.json func ExampleWatchlistsClient_Get() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -66,7 +66,7 @@ func ExampleWatchlistsClient_Get() { _ = res } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/DeleteWatchlist.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/DeleteWatchlist.json func ExampleWatchlistsClient_Delete() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -87,7 +87,7 @@ func ExampleWatchlistsClient_Delete() { } } -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json +// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/tree/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json func ExampleWatchlistsClient_CreateOrUpdate() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { @@ -112,7 +112,8 @@ func ExampleWatchlistsClient_CreateOrUpdate() { NumberOfLinesToSkip: to.Ptr[int32](1), Provider: to.Ptr("Microsoft"), RawContent: to.Ptr("This line will be skipped\nheader1,header2\nvalue1,value2"), - Source: to.Ptr(armsecurityinsights.SourceLocalFile), + Source: to.Ptr("watchlist.csv"), + SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), }, }, nil) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_actions_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_actions_client.go index abefaf8d8688..79e92a1ab3b7 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_actions_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_actions_client.go @@ -56,7 +56,7 @@ func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, // CreateOrUpdate - Creates or updates the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -106,7 +106,7 @@ func (client *ActionsClient) createOrUpdateCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, action) @@ -123,7 +123,7 @@ func (client *ActionsClient) createOrUpdateHandleResponse(resp *http.Response) ( // Delete - Delete the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -172,7 +172,7 @@ func (client *ActionsClient) deleteCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -180,7 +180,7 @@ func (client *ActionsClient) deleteCreateRequest(ctx context.Context, resourceGr // Get - Gets the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -229,7 +229,7 @@ func (client *ActionsClient) getCreateRequest(ctx context.Context, resourceGroup return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -246,7 +246,7 @@ func (client *ActionsClient) getHandleResponse(resp *http.Response) (ActionsClie // NewListByAlertRulePager - Gets all actions of alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -303,7 +303,7 @@ func (client *ActionsClient) listByAlertRuleCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertrules_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertrules_client.go index 895d5bb548bc..e4ce180ac651 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertrules_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertrules_client.go @@ -56,7 +56,7 @@ func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredentia // CreateOrUpdate - Creates or updates the alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -102,7 +102,7 @@ func (client *AlertRulesClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, alertRule) @@ -119,7 +119,7 @@ func (client *AlertRulesClient) createOrUpdateHandleResponse(resp *http.Response // Delete - Delete the alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -163,7 +163,7 @@ func (client *AlertRulesClient) deleteCreateRequest(ctx context.Context, resourc return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -171,7 +171,7 @@ func (client *AlertRulesClient) deleteCreateRequest(ctx context.Context, resourc // Get - Gets the alert rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // ruleID - Alert rule ID @@ -215,7 +215,7 @@ func (client *AlertRulesClient) getCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -232,7 +232,7 @@ func (client *AlertRulesClient) getHandleResponse(resp *http.Response) (AlertRul // NewListPager - Gets all alert rules. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.List method. @@ -284,7 +284,7 @@ func (client *AlertRulesClient) listCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertruletemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertruletemplates_client.go index 56ed170ecb9f..33f8e072d8b2 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertruletemplates_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_alertruletemplates_client.go @@ -56,7 +56,7 @@ func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenC // Get - Gets the alert rule template. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // alertRuleTemplateID - Alert rule template ID @@ -100,7 +100,7 @@ func (client *AlertRuleTemplatesClient) getCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -117,7 +117,7 @@ func (client *AlertRuleTemplatesClient) getHandleResponse(resp *http.Response) ( // NewListPager - Gets all alert rule templates. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.List method. @@ -169,7 +169,7 @@ func (client *AlertRuleTemplatesClient) listCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_automationrules_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_automationrules_client.go index 01b157f0eae9..66db42517319 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_automationrules_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_automationrules_client.go @@ -54,9 +54,9 @@ func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCred return client, nil } -// CreateOrUpdate - Creates or updates the automation rule +// CreateOrUpdate - Creates or updates the automation rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // automationRuleID - Automation rule ID @@ -101,7 +101,7 @@ func (client *AutomationRulesClient) createOrUpdateCreateRequest(ctx context.Con return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if options != nil && options.AutomationRuleToUpsert != nil { @@ -119,9 +119,9 @@ func (client *AutomationRulesClient) createOrUpdateHandleResponse(resp *http.Res return result, nil } -// Delete - Delete the automation rule +// Delete - Delete the automation rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // automationRuleID - Automation rule ID @@ -165,7 +165,7 @@ func (client *AutomationRulesClient) deleteCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -180,9 +180,9 @@ func (client *AutomationRulesClient) deleteHandleResponse(resp *http.Response) ( return result, nil } -// Get - Gets the automation rule +// Get - Gets the automation rule. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // automationRuleID - Automation rule ID @@ -226,7 +226,7 @@ func (client *AutomationRulesClient) getCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -241,9 +241,9 @@ func (client *AutomationRulesClient) getHandleResponse(resp *http.Response) (Aut return result, nil } -// NewListPager - Gets all automation rules +// NewListPager - Gets all automation rules. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.List method. @@ -295,7 +295,7 @@ func (client *AutomationRulesClient) listCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmark_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmark_client.go new file mode 100644 index 000000000000..f5657dc8c529 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmark_client.go @@ -0,0 +1,117 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// BookmarkClient contains the methods for the Bookmark group. +// Don't use this type directly, use NewBookmarkClient() instead. +type BookmarkClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewBookmarkClient creates a new instance of BookmarkClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewBookmarkClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &BookmarkClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Expand - Expand an bookmark +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// bookmarkID - Bookmark ID +// parameters - The parameters required to execute an expand operation on the given bookmark. +// options - BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method. +func (client *BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (BookmarkClientExpandResponse, error) { + req, err := client.expandCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, parameters, options) + if err != nil { + return BookmarkClientExpandResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return BookmarkClientExpandResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return BookmarkClientExpandResponse{}, runtime.NewResponseError(resp) + } + return client.expandHandleResponse(resp) +} + +// expandCreateRequest creates the Expand request. +func (client *BookmarkClient) expandCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if bookmarkID == "" { + return nil, errors.New("parameter bookmarkID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// expandHandleResponse handles the Expand response. +func (client *BookmarkClient) expandHandleResponse(resp *http.Response) (BookmarkClientExpandResponse, error) { + result := BookmarkClientExpandResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.BookmarkExpandResponse); err != nil { + return BookmarkClientExpandResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarkrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarkrelations_client.go new file mode 100644 index 000000000000..a4ad0b73e113 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarkrelations_client.go @@ -0,0 +1,334 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strconv" + "strings" +) + +// BookmarkRelationsClient contains the methods for the BookmarkRelations group. +// Don't use this type directly, use NewBookmarkRelationsClient() instead. +type BookmarkRelationsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewBookmarkRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkRelationsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &BookmarkRelationsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// CreateOrUpdate - Creates the bookmark relation. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// bookmarkID - Bookmark ID +// relationName - Relation Name +// relation - The relation model +// options - BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate +// method. +func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (BookmarkRelationsClientCreateOrUpdateResponse, error) { + req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, relation, options) + if err != nil { + return BookmarkRelationsClientCreateOrUpdateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return BookmarkRelationsClientCreateOrUpdateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) { + return BookmarkRelationsClientCreateOrUpdateResponse{}, runtime.NewResponseError(resp) + } + return client.createOrUpdateHandleResponse(resp) +} + +// createOrUpdateCreateRequest creates the CreateOrUpdate request. +func (client *BookmarkRelationsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if bookmarkID == "" { + return nil, errors.New("parameter bookmarkID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) + if relationName == "" { + return nil, errors.New("parameter relationName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, relation) +} + +// createOrUpdateHandleResponse handles the CreateOrUpdate response. +func (client *BookmarkRelationsClient) createOrUpdateHandleResponse(resp *http.Response) (BookmarkRelationsClientCreateOrUpdateResponse, error) { + result := BookmarkRelationsClientCreateOrUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { + return BookmarkRelationsClientCreateOrUpdateResponse{}, err + } + return result, nil +} + +// Delete - Delete the bookmark relation. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// bookmarkID - Bookmark ID +// relationName - Relation Name +// options - BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete +// method. +func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (BookmarkRelationsClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, options) + if err != nil { + return BookmarkRelationsClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return BookmarkRelationsClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return BookmarkRelationsClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return BookmarkRelationsClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *BookmarkRelationsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if bookmarkID == "" { + return nil, errors.New("parameter bookmarkID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) + if relationName == "" { + return nil, errors.New("parameter relationName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets a bookmark relation. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// bookmarkID - Bookmark ID +// relationName - Relation Name +// options - BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method. +func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (BookmarkRelationsClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, options) + if err != nil { + return BookmarkRelationsClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return BookmarkRelationsClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return BookmarkRelationsClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *BookmarkRelationsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if bookmarkID == "" { + return nil, errors.New("parameter bookmarkID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) + if relationName == "" { + return nil, errors.New("parameter relationName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *BookmarkRelationsClient) getHandleResponse(resp *http.Response) (BookmarkRelationsClientGetResponse, error) { + result := BookmarkRelationsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { + return BookmarkRelationsClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all bookmark relations. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// bookmarkID - Bookmark ID +// options - BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method. +func (client *BookmarkRelationsClient) NewListPager(resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) *runtime.Pager[BookmarkRelationsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[BookmarkRelationsClientListResponse]{ + More: func(page BookmarkRelationsClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *BookmarkRelationsClientListResponse) (BookmarkRelationsClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return BookmarkRelationsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return BookmarkRelationsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return BookmarkRelationsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *BookmarkRelationsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if bookmarkID == "" { + return nil, errors.New("parameter bookmarkID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) + } + if options != nil && options.SkipToken != nil { + reqQP.Set("$skipToken", *options.SkipToken) + } + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *BookmarkRelationsClient) listHandleResponse(resp *http.Response) (BookmarkRelationsClientListResponse, error) { + result := BookmarkRelationsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.RelationList); err != nil { + return BookmarkRelationsClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarks_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarks_client.go index 85f9fb6aac18..9b50e7a2704d 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarks_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_bookmarks_client.go @@ -56,7 +56,7 @@ func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential // CreateOrUpdate - Creates or updates the bookmark. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // bookmarkID - Bookmark ID @@ -102,7 +102,7 @@ func (client *BookmarksClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, bookmark) @@ -119,7 +119,7 @@ func (client *BookmarksClient) createOrUpdateHandleResponse(resp *http.Response) // Delete - Delete the bookmark. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // bookmarkID - Bookmark ID @@ -163,7 +163,7 @@ func (client *BookmarksClient) deleteCreateRequest(ctx context.Context, resource return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -171,7 +171,7 @@ func (client *BookmarksClient) deleteCreateRequest(ctx context.Context, resource // Get - Gets a bookmark. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // bookmarkID - Bookmark ID @@ -215,7 +215,7 @@ func (client *BookmarksClient) getCreateRequest(ctx context.Context, resourceGro return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -232,7 +232,7 @@ func (client *BookmarksClient) getHandleResponse(resp *http.Response) (Bookmarks // NewListPager - Gets all bookmarks. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.List method. @@ -284,7 +284,7 @@ func (client *BookmarksClient) listCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_constants.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_constants.go index 63929448bb47..2097d51765eb 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_constants.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_constants.go @@ -10,10 +10,10 @@ package armsecurityinsights const ( moduleName = "armsecurityinsights" - moduleVersion = "v1.0.0" + moduleVersion = "v2.0.0-beta.1" ) -// ActionType - The type of the automation rule action +// ActionType - The type of the automation rule action. type ActionType string const ( @@ -54,16 +54,22 @@ type AlertRuleKind string const ( AlertRuleKindFusion AlertRuleKind = "Fusion" + AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" + AlertRuleKindNRT AlertRuleKind = "NRT" AlertRuleKindScheduled AlertRuleKind = "Scheduled" + AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" ) // PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { return []AlertRuleKind{ AlertRuleKindFusion, + AlertRuleKindMLBehaviorAnalytics, AlertRuleKindMicrosoftSecurityIncidentCreation, + AlertRuleKindNRT, AlertRuleKindScheduled, + AlertRuleKindThreatIntelligence, } } @@ -146,19 +152,23 @@ func PossibleAntispamMailDirectionValues() []AntispamMailDirection { type AttackTactic string const ( - AttackTacticCollection AttackTactic = "Collection" - AttackTacticCommandAndControl AttackTactic = "CommandAndControl" - AttackTacticCredentialAccess AttackTactic = "CredentialAccess" - AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" - AttackTacticDiscovery AttackTactic = "Discovery" - AttackTacticExecution AttackTactic = "Execution" - AttackTacticExfiltration AttackTactic = "Exfiltration" - AttackTacticImpact AttackTactic = "Impact" - AttackTacticInitialAccess AttackTactic = "InitialAccess" - AttackTacticLateralMovement AttackTactic = "LateralMovement" - AttackTacticPersistence AttackTactic = "Persistence" - AttackTacticPreAttack AttackTactic = "PreAttack" - AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" + AttackTacticCollection AttackTactic = "Collection" + AttackTacticCommandAndControl AttackTactic = "CommandAndControl" + AttackTacticCredentialAccess AttackTactic = "CredentialAccess" + AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" + AttackTacticDiscovery AttackTactic = "Discovery" + AttackTacticExecution AttackTactic = "Execution" + AttackTacticExfiltration AttackTactic = "Exfiltration" + AttackTacticImpact AttackTactic = "Impact" + AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" + AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" + AttackTacticInitialAccess AttackTactic = "InitialAccess" + AttackTacticLateralMovement AttackTactic = "LateralMovement" + AttackTacticPersistence AttackTactic = "Persistence" + AttackTacticPreAttack AttackTactic = "PreAttack" + AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" + AttackTacticReconnaissance AttackTactic = "Reconnaissance" + AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" ) // PossibleAttackTacticValues returns the possible values for the AttackTactic const type. @@ -172,11 +182,91 @@ func PossibleAttackTacticValues() []AttackTactic { AttackTacticExecution, AttackTacticExfiltration, AttackTacticImpact, + AttackTacticImpairProcessControl, + AttackTacticInhibitResponseFunction, AttackTacticInitialAccess, AttackTacticLateralMovement, AttackTacticPersistence, AttackTacticPreAttack, AttackTacticPrivilegeEscalation, + AttackTacticReconnaissance, + AttackTacticResourceDevelopment, + } +} + +type AutomationRulePropertyArrayChangedConditionSupportedArrayType string + +const ( + // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts - Evaluate the condition on the alerts + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Alerts" + // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments - Evaluate the condition on the comments + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Comments" + // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels - Evaluate the condition on the labels + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Labels" + // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics - Evaluate the condition on the tactics + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Tactics" +) + +// PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues returns the possible values for the AutomationRulePropertyArrayChangedConditionSupportedArrayType const type. +func PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedArrayType { + return []AutomationRulePropertyArrayChangedConditionSupportedArrayType{ + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts, + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments, + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels, + AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics, + } +} + +type AutomationRulePropertyArrayChangedConditionSupportedChangeType string + +const ( + // AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded - Evaluate the condition on items added to the array + AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded AutomationRulePropertyArrayChangedConditionSupportedChangeType = "Added" +) + +// PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues returns the possible values for the AutomationRulePropertyArrayChangedConditionSupportedChangeType const type. +func PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedChangeType { + return []AutomationRulePropertyArrayChangedConditionSupportedChangeType{ + AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded, + } +} + +type AutomationRulePropertyChangedConditionSupportedChangedType string + +const ( + // AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom - Evaluate the condition on the previous value of + // the property + AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedFrom" + // AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo - Evaluate the condition on the updated value of the + // property + AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedTo" +) + +// PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues returns the possible values for the AutomationRulePropertyChangedConditionSupportedChangedType const type. +func PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues() []AutomationRulePropertyChangedConditionSupportedChangedType { + return []AutomationRulePropertyChangedConditionSupportedChangedType{ + AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom, + AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo, + } +} + +type AutomationRulePropertyChangedConditionSupportedPropertyType string + +const ( + // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner - Evaluate the condition on the incident owner + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentOwner" + // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity - Evaluate the condition on the incident severity + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentSeverity" + // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus - Evaluate the condition on the incident status + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentStatus" +) + +// PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues returns the possible values for the AutomationRulePropertyChangedConditionSupportedPropertyType const type. +func PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues() []AutomationRulePropertyChangedConditionSupportedPropertyType { + return []AutomationRulePropertyChangedConditionSupportedPropertyType{ + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner, + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity, + AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus, } } @@ -222,7 +312,7 @@ func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []Automati } } -// AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition +// AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition. type AutomationRulePropertyConditionSupportedProperty string const ( @@ -401,12 +491,18 @@ type ConditionType string const ( // ConditionTypeProperty - Evaluate an object property value ConditionTypeProperty ConditionType = "Property" + // ConditionTypePropertyArrayChanged - Evaluate an object array property changed value + ConditionTypePropertyArrayChanged ConditionType = "PropertyArrayChanged" + // ConditionTypePropertyChanged - Evaluate an object property changed value + ConditionTypePropertyChanged ConditionType = "PropertyChanged" ) // PossibleConditionTypeValues returns the possible values for the ConditionType const type. func PossibleConditionTypeValues() []ConditionType { return []ConditionType{ ConditionTypeProperty, + ConditionTypePropertyArrayChanged, + ConditionTypePropertyChanged, } } @@ -457,6 +553,54 @@ func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { } } +// ConnectAuthKind - The authentication kind used to poll the data +type ConnectAuthKind string + +const ( + ConnectAuthKindAPIKey ConnectAuthKind = "APIKey" + ConnectAuthKindBasic ConnectAuthKind = "Basic" + ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2" +) + +// PossibleConnectAuthKindValues returns the possible values for the ConnectAuthKind const type. +func PossibleConnectAuthKindValues() []ConnectAuthKind { + return []ConnectAuthKind{ + ConnectAuthKindAPIKey, + ConnectAuthKindBasic, + ConnectAuthKindOAuth2, + } +} + +// ConnectivityType - type of connectivity +type ConnectivityType string + +const ( + ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery" +) + +// PossibleConnectivityTypeValues returns the possible values for the ConnectivityType const type. +func PossibleConnectivityTypeValues() []ConnectivityType { + return []ConnectivityType{ + ConnectivityTypeIsConnectedQuery, + } +} + +// ContentType - The content type of a source control path. +type ContentType string + +const ( + ContentTypeAnalyticRule ContentType = "AnalyticRule" + ContentTypeWorkbook ContentType = "Workbook" +) + +// PossibleContentTypeValues returns the possible values for the ContentType const type. +func PossibleContentTypeValues() []ContentType { + return []ContentType{ + ContentTypeAnalyticRule, + ContentTypeWorkbook, + } +} + // CreatedByType - The type of identity that created the resource. type CreatedByType string @@ -477,31 +621,103 @@ func PossibleCreatedByTypeValues() []CreatedByType { } } +// CustomEntityQueryKind - The kind of the entity query that supports put request. +type CustomEntityQueryKind string + +const ( + CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity" +) + +// PossibleCustomEntityQueryKindValues returns the possible values for the CustomEntityQueryKind const type. +func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind { + return []CustomEntityQueryKind{ + CustomEntityQueryKindActivity, + } +} + +// DataConnectorAuthorizationState - Describes the state of user's authorization for a connector kind. +type DataConnectorAuthorizationState string + +const ( + DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid" + DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid" +) + +// PossibleDataConnectorAuthorizationStateValues returns the possible values for the DataConnectorAuthorizationState const type. +func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { + return []DataConnectorAuthorizationState{ + DataConnectorAuthorizationStateInvalid, + DataConnectorAuthorizationStateValid, + } +} + // DataConnectorKind - The kind of the data connector type DataConnectorKind string const ( + DataConnectorKindAPIPolling DataConnectorKind = "APIPolling" DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3" DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365" + DataConnectorKindGenericUI DataConnectorKind = "GenericUI" + DataConnectorKindIOT DataConnectorKind = "IOT" DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" + DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection" DataConnectorKindOffice365 DataConnectorKind = "Office365" + DataConnectorKindOffice365Project DataConnectorKind = "Office365Project" + DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" + DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM" + DataConnectorKindOfficePowerBI DataConnectorKind = "OfficePowerBI" DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" + DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" ) // PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { return []DataConnectorKind{ + DataConnectorKindAPIPolling, DataConnectorKindAmazonWebServicesCloudTrail, + DataConnectorKindAmazonWebServicesS3, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, + DataConnectorKindDynamics365, + DataConnectorKindGenericUI, + DataConnectorKindIOT, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, + DataConnectorKindMicrosoftThreatIntelligence, + DataConnectorKindMicrosoftThreatProtection, DataConnectorKindOffice365, + DataConnectorKindOffice365Project, + DataConnectorKindOfficeATP, + DataConnectorKindOfficeIRM, + DataConnectorKindOfficePowerBI, DataConnectorKindThreatIntelligence, + DataConnectorKindThreatIntelligenceTaxii, + } +} + +// DataConnectorLicenseState - Describes the state of user's license for a connector kind. +type DataConnectorLicenseState string + +const ( + DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" + DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" + DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" +) + +// PossibleDataConnectorLicenseStateValues returns the possible values for the DataConnectorLicenseState const type. +func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { + return []DataConnectorLicenseState{ + DataConnectorLicenseStateInvalid, + DataConnectorLicenseStateUnknown, + DataConnectorLicenseStateValid, } } @@ -587,6 +803,62 @@ func PossibleDeliveryLocationValues() []DeliveryLocation { } } +// DeploymentFetchStatus - Status while trying to fetch the deployment information. +type DeploymentFetchStatus string + +const ( + DeploymentFetchStatusNotFound DeploymentFetchStatus = "NotFound" + DeploymentFetchStatusSuccess DeploymentFetchStatus = "Success" + DeploymentFetchStatusUnauthorized DeploymentFetchStatus = "Unauthorized" +) + +// PossibleDeploymentFetchStatusValues returns the possible values for the DeploymentFetchStatus const type. +func PossibleDeploymentFetchStatusValues() []DeploymentFetchStatus { + return []DeploymentFetchStatus{ + DeploymentFetchStatusNotFound, + DeploymentFetchStatusSuccess, + DeploymentFetchStatusUnauthorized, + } +} + +// DeploymentResult - Status while trying to fetch the deployment information. +type DeploymentResult string + +const ( + DeploymentResultCanceled DeploymentResult = "Canceled" + DeploymentResultFailed DeploymentResult = "Failed" + DeploymentResultSuccess DeploymentResult = "Success" +) + +// PossibleDeploymentResultValues returns the possible values for the DeploymentResult const type. +func PossibleDeploymentResultValues() []DeploymentResult { + return []DeploymentResult{ + DeploymentResultCanceled, + DeploymentResultFailed, + DeploymentResultSuccess, + } +} + +// DeploymentState - The current state of the deployment. +type DeploymentState string + +const ( + DeploymentStateCanceling DeploymentState = "Canceling" + DeploymentStateCompleted DeploymentState = "Completed" + DeploymentStateInProgress DeploymentState = "In_Progress" + DeploymentStateQueued DeploymentState = "Queued" +) + +// PossibleDeploymentStateValues returns the possible values for the DeploymentState const type. +func PossibleDeploymentStateValues() []DeploymentState { + return []DeploymentState{ + DeploymentStateCanceling, + DeploymentStateCompleted, + DeploymentStateInProgress, + DeploymentStateQueued, + } +} + // ElevationToken - The elevation token associated with the process. type ElevationToken string @@ -608,78 +880,92 @@ func PossibleElevationTokenValues() []ElevationToken { } } -// EntityKindEnum - The kind of the entity -type EntityKindEnum string - -const ( - // EntityKindEnumAccount - Entity represents account in the system. - EntityKindEnumAccount EntityKindEnum = "Account" - // EntityKindEnumAzureResource - Entity represents azure resource in the system. - EntityKindEnumAzureResource EntityKindEnum = "AzureResource" - // EntityKindEnumBookmark - Entity represents bookmark in the system. - EntityKindEnumBookmark EntityKindEnum = "Bookmark" - // EntityKindEnumCloudApplication - Entity represents cloud application in the system. - EntityKindEnumCloudApplication EntityKindEnum = "CloudApplication" - // EntityKindEnumDNSResolution - Entity represents dns resolution in the system. - EntityKindEnumDNSResolution EntityKindEnum = "DnsResolution" - // EntityKindEnumFile - Entity represents file in the system. - EntityKindEnumFile EntityKindEnum = "File" - // EntityKindEnumFileHash - Entity represents file hash in the system. - EntityKindEnumFileHash EntityKindEnum = "FileHash" - // EntityKindEnumHost - Entity represents host in the system. - EntityKindEnumHost EntityKindEnum = "Host" - // EntityKindEnumIP - Entity represents ip in the system. - EntityKindEnumIP EntityKindEnum = "Ip" - // EntityKindEnumIoTDevice - Entity represents IoT device in the system. - EntityKindEnumIoTDevice EntityKindEnum = "IoTDevice" - // EntityKindEnumMailCluster - Entity represents mail cluster in the system. - EntityKindEnumMailCluster EntityKindEnum = "MailCluster" - // EntityKindEnumMailMessage - Entity represents mail message in the system. - EntityKindEnumMailMessage EntityKindEnum = "MailMessage" - // EntityKindEnumMailbox - Entity represents mailbox in the system. - EntityKindEnumMailbox EntityKindEnum = "Mailbox" - // EntityKindEnumMalware - Entity represents malware in the system. - EntityKindEnumMalware EntityKindEnum = "Malware" - // EntityKindEnumProcess - Entity represents process in the system. - EntityKindEnumProcess EntityKindEnum = "Process" - // EntityKindEnumRegistryKey - Entity represents registry key in the system. - EntityKindEnumRegistryKey EntityKindEnum = "RegistryKey" - // EntityKindEnumRegistryValue - Entity represents registry value in the system. - EntityKindEnumRegistryValue EntityKindEnum = "RegistryValue" - // EntityKindEnumSecurityAlert - Entity represents security alert in the system. - EntityKindEnumSecurityAlert EntityKindEnum = "SecurityAlert" - // EntityKindEnumSecurityGroup - Entity represents security group in the system. - EntityKindEnumSecurityGroup EntityKindEnum = "SecurityGroup" - // EntityKindEnumSubmissionMail - Entity represents submission mail in the system. - EntityKindEnumSubmissionMail EntityKindEnum = "SubmissionMail" - // EntityKindEnumURL - Entity represents url in the system. - EntityKindEnumURL EntityKindEnum = "Url" -) - -// PossibleEntityKindEnumValues returns the possible values for the EntityKindEnum const type. -func PossibleEntityKindEnumValues() []EntityKindEnum { - return []EntityKindEnum{ - EntityKindEnumAccount, - EntityKindEnumAzureResource, - EntityKindEnumBookmark, - EntityKindEnumCloudApplication, - EntityKindEnumDNSResolution, - EntityKindEnumFile, - EntityKindEnumFileHash, - EntityKindEnumHost, - EntityKindEnumIP, - EntityKindEnumIoTDevice, - EntityKindEnumMailCluster, - EntityKindEnumMailMessage, - EntityKindEnumMailbox, - EntityKindEnumMalware, - EntityKindEnumProcess, - EntityKindEnumRegistryKey, - EntityKindEnumRegistryValue, - EntityKindEnumSecurityAlert, - EntityKindEnumSecurityGroup, - EntityKindEnumSubmissionMail, - EntityKindEnumURL, +type EntityItemQueryKind string + +const ( + // EntityItemQueryKindInsight - insight + EntityItemQueryKindInsight EntityItemQueryKind = "Insight" +) + +// PossibleEntityItemQueryKindValues returns the possible values for the EntityItemQueryKind const type. +func PossibleEntityItemQueryKindValues() []EntityItemQueryKind { + return []EntityItemQueryKind{ + EntityItemQueryKindInsight, + } +} + +// EntityKind - The kind of the entity +type EntityKind string + +const ( + // EntityKindAccount - Entity represents account in the system. + EntityKindAccount EntityKind = "Account" + // EntityKindAzureResource - Entity represents azure resource in the system. + EntityKindAzureResource EntityKind = "AzureResource" + // EntityKindBookmark - Entity represents bookmark in the system. + EntityKindBookmark EntityKind = "Bookmark" + // EntityKindCloudApplication - Entity represents cloud application in the system. + EntityKindCloudApplication EntityKind = "CloudApplication" + // EntityKindDNSResolution - Entity represents dns resolution in the system. + EntityKindDNSResolution EntityKind = "DnsResolution" + // EntityKindFile - Entity represents file in the system. + EntityKindFile EntityKind = "File" + // EntityKindFileHash - Entity represents file hash in the system. + EntityKindFileHash EntityKind = "FileHash" + // EntityKindHost - Entity represents host in the system. + EntityKindHost EntityKind = "Host" + // EntityKindIP - Entity represents ip in the system. + EntityKindIP EntityKind = "Ip" + // EntityKindIoTDevice - Entity represents IoT device in the system. + EntityKindIoTDevice EntityKind = "IoTDevice" + // EntityKindMailCluster - Entity represents mail cluster in the system. + EntityKindMailCluster EntityKind = "MailCluster" + // EntityKindMailMessage - Entity represents mail message in the system. + EntityKindMailMessage EntityKind = "MailMessage" + // EntityKindMailbox - Entity represents mailbox in the system. + EntityKindMailbox EntityKind = "Mailbox" + // EntityKindMalware - Entity represents malware in the system. + EntityKindMalware EntityKind = "Malware" + // EntityKindProcess - Entity represents process in the system. + EntityKindProcess EntityKind = "Process" + // EntityKindRegistryKey - Entity represents registry key in the system. + EntityKindRegistryKey EntityKind = "RegistryKey" + // EntityKindRegistryValue - Entity represents registry value in the system. + EntityKindRegistryValue EntityKind = "RegistryValue" + // EntityKindSecurityAlert - Entity represents security alert in the system. + EntityKindSecurityAlert EntityKind = "SecurityAlert" + // EntityKindSecurityGroup - Entity represents security group in the system. + EntityKindSecurityGroup EntityKind = "SecurityGroup" + // EntityKindSubmissionMail - Entity represents submission mail in the system. + EntityKindSubmissionMail EntityKind = "SubmissionMail" + // EntityKindURL - Entity represents url in the system. + EntityKindURL EntityKind = "Url" +) + +// PossibleEntityKindValues returns the possible values for the EntityKind const type. +func PossibleEntityKindValues() []EntityKind { + return []EntityKind{ + EntityKindAccount, + EntityKindAzureResource, + EntityKindBookmark, + EntityKindCloudApplication, + EntityKindDNSResolution, + EntityKindFile, + EntityKindFileHash, + EntityKindHost, + EntityKindIP, + EntityKindIoTDevice, + EntityKindMailCluster, + EntityKindMailMessage, + EntityKindMailbox, + EntityKindMalware, + EntityKindProcess, + EntityKindRegistryKey, + EntityKindRegistryValue, + EntityKindSecurityAlert, + EntityKindSecurityGroup, + EntityKindSubmissionMail, + EntityKindURL, } } @@ -749,6 +1035,181 @@ func PossibleEntityMappingTypeValues() []EntityMappingType { } } +// EntityProviders - The entity provider that is synced. +type EntityProviders string + +const ( + EntityProvidersActiveDirectory EntityProviders = "ActiveDirectory" + EntityProvidersAzureActiveDirectory EntityProviders = "AzureActiveDirectory" +) + +// PossibleEntityProvidersValues returns the possible values for the EntityProviders const type. +func PossibleEntityProvidersValues() []EntityProviders { + return []EntityProviders{ + EntityProvidersActiveDirectory, + EntityProvidersAzureActiveDirectory, + } +} + +// EntityQueryKind - The kind of the entity query +type EntityQueryKind string + +const ( + EntityQueryKindActivity EntityQueryKind = "Activity" + EntityQueryKindExpansion EntityQueryKind = "Expansion" + EntityQueryKindInsight EntityQueryKind = "Insight" +) + +// PossibleEntityQueryKindValues returns the possible values for the EntityQueryKind const type. +func PossibleEntityQueryKindValues() []EntityQueryKind { + return []EntityQueryKind{ + EntityQueryKindActivity, + EntityQueryKindExpansion, + EntityQueryKindInsight, + } +} + +// EntityQueryTemplateKind - The kind of the entity query template. +type EntityQueryTemplateKind string + +const ( + EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity" +) + +// PossibleEntityQueryTemplateKindValues returns the possible values for the EntityQueryTemplateKind const type. +func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind { + return []EntityQueryTemplateKind{ + EntityQueryTemplateKindActivity, + } +} + +// EntityTimelineKind - The entity query kind +type EntityTimelineKind string + +const ( + // EntityTimelineKindActivity - activity + EntityTimelineKindActivity EntityTimelineKind = "Activity" + // EntityTimelineKindAnomaly - anomaly + EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly" + // EntityTimelineKindBookmark - bookmarks + EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" + // EntityTimelineKindSecurityAlert - security alerts + EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" +) + +// PossibleEntityTimelineKindValues returns the possible values for the EntityTimelineKind const type. +func PossibleEntityTimelineKindValues() []EntityTimelineKind { + return []EntityTimelineKind{ + EntityTimelineKindActivity, + EntityTimelineKindAnomaly, + EntityTimelineKindBookmark, + EntityTimelineKindSecurityAlert, + } +} + +// EntityType - The type of the entity +type EntityType string + +const ( + // EntityTypeAccount - Entity represents account in the system. + EntityTypeAccount EntityType = "Account" + // EntityTypeAzureResource - Entity represents azure resource in the system. + EntityTypeAzureResource EntityType = "AzureResource" + // EntityTypeCloudApplication - Entity represents cloud application in the system. + EntityTypeCloudApplication EntityType = "CloudApplication" + // EntityTypeDNS - Entity represents dns in the system. + EntityTypeDNS EntityType = "DNS" + // EntityTypeFile - Entity represents file in the system. + EntityTypeFile EntityType = "File" + // EntityTypeFileHash - Entity represents file hash in the system. + EntityTypeFileHash EntityType = "FileHash" + // EntityTypeHost - Entity represents host in the system. + EntityTypeHost EntityType = "Host" + // EntityTypeHuntingBookmark - Entity represents HuntingBookmark in the system. + EntityTypeHuntingBookmark EntityType = "HuntingBookmark" + // EntityTypeIP - Entity represents ip in the system. + EntityTypeIP EntityType = "IP" + // EntityTypeIoTDevice - Entity represents IoT device in the system. + EntityTypeIoTDevice EntityType = "IoTDevice" + // EntityTypeMailCluster - Entity represents mail cluster in the system. + EntityTypeMailCluster EntityType = "MailCluster" + // EntityTypeMailMessage - Entity represents mail message in the system. + EntityTypeMailMessage EntityType = "MailMessage" + // EntityTypeMailbox - Entity represents mailbox in the system. + EntityTypeMailbox EntityType = "Mailbox" + // EntityTypeMalware - Entity represents malware in the system. + EntityTypeMalware EntityType = "Malware" + // EntityTypeProcess - Entity represents process in the system. + EntityTypeProcess EntityType = "Process" + // EntityTypeRegistryKey - Entity represents registry key in the system. + EntityTypeRegistryKey EntityType = "RegistryKey" + // EntityTypeRegistryValue - Entity represents registry value in the system. + EntityTypeRegistryValue EntityType = "RegistryValue" + // EntityTypeSecurityAlert - Entity represents security alert in the system. + EntityTypeSecurityAlert EntityType = "SecurityAlert" + // EntityTypeSecurityGroup - Entity represents security group in the system. + EntityTypeSecurityGroup EntityType = "SecurityGroup" + // EntityTypeSubmissionMail - Entity represents submission mail in the system. + EntityTypeSubmissionMail EntityType = "SubmissionMail" + // EntityTypeURL - Entity represents url in the system. + EntityTypeURL EntityType = "URL" +) + +// PossibleEntityTypeValues returns the possible values for the EntityType const type. +func PossibleEntityTypeValues() []EntityType { + return []EntityType{ + EntityTypeAccount, + EntityTypeAzureResource, + EntityTypeCloudApplication, + EntityTypeDNS, + EntityTypeFile, + EntityTypeFileHash, + EntityTypeHost, + EntityTypeHuntingBookmark, + EntityTypeIP, + EntityTypeIoTDevice, + EntityTypeMailCluster, + EntityTypeMailMessage, + EntityTypeMailbox, + EntityTypeMalware, + EntityTypeProcess, + EntityTypeRegistryKey, + EntityTypeRegistryValue, + EntityTypeSecurityAlert, + EntityTypeSecurityGroup, + EntityTypeSubmissionMail, + EntityTypeURL, + } +} + +type Enum13 string + +const ( + Enum13Activity Enum13 = "Activity" + Enum13Expansion Enum13 = "Expansion" +) + +// PossibleEnum13Values returns the possible values for the Enum13 const type. +func PossibleEnum13Values() []Enum13 { + return []Enum13{ + Enum13Activity, + Enum13Expansion, + } +} + +type Enum15 string + +const ( + Enum15Activity Enum15 = "Activity" +) + +// PossibleEnum15Values returns the possible values for the Enum15 const type. +func PossibleEnum15Values() []Enum15 { + return []Enum15{ + Enum15Activity, + } +} + // EventGroupingAggregationKind - The event grouping aggregation kinds type EventGroupingAggregationKind string @@ -792,6 +1253,20 @@ func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { } } +// GetInsightsError - the query kind +type GetInsightsError string + +const ( + GetInsightsErrorInsight GetInsightsError = "Insight" +) + +// PossibleGetInsightsErrorValues returns the possible values for the GetInsightsError const type. +func PossibleGetInsightsErrorValues() []GetInsightsError { + return []GetInsightsError{ + GetInsightsErrorInsight, + } +} + // IncidentClassification - The reason the incident was closed type IncidentClassification string @@ -991,6 +1466,52 @@ func PossibleKillChainIntentValues() []KillChainIntent { } } +// Kind - The kind of content the metadata is for. +type Kind string + +const ( + KindAnalyticsRule Kind = "AnalyticsRule" + KindAnalyticsRuleTemplate Kind = "AnalyticsRuleTemplate" + KindAutomationRule Kind = "AutomationRule" + KindAzureFunction Kind = "AzureFunction" + KindDataConnector Kind = "DataConnector" + KindDataType Kind = "DataType" + KindHuntingQuery Kind = "HuntingQuery" + KindInvestigationQuery Kind = "InvestigationQuery" + KindLogicAppsCustomConnector Kind = "LogicAppsCustomConnector" + KindParser Kind = "Parser" + KindPlaybook Kind = "Playbook" + KindPlaybookTemplate Kind = "PlaybookTemplate" + KindSolution Kind = "Solution" + KindWatchlist Kind = "Watchlist" + KindWatchlistTemplate Kind = "WatchlistTemplate" + KindWorkbook Kind = "Workbook" + KindWorkbookTemplate Kind = "WorkbookTemplate" +) + +// PossibleKindValues returns the possible values for the Kind const type. +func PossibleKindValues() []Kind { + return []Kind{ + KindAnalyticsRule, + KindAnalyticsRuleTemplate, + KindAutomationRule, + KindAzureFunction, + KindDataConnector, + KindDataType, + KindHuntingQuery, + KindInvestigationQuery, + KindLogicAppsCustomConnector, + KindParser, + KindPlaybook, + KindPlaybookTemplate, + KindSolution, + KindWatchlist, + KindWatchlistTemplate, + KindWorkbook, + KindWorkbookTemplate, + } +} + // MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, // groupByCustomDetails must be provided and not empty. type MatchingMethod string @@ -1018,11 +1539,13 @@ func PossibleMatchingMethodValues() []MatchingMethod { type MicrosoftSecurityProductName string const ( - MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" - MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" - MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" - MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" - MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" + MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" + MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" + MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" + MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" ) // PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type. @@ -1033,6 +1556,8 @@ func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName MicrosoftSecurityProductNameAzureSecurityCenter, MicrosoftSecurityProductNameAzureSecurityCenterForIoT, MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, + MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, + MicrosoftSecurityProductNameOffice365AdvancedThreatProtection, } } @@ -1063,6 +1588,42 @@ func PossibleOSFamilyValues() []OSFamily { } } +// Operator - Operator used for list of dependencies in criteria array. +type Operator string + +const ( + OperatorAND Operator = "AND" + OperatorOR Operator = "OR" +) + +// PossibleOperatorValues returns the possible values for the Operator const type. +func PossibleOperatorValues() []Operator { + return []Operator{ + OperatorAND, + OperatorOR, + } +} + +// OutputType - Insights Column type. +type OutputType string + +const ( + OutputTypeDate OutputType = "Date" + OutputTypeEntity OutputType = "Entity" + OutputTypeNumber OutputType = "Number" + OutputTypeString OutputType = "String" +) + +// PossibleOutputTypeValues returns the possible values for the OutputType const type. +func PossibleOutputTypeValues() []OutputType { + return []OutputType{ + OutputTypeDate, + OutputTypeEntity, + OutputTypeNumber, + OutputTypeString, + } +} + // OwnerType - The type of the owner the incident is assigned to. type OwnerType string @@ -1084,6 +1645,69 @@ func PossibleOwnerTypeValues() []OwnerType { } } +// PermissionProviderScope - Permission provider scope +type PermissionProviderScope string + +const ( + PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup" + PermissionProviderScopeSubscription PermissionProviderScope = "Subscription" + PermissionProviderScopeWorkspace PermissionProviderScope = "Workspace" +) + +// PossiblePermissionProviderScopeValues returns the possible values for the PermissionProviderScope const type. +func PossiblePermissionProviderScopeValues() []PermissionProviderScope { + return []PermissionProviderScope{ + PermissionProviderScopeResourceGroup, + PermissionProviderScopeSubscription, + PermissionProviderScopeWorkspace, + } +} + +// PollingFrequency - The polling frequency for the TAXII server. +type PollingFrequency string + +const ( + // PollingFrequencyOnceADay - Once a day + PollingFrequencyOnceADay PollingFrequency = "OnceADay" + // PollingFrequencyOnceAMinute - Once a minute + PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute" + // PollingFrequencyOnceAnHour - Once an hour + PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour" +) + +// PossiblePollingFrequencyValues returns the possible values for the PollingFrequency const type. +func PossiblePollingFrequencyValues() []PollingFrequency { + return []PollingFrequency{ + PollingFrequencyOnceADay, + PollingFrequencyOnceAMinute, + PollingFrequencyOnceAnHour, + } +} + +// ProviderName - Provider name +type ProviderName string + +const ( + ProviderNameMicrosoftAadiamDiagnosticSettings ProviderName = "microsoft.aadiam/diagnosticSettings" + ProviderNameMicrosoftAuthorizationPolicyAssignments ProviderName = "Microsoft.Authorization/policyAssignments" + ProviderNameMicrosoftOperationalInsightsSolutions ProviderName = "Microsoft.OperationalInsights/solutions" + ProviderNameMicrosoftOperationalInsightsWorkspaces ProviderName = "Microsoft.OperationalInsights/workspaces" + ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources" + ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys" +) + +// PossibleProviderNameValues returns the possible values for the ProviderName const type. +func PossibleProviderNameValues() []ProviderName { + return []ProviderName{ + ProviderNameMicrosoftAadiamDiagnosticSettings, + ProviderNameMicrosoftAuthorizationPolicyAssignments, + ProviderNameMicrosoftOperationalInsightsSolutions, + ProviderNameMicrosoftOperationalInsightsWorkspaces, + ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources, + ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys, + } +} + // RegistryHive - the hive that holds the registry key. type RegistryHive string @@ -1163,19 +1787,143 @@ func PossibleRegistryValueKindValues() []RegistryValueKind { } } -// Source - The source of the watchlist -type Source string +// RepoType - The type of repository. +type RepoType string + +const ( + RepoTypeDevOps RepoType = "DevOps" + RepoTypeGithub RepoType = "Github" +) + +// PossibleRepoTypeValues returns the possible values for the RepoType const type. +func PossibleRepoTypeValues() []RepoType { + return []RepoType{ + RepoTypeDevOps, + RepoTypeGithub, + } +} + +// SecurityMLAnalyticsSettingsKind - The kind of security ML analytics settings +type SecurityMLAnalyticsSettingsKind string const ( - SourceLocalFile Source = "Local file" - SourceRemoteStorage Source = "Remote storage" + SecurityMLAnalyticsSettingsKindAnomaly SecurityMLAnalyticsSettingsKind = "Anomaly" ) -// PossibleSourceValues returns the possible values for the Source const type. -func PossibleSourceValues() []Source { - return []Source{ - SourceLocalFile, - SourceRemoteStorage, +// PossibleSecurityMLAnalyticsSettingsKindValues returns the possible values for the SecurityMLAnalyticsSettingsKind const type. +func PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind { + return []SecurityMLAnalyticsSettingsKind{ + SecurityMLAnalyticsSettingsKindAnomaly, + } +} + +// SettingKind - The kind of the setting +type SettingKind string + +const ( + SettingKindAnomalies SettingKind = "Anomalies" + SettingKindEntityAnalytics SettingKind = "EntityAnalytics" + SettingKindEyesOn SettingKind = "EyesOn" + SettingKindUeba SettingKind = "Ueba" +) + +// PossibleSettingKindValues returns the possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{ + SettingKindAnomalies, + SettingKindEntityAnalytics, + SettingKindEyesOn, + SettingKindUeba, + } +} + +// SettingType - The kind of the setting +type SettingType string + +const ( + SettingTypeCopyableLabel SettingType = "CopyableLabel" + SettingTypeInfoMessage SettingType = "InfoMessage" + SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup" +) + +// PossibleSettingTypeValues returns the possible values for the SettingType const type. +func PossibleSettingTypeValues() []SettingType { + return []SettingType{ + SettingTypeCopyableLabel, + SettingTypeInfoMessage, + SettingTypeInstructionStepsGroup, + } +} + +// SettingsStatus - The anomaly SecurityMLAnalyticsSettings status +type SettingsStatus string + +const ( + // SettingsStatusFlighting - Anomaly settings status in Flighting mode + SettingsStatusFlighting SettingsStatus = "Flighting" + // SettingsStatusProduction - Anomaly settings status in Production mode + SettingsStatusProduction SettingsStatus = "Production" +) + +// PossibleSettingsStatusValues returns the possible values for the SettingsStatus const type. +func PossibleSettingsStatusValues() []SettingsStatus { + return []SettingsStatus{ + SettingsStatusFlighting, + SettingsStatusProduction, + } +} + +// SourceKind - Source type of the content +type SourceKind string + +const ( + SourceKindCommunity SourceKind = "Community" + SourceKindLocalWorkspace SourceKind = "LocalWorkspace" + SourceKindSolution SourceKind = "Solution" + SourceKindSourceRepository SourceKind = "SourceRepository" +) + +// PossibleSourceKindValues returns the possible values for the SourceKind const type. +func PossibleSourceKindValues() []SourceKind { + return []SourceKind{ + SourceKindCommunity, + SourceKindLocalWorkspace, + SourceKindSolution, + SourceKindSourceRepository, + } +} + +// SourceType - The sourceType of the watchlist +type SourceType string + +const ( + SourceTypeLocalFile SourceType = "Local file" + SourceTypeRemoteStorage SourceType = "Remote storage" +) + +// PossibleSourceTypeValues returns the possible values for the SourceType const type. +func PossibleSourceTypeValues() []SourceType { + return []SourceType{ + SourceTypeLocalFile, + SourceTypeRemoteStorage, + } +} + +// SupportTier - Type of support for content item +type SupportTier string + +const ( + SupportTierCommunity SupportTier = "Community" + SupportTierMicrosoft SupportTier = "Microsoft" + SupportTierPartner SupportTier = "Partner" +) + +// PossibleSupportTierValues returns the possible values for the SupportTier const type. +func PossibleSupportTierValues() []SupportTier { + return []SupportTier{ + SupportTierCommunity, + SupportTierMicrosoft, + SupportTierPartner, } } @@ -1200,36 +1948,36 @@ func PossibleTemplateStatusValues() []TemplateStatus { } } -// ThreatIntelligenceResourceInnerKind - The kind of the threat intelligence entity -type ThreatIntelligenceResourceInnerKind string +// ThreatIntelligenceResourceKindEnum - The kind of the threat intelligence entity +type ThreatIntelligenceResourceKindEnum string const ( - // ThreatIntelligenceResourceInnerKindIndicator - Entity represents threat intelligence indicator in the system. - ThreatIntelligenceResourceInnerKindIndicator ThreatIntelligenceResourceInnerKind = "indicator" + // ThreatIntelligenceResourceKindEnumIndicator - Entity represents threat intelligence indicator in the system. + ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator" ) -// PossibleThreatIntelligenceResourceInnerKindValues returns the possible values for the ThreatIntelligenceResourceInnerKind const type. -func PossibleThreatIntelligenceResourceInnerKindValues() []ThreatIntelligenceResourceInnerKind { - return []ThreatIntelligenceResourceInnerKind{ - ThreatIntelligenceResourceInnerKindIndicator, +// PossibleThreatIntelligenceResourceKindEnumValues returns the possible values for the ThreatIntelligenceResourceKindEnum const type. +func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum { + return []ThreatIntelligenceResourceKindEnum{ + ThreatIntelligenceResourceKindEnumIndicator, } } -// ThreatIntelligenceSortingOrder - Sorting order (ascending/descending/unsorted). -type ThreatIntelligenceSortingOrder string +// ThreatIntelligenceSortingCriteriaEnum - Sorting order (ascending/descending/unsorted). +type ThreatIntelligenceSortingCriteriaEnum string const ( - ThreatIntelligenceSortingOrderAscending ThreatIntelligenceSortingOrder = "ascending" - ThreatIntelligenceSortingOrderDescending ThreatIntelligenceSortingOrder = "descending" - ThreatIntelligenceSortingOrderUnsorted ThreatIntelligenceSortingOrder = "unsorted" + ThreatIntelligenceSortingCriteriaEnumAscending ThreatIntelligenceSortingCriteriaEnum = "ascending" + ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending" + ThreatIntelligenceSortingCriteriaEnumUnsorted ThreatIntelligenceSortingCriteriaEnum = "unsorted" ) -// PossibleThreatIntelligenceSortingOrderValues returns the possible values for the ThreatIntelligenceSortingOrder const type. -func PossibleThreatIntelligenceSortingOrderValues() []ThreatIntelligenceSortingOrder { - return []ThreatIntelligenceSortingOrder{ - ThreatIntelligenceSortingOrderAscending, - ThreatIntelligenceSortingOrderDescending, - ThreatIntelligenceSortingOrderUnsorted, +// PossibleThreatIntelligenceSortingCriteriaEnumValues returns the possible values for the ThreatIntelligenceSortingCriteriaEnum const type. +func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum { + return []ThreatIntelligenceSortingCriteriaEnum{ + ThreatIntelligenceSortingCriteriaEnumAscending, + ThreatIntelligenceSortingCriteriaEnumDescending, + ThreatIntelligenceSortingCriteriaEnumUnsorted, } } @@ -1272,11 +2020,50 @@ type TriggersWhen string const ( // TriggersWhenCreated - Trigger on created objects TriggersWhenCreated TriggersWhen = "Created" + // TriggersWhenUpdated - Trigger on updated objects + TriggersWhenUpdated TriggersWhen = "Updated" ) // PossibleTriggersWhenValues returns the possible values for the TriggersWhen const type. func PossibleTriggersWhenValues() []TriggersWhen { return []TriggersWhen{ TriggersWhenCreated, + TriggersWhenUpdated, + } +} + +// UebaDataSources - The data source that enriched by ueba. +type UebaDataSources string + +const ( + UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs" + UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity" + UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent" + UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs" +) + +// PossibleUebaDataSourcesValues returns the possible values for the UebaDataSources const type. +func PossibleUebaDataSourcesValues() []UebaDataSources { + return []UebaDataSources{ + UebaDataSourcesAuditLogs, + UebaDataSourcesAzureActivity, + UebaDataSourcesSecurityEvent, + UebaDataSourcesSigninLogs, + } +} + +// Version - The version of the source control. +type Version string + +const ( + VersionV1 Version = "V1" + VersionV2 Version = "V2" +) + +// PossibleVersionValues returns the possible values for the Version const type. +func PossibleVersionValues() []Version { + return []Version{ + VersionV1, + VersionV2, } } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectors_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectors_client.go index 5cd9121fde3f..59adf649bf38 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectors_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectors_client.go @@ -54,9 +54,62 @@ func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCrede return client, nil } +// Connect - Connects a data connector. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// dataConnectorID - Connector ID +// connectBody - The data connector +// options - DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method. +func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error) { + req, err := client.connectCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorID, connectBody, options) + if err != nil { + return DataConnectorsClientConnectResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return DataConnectorsClientConnectResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return DataConnectorsClientConnectResponse{}, runtime.NewResponseError(resp) + } + return DataConnectorsClientConnectResponse{}, nil +} + +// connectCreateRequest creates the Connect request. +func (client *DataConnectorsClient) connectCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if dataConnectorID == "" { + return nil, errors.New("parameter dataConnectorID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{dataConnectorId}", url.PathEscape(dataConnectorID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, connectBody) +} + // CreateOrUpdate - Creates or updates the data connector. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // dataConnectorID - Connector ID @@ -102,7 +155,7 @@ func (client *DataConnectorsClient) createOrUpdateCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, dataConnector) @@ -119,7 +172,7 @@ func (client *DataConnectorsClient) createOrUpdateHandleResponse(resp *http.Resp // Delete - Delete the data connector. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // dataConnectorID - Connector ID @@ -163,7 +216,60 @@ func (client *DataConnectorsClient) deleteCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Disconnect - Disconnect a data connector. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// dataConnectorID - Connector ID +// options - DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect +// method. +func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error) { + req, err := client.disconnectCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorID, options) + if err != nil { + return DataConnectorsClientDisconnectResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return DataConnectorsClientDisconnectResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return DataConnectorsClientDisconnectResponse{}, runtime.NewResponseError(resp) + } + return DataConnectorsClientDisconnectResponse{}, nil +} + +// disconnectCreateRequest creates the Disconnect request. +func (client *DataConnectorsClient) disconnectCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if dataConnectorID == "" { + return nil, errors.New("parameter dataConnectorID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{dataConnectorId}", url.PathEscape(dataConnectorID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -171,7 +277,7 @@ func (client *DataConnectorsClient) deleteCreateRequest(ctx context.Context, res // Get - Gets a data connector. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // dataConnectorID - Connector ID @@ -215,7 +321,7 @@ func (client *DataConnectorsClient) getCreateRequest(ctx context.Context, resour return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -232,7 +338,7 @@ func (client *DataConnectorsClient) getHandleResponse(resp *http.Response) (Data // NewListPager - Gets all data connectors. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.List method. @@ -284,7 +390,7 @@ func (client *DataConnectorsClient) listCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectorscheckrequirements_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectorscheckrequirements_client.go new file mode 100644 index 000000000000..ff369ed52039 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_dataconnectorscheckrequirements_client.go @@ -0,0 +1,113 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// DataConnectorsCheckRequirementsClient contains the methods for the DataConnectorsCheckRequirements group. +// Don't use this type directly, use NewDataConnectorsCheckRequirementsClient() instead. +type DataConnectorsCheckRequirementsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewDataConnectorsCheckRequirementsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsCheckRequirementsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &DataConnectorsCheckRequirementsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Post - Get requirements state for a data connector type. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// dataConnectorsCheckRequirements - The parameters for requirements check message +// options - DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post +// method. +func (client *DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (DataConnectorsCheckRequirementsClientPostResponse, error) { + req, err := client.postCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorsCheckRequirements, options) + if err != nil { + return DataConnectorsCheckRequirementsClientPostResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return DataConnectorsCheckRequirementsClientPostResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return DataConnectorsCheckRequirementsClientPostResponse{}, runtime.NewResponseError(resp) + } + return client.postHandleResponse(resp) +} + +// postCreateRequest creates the Post request. +func (client *DataConnectorsCheckRequirementsClient) postCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, dataConnectorsCheckRequirements) +} + +// postHandleResponse handles the Post response. +func (client *DataConnectorsCheckRequirementsClient) postHandleResponse(resp *http.Response) (DataConnectorsCheckRequirementsClientPostResponse, error) { + result := DataConnectorsCheckRequirementsClientPostResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.DataConnectorRequirementsState); err != nil { + return DataConnectorsCheckRequirementsClientPostResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_date_type.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_date_type.go new file mode 100644 index 000000000000..90fdb5cc71a6 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_date_type.go @@ -0,0 +1,59 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "encoding/json" + "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "reflect" + "strings" + "time" +) + +const ( + fullDateJSON = `"2006-01-02"` + jsonFormat = `"%04d-%02d-%02d"` +) + +type dateType time.Time + +func (t dateType) MarshalJSON() ([]byte, error) { + return []byte(fmt.Sprintf(jsonFormat, time.Time(t).Year(), time.Time(t).Month(), time.Time(t).Day())), nil +} + +func (d *dateType) UnmarshalJSON(data []byte) (err error) { + t, err := time.Parse(fullDateJSON, string(data)) + *d = (dateType)(t) + return err +} + +func populateDateType(m map[string]interface{}, k string, t *time.Time) { + if t == nil { + return + } else if azcore.IsNullValue(t) { + m[k] = nil + return + } else if reflect.ValueOf(t).IsNil() { + return + } + m[k] = (*dateType)(t) +} + +func unpopulateDateType(data json.RawMessage, fn string, t **time.Time) error { + if data == nil || strings.EqualFold(string(data), "null") { + return nil + } + var aux dateType + if err := json.Unmarshal(data, &aux); err != nil { + return fmt.Errorf("struct field %s: %v", fn, err) + } + *t = (*time.Time)(&aux) + return nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_domainwhois_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_domainwhois_client.go new file mode 100644 index 000000000000..d3ac119a5780 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_domainwhois_client.go @@ -0,0 +1,108 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// DomainWhoisClient contains the methods for the DomainWhois group. +// Don't use this type directly, use NewDomainWhoisClient() instead. +type DomainWhoisClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewDomainWhoisClient creates a new instance of DomainWhoisClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewDomainWhoisClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DomainWhoisClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &DomainWhoisClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Get - Get whois information for a single domain name +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// domain - Domain name to be enriched +// options - DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method. +func (client *DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (DomainWhoisClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, domain, options) + if err != nil { + return DomainWhoisClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return DomainWhoisClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return DomainWhoisClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *DomainWhoisClient) getCreateRequest(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + reqQP.Set("domain", domain) + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *DomainWhoisClient) getHandleResponse(resp *http.Response) (DomainWhoisClientGetResponse, error) { + result := DomainWhoisClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EnrichmentDomainWhois); err != nil { + return DomainWhoisClientGetResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entities_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entities_client.go new file mode 100644 index 000000000000..5bfe8b242a62 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entities_client.go @@ -0,0 +1,372 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// EntitiesClient contains the methods for the Entities group. +// Don't use this type directly, use NewEntitiesClient() instead. +type EntitiesClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntitiesClient creates a new instance of EntitiesClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntitiesClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Expand - Expands an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// parameters - The parameters required to execute an expand operation on the given entity. +// options - EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method. +func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (EntitiesClientExpandResponse, error) { + req, err := client.expandCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) + if err != nil { + return EntitiesClientExpandResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesClientExpandResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesClientExpandResponse{}, runtime.NewResponseError(resp) + } + return client.expandHandleResponse(resp) +} + +// expandCreateRequest creates the Expand request. +func (client *EntitiesClient) expandCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// expandHandleResponse handles the Expand response. +func (client *EntitiesClient) expandHandleResponse(resp *http.Response) (EntitiesClientExpandResponse, error) { + result := EntitiesClientExpandResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityExpandResponse); err != nil { + return EntitiesClientExpandResponse{}, err + } + return result, nil +} + +// Get - Gets an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// options - EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method. +func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (EntitiesClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityID, options) + if err != nil { + return EntitiesClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *EntitiesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *EntitiesClient) getHandleResponse(resp *http.Response) (EntitiesClientGetResponse, error) { + result := EntitiesClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return EntitiesClientGetResponse{}, err + } + return result, nil +} + +// GetInsights - Execute Insights for an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// parameters - The parameters required to execute insights on the given entity. +// options - EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method. +func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (EntitiesClientGetInsightsResponse, error) { + req, err := client.getInsightsCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) + if err != nil { + return EntitiesClientGetInsightsResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesClientGetInsightsResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesClientGetInsightsResponse{}, runtime.NewResponseError(resp) + } + return client.getInsightsHandleResponse(resp) +} + +// getInsightsCreateRequest creates the GetInsights request. +func (client *EntitiesClient) getInsightsCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// getInsightsHandleResponse handles the GetInsights response. +func (client *EntitiesClient) getInsightsHandleResponse(resp *http.Response) (EntitiesClientGetInsightsResponse, error) { + result := EntitiesClientGetInsightsResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityGetInsightsResponse); err != nil { + return EntitiesClientGetInsightsResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all entities. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method. +func (client *EntitiesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) *runtime.Pager[EntitiesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[EntitiesClientListResponse]{ + More: func(page EntitiesClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *EntitiesClientListResponse) (EntitiesClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return EntitiesClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *EntitiesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *EntitiesClient) listHandleResponse(resp *http.Response) (EntitiesClientListResponse, error) { + result := EntitiesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityList); err != nil { + return EntitiesClientListResponse{}, err + } + return result, nil +} + +// Queries - Get Insights and Activities for an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// kind - The Kind parameter for queries +// options - EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method. +func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (EntitiesClientQueriesResponse, error) { + req, err := client.queriesCreateRequest(ctx, resourceGroupName, workspaceName, entityID, kind, options) + if err != nil { + return EntitiesClientQueriesResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesClientQueriesResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesClientQueriesResponse{}, runtime.NewResponseError(resp) + } + return client.queriesHandleResponse(resp) +} + +// queriesCreateRequest creates the Queries request. +func (client *EntitiesClient) queriesCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + reqQP.Set("kind", string(kind)) + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// queriesHandleResponse handles the Queries response. +func (client *EntitiesClient) queriesHandleResponse(resp *http.Response) (EntitiesClientQueriesResponse, error) { + result := EntitiesClientQueriesResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.GetQueriesResponse); err != nil { + return EntitiesClientQueriesResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesgettimeline_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesgettimeline_client.go new file mode 100644 index 000000000000..ea3075ab4d90 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesgettimeline_client.go @@ -0,0 +1,118 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// EntitiesGetTimelineClient contains the methods for the EntitiesGetTimeline group. +// Don't use this type directly, use NewEntitiesGetTimelineClient() instead. +type EntitiesGetTimelineClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntitiesGetTimelineClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesGetTimelineClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntitiesGetTimelineClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// List - Timeline for an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// parameters - The parameters required to execute an timeline operation on the given entity. +// options - EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List +// method. +func (client *EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (EntitiesGetTimelineClientListResponse, error) { + req, err := client.listCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) + if err != nil { + return EntitiesGetTimelineClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesGetTimelineClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesGetTimelineClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) +} + +// listCreateRequest creates the List request. +func (client *EntitiesGetTimelineClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, parameters) +} + +// listHandleResponse handles the List response. +func (client *EntitiesGetTimelineClient) listHandleResponse(resp *http.Response) (EntitiesGetTimelineClientListResponse, error) { + result := EntitiesGetTimelineClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityTimelineResponse); err != nil { + return EntitiesGetTimelineClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesrelations_client.go new file mode 100644 index 000000000000..2ebedba48f4b --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entitiesrelations_client.go @@ -0,0 +1,142 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strconv" + "strings" +) + +// EntitiesRelationsClient contains the methods for the EntitiesRelations group. +// Don't use this type directly, use NewEntitiesRelationsClient() instead. +type EntitiesRelationsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntitiesRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesRelationsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntitiesRelationsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// NewListPager - Gets all relations of an entity. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// options - EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method. +func (client *EntitiesRelationsClient) NewListPager(resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) *runtime.Pager[EntitiesRelationsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[EntitiesRelationsClientListResponse]{ + More: func(page EntitiesRelationsClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *EntitiesRelationsClientListResponse) (EntitiesRelationsClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, entityID, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return EntitiesRelationsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntitiesRelationsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntitiesRelationsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *EntitiesRelationsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) + } + if options != nil && options.SkipToken != nil { + reqQP.Set("$skipToken", *options.SkipToken) + } + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *EntitiesRelationsClient) listHandleResponse(resp *http.Response) (EntitiesRelationsClientListResponse, error) { + result := EntitiesRelationsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.RelationList); err != nil { + return EntitiesRelationsClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityqueries_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityqueries_client.go new file mode 100644 index 000000000000..7eddd4f75b23 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityqueries_client.go @@ -0,0 +1,303 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// EntityQueriesClient contains the methods for the EntityQueries group. +// Don't use this type directly, use NewEntityQueriesClient() instead. +type EntityQueriesClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntityQueriesClient creates a new instance of EntityQueriesClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntityQueriesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueriesClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntityQueriesClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// CreateOrUpdate - Creates or updates the entity query. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityQueryID - entity query ID +// entityQuery - The entity query we want to create or update +// options - EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate +// method. +func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (EntityQueriesClientCreateOrUpdateResponse, error) { + req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, entityQuery, options) + if err != nil { + return EntityQueriesClientCreateOrUpdateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueriesClientCreateOrUpdateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) { + return EntityQueriesClientCreateOrUpdateResponse{}, runtime.NewResponseError(resp) + } + return client.createOrUpdateHandleResponse(resp) +} + +// createOrUpdateCreateRequest creates the CreateOrUpdate request. +func (client *EntityQueriesClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityQueryID == "" { + return nil, errors.New("parameter entityQueryID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, entityQuery) +} + +// createOrUpdateHandleResponse handles the CreateOrUpdate response. +func (client *EntityQueriesClient) createOrUpdateHandleResponse(resp *http.Response) (EntityQueriesClientCreateOrUpdateResponse, error) { + result := EntityQueriesClientCreateOrUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return EntityQueriesClientCreateOrUpdateResponse{}, err + } + return result, nil +} + +// Delete - Delete the entity query. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityQueryID - entity query ID +// options - EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method. +func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (EntityQueriesClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, options) + if err != nil { + return EntityQueriesClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueriesClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return EntityQueriesClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return EntityQueriesClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *EntityQueriesClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityQueryID == "" { + return nil, errors.New("parameter entityQueryID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets an entity query. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityQueryID - entity query ID +// options - EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method. +func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (EntityQueriesClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, options) + if err != nil { + return EntityQueriesClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueriesClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntityQueriesClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *EntityQueriesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityQueryID == "" { + return nil, errors.New("parameter entityQueryID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *EntityQueriesClient) getHandleResponse(resp *http.Response) (EntityQueriesClientGetResponse, error) { + result := EntityQueriesClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return EntityQueriesClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all entity queries. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method. +func (client *EntityQueriesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) *runtime.Pager[EntityQueriesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[EntityQueriesClientListResponse]{ + More: func(page EntityQueriesClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *EntityQueriesClientListResponse) (EntityQueriesClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return EntityQueriesClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueriesClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntityQueriesClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *EntityQueriesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.Kind != nil { + reqQP.Set("kind", string(*options.Kind)) + } + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *EntityQueriesClient) listHandleResponse(resp *http.Response) (EntityQueriesClientListResponse, error) { + result := EntityQueriesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityQueryList); err != nil { + return EntityQueriesClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityquerytemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityquerytemplates_client.go new file mode 100644 index 000000000000..75100848a320 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityquerytemplates_client.go @@ -0,0 +1,190 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// EntityQueryTemplatesClient contains the methods for the EntityQueryTemplates group. +// Don't use this type directly, use NewEntityQueryTemplatesClient() instead. +type EntityQueryTemplatesClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntityQueryTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueryTemplatesClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntityQueryTemplatesClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Get - Gets an entity query. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityQueryTemplateID - entity query template ID +// options - EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get +// method. +func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (EntityQueryTemplatesClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryTemplateID, options) + if err != nil { + return EntityQueryTemplatesClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueryTemplatesClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntityQueryTemplatesClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *EntityQueryTemplatesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityQueryTemplateID == "" { + return nil, errors.New("parameter entityQueryTemplateID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityQueryTemplateId}", url.PathEscape(entityQueryTemplateID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *EntityQueryTemplatesClient) getHandleResponse(resp *http.Response) (EntityQueryTemplatesClientGetResponse, error) { + result := EntityQueryTemplatesClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return EntityQueryTemplatesClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all entity query templates. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List +// method. +func (client *EntityQueryTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) *runtime.Pager[EntityQueryTemplatesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[EntityQueryTemplatesClientListResponse]{ + More: func(page EntityQueryTemplatesClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *EntityQueryTemplatesClientListResponse) (EntityQueryTemplatesClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return EntityQueryTemplatesClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityQueryTemplatesClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntityQueryTemplatesClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *EntityQueryTemplatesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.Kind != nil { + reqQP.Set("kind", string(*options.Kind)) + } + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *EntityQueryTemplatesClient) listHandleResponse(resp *http.Response) (EntityQueryTemplatesClientListResponse, error) { + result := EntityQueryTemplatesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EntityQueryTemplateList); err != nil { + return EntityQueryTemplatesClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityrelations_client.go new file mode 100644 index 000000000000..5d711af04ae0 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_entityrelations_client.go @@ -0,0 +1,122 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// EntityRelationsClient contains the methods for the EntityRelations group. +// Don't use this type directly, use NewEntityRelationsClient() instead. +type EntityRelationsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewEntityRelationsClient creates a new instance of EntityRelationsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewEntityRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityRelationsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &EntityRelationsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// GetRelation - Gets an entity relation. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// entityID - entity ID +// relationName - Relation Name +// options - EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation +// method. +func (client *EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (EntityRelationsClientGetRelationResponse, error) { + req, err := client.getRelationCreateRequest(ctx, resourceGroupName, workspaceName, entityID, relationName, options) + if err != nil { + return EntityRelationsClientGetRelationResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return EntityRelationsClientGetRelationResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return EntityRelationsClientGetRelationResponse{}, runtime.NewResponseError(resp) + } + return client.getRelationHandleResponse(resp) +} + +// getRelationCreateRequest creates the GetRelation request. +func (client *EntityRelationsClient) getRelationCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if entityID == "" { + return nil, errors.New("parameter entityID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + if relationName == "" { + return nil, errors.New("parameter relationName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getRelationHandleResponse handles the GetRelation response. +func (client *EntityRelationsClient) getRelationHandleResponse(resp *http.Response) (EntityRelationsClientGetRelationResponse, error) { + result := EntityRelationsClientGetRelationResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { + return EntityRelationsClientGetRelationResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentcomments_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentcomments_client.go index 44b472d42544..458c0ba87990 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentcomments_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentcomments_client.go @@ -55,9 +55,9 @@ func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCre return client, nil } -// CreateOrUpdate - Creates or updates a comment for a given incident. +// CreateOrUpdate - Creates or updates the incident comment. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -108,7 +108,7 @@ func (client *IncidentCommentsClient) createOrUpdateCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, incidentComment) @@ -123,9 +123,9 @@ func (client *IncidentCommentsClient) createOrUpdateHandleResponse(resp *http.Re return result, nil } -// Delete - Deletes a comment for a given incident. +// Delete - Delete the incident comment. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -174,15 +174,15 @@ func (client *IncidentCommentsClient) deleteCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets a comment for a given incident. +// Get - Gets an incident comment. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -231,7 +231,7 @@ func (client *IncidentCommentsClient) getCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -246,9 +246,9 @@ func (client *IncidentCommentsClient) getHandleResponse(resp *http.Response) (In return result, nil } -// NewListPager - Gets all comments for a given incident. +// NewListPager - Gets all incident comments. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -305,7 +305,7 @@ func (client *IncidentCommentsClient) listCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.Filter != nil { reqQP.Set("$filter", *options.Filter) } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentrelations_client.go index 5bd865b7f997..2ff16d6063a8 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentrelations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidentrelations_client.go @@ -55,9 +55,9 @@ func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCr return client, nil } -// CreateOrUpdate - Creates or updates a relation for a given incident. +// CreateOrUpdate - Creates or updates the incident relation. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -108,7 +108,7 @@ func (client *IncidentRelationsClient) createOrUpdateCreateRequest(ctx context.C return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, relation) @@ -123,9 +123,9 @@ func (client *IncidentRelationsClient) createOrUpdateHandleResponse(resp *http.R return result, nil } -// Delete - Deletes a relation for a given incident. +// Delete - Delete the incident relation. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -175,15 +175,15 @@ func (client *IncidentRelationsClient) deleteCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets a relation for a given incident. +// Get - Gets an incident relation. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -232,7 +232,7 @@ func (client *IncidentRelationsClient) getCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -247,9 +247,9 @@ func (client *IncidentRelationsClient) getHandleResponse(resp *http.Response) (I return result, nil } -// NewListPager - Gets all relations for a given incident. +// NewListPager - Gets all incident relations. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -306,7 +306,7 @@ func (client *IncidentRelationsClient) listCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.Filter != nil { reqQP.Set("$filter", *options.Filter) } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidents_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidents_client.go index bed0c274e3cc..5d52d0914bbf 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidents_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_incidents_client.go @@ -55,9 +55,9 @@ func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential return client, nil } -// CreateOrUpdate - Creates or updates an incident. +// CreateOrUpdate - Creates or updates the incident. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -103,7 +103,7 @@ func (client *IncidentsClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, incident) @@ -118,9 +118,71 @@ func (client *IncidentsClient) createOrUpdateHandleResponse(resp *http.Response) return result, nil } -// Delete - Deletes a given incident. +// CreateTeam - Creates a Microsoft team to investigate the incident by sharing information and insights between participants. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// incidentID - Incident ID +// teamProperties - Team properties +// options - IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method. +func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error) { + req, err := client.createTeamCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, teamProperties, options) + if err != nil { + return IncidentsClientCreateTeamResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return IncidentsClientCreateTeamResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return IncidentsClientCreateTeamResponse{}, runtime.NewResponseError(resp) + } + return client.createTeamHandleResponse(resp) +} + +// createTeamCreateRequest creates the CreateTeam request. +func (client *IncidentsClient) createTeamCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if incidentID == "" { + return nil, errors.New("parameter incidentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, teamProperties) +} + +// createTeamHandleResponse handles the CreateTeam response. +func (client *IncidentsClient) createTeamHandleResponse(resp *http.Response) (IncidentsClientCreateTeamResponse, error) { + result := IncidentsClientCreateTeamResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.TeamInformation); err != nil { + return IncidentsClientCreateTeamResponse{}, err + } + return result, nil +} + +// Delete - Delete the incident. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -164,15 +226,15 @@ func (client *IncidentsClient) deleteCreateRequest(ctx context.Context, resource return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets a given incident. +// Get - Gets an incident. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -216,7 +278,7 @@ func (client *IncidentsClient) getCreateRequest(ctx context.Context, resourceGro return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -233,7 +295,7 @@ func (client *IncidentsClient) getHandleResponse(resp *http.Response) (Incidents // NewListPager - Gets all incidents. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method. @@ -285,7 +347,7 @@ func (client *IncidentsClient) listCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.Filter != nil { reqQP.Set("$filter", *options.Filter) } @@ -312,9 +374,9 @@ func (client *IncidentsClient) listHandleResponse(resp *http.Response) (Incident return result, nil } -// ListAlerts - Gets all alerts for an incident. +// ListAlerts - Gets all incident alerts. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -358,7 +420,7 @@ func (client *IncidentsClient) listAlertsCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -373,9 +435,9 @@ func (client *IncidentsClient) listAlertsHandleResponse(resp *http.Response) (In return result, nil } -// ListBookmarks - Gets all bookmarks for an incident. +// ListBookmarks - Gets all incident bookmarks. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -419,7 +481,7 @@ func (client *IncidentsClient) listBookmarksCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -434,9 +496,9 @@ func (client *IncidentsClient) listBookmarksHandleResponse(resp *http.Response) return result, nil } -// ListEntities - Gets all entities for an incident. +// ListEntities - Gets all incident related entities. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // incidentID - Incident ID @@ -480,7 +542,7 @@ func (client *IncidentsClient) listEntitiesCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -494,3 +556,66 @@ func (client *IncidentsClient) listEntitiesHandleResponse(resp *http.Response) ( } return result, nil } + +// RunPlaybook - Triggers playbook on a specific incident +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method. +func (client *IncidentsClient) RunPlaybook(ctx context.Context, resourceGroupName string, workspaceName string, incidentIdentifier string, options *IncidentsClientRunPlaybookOptions) (IncidentsClientRunPlaybookResponse, error) { + req, err := client.runPlaybookCreateRequest(ctx, resourceGroupName, workspaceName, incidentIdentifier, options) + if err != nil { + return IncidentsClientRunPlaybookResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return IncidentsClientRunPlaybookResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusNoContent) { + return IncidentsClientRunPlaybookResponse{}, runtime.NewResponseError(resp) + } + return client.runPlaybookHandleResponse(resp) +} + +// runPlaybookCreateRequest creates the RunPlaybook request. +func (client *IncidentsClient) runPlaybookCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentIdentifier string, options *IncidentsClientRunPlaybookOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if incidentIdentifier == "" { + return nil, errors.New("parameter incidentIdentifier cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentIdentifier}", url.PathEscape(incidentIdentifier)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + if options != nil && options.RequestBody != nil { + return req, runtime.MarshalAsJSON(req, *options.RequestBody) + } + return req, nil +} + +// runPlaybookHandleResponse handles the RunPlaybook response. +func (client *IncidentsClient) runPlaybookHandleResponse(resp *http.Response) (IncidentsClientRunPlaybookResponse, error) { + result := IncidentsClientRunPlaybookResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.Interface); err != nil { + return IncidentsClientRunPlaybookResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_ipgeodata_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_ipgeodata_client.go new file mode 100644 index 000000000000..965c9716ec89 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_ipgeodata_client.go @@ -0,0 +1,108 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// IPGeodataClient contains the methods for the IPGeodata group. +// Don't use this type directly, use NewIPGeodataClient() instead. +type IPGeodataClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewIPGeodataClient creates a new instance of IPGeodataClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewIPGeodataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IPGeodataClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &IPGeodataClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Get - Get geodata for a single IP address +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// ipAddress - IP address (v4 or v6) to be enriched +// options - IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method. +func (client *IPGeodataClient) Get(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (IPGeodataClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, ipAddress, options) + if err != nil { + return IPGeodataClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return IPGeodataClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return IPGeodataClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *IPGeodataClient) getCreateRequest(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + reqQP.Set("ipAddress", ipAddress) + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *IPGeodataClient) getHandleResponse(resp *http.Response) (IPGeodataClientGetResponse, error) { + result := IPGeodataClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.EnrichmentIPGeodata); err != nil { + return IPGeodataClientGetResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_metadata_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_metadata_client.go new file mode 100644 index 000000000000..bcee62552034 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_metadata_client.go @@ -0,0 +1,374 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strconv" + "strings" +) + +// MetadataClient contains the methods for the Metadata group. +// Don't use this type directly, use NewMetadataClient() instead. +type MetadataClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewMetadataClient creates a new instance of MetadataClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*MetadataClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &MetadataClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Create - Create a Metadata. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// metadataName - The Metadata name. +// metadata - Metadata resource. +// options - MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method. +func (client *MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel, options *MetadataClientCreateOptions) (MetadataClientCreateResponse, error) { + req, err := client.createCreateRequest(ctx, resourceGroupName, workspaceName, metadataName, metadata, options) + if err != nil { + return MetadataClientCreateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return MetadataClientCreateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) { + return MetadataClientCreateResponse{}, runtime.NewResponseError(resp) + } + return client.createHandleResponse(resp) +} + +// createCreateRequest creates the Create request. +func (client *MetadataClient) createCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel, options *MetadataClientCreateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if metadataName == "" { + return nil, errors.New("parameter metadataName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{metadataName}", url.PathEscape(metadataName)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, metadata) +} + +// createHandleResponse handles the Create response. +func (client *MetadataClient) createHandleResponse(resp *http.Response) (MetadataClientCreateResponse, error) { + result := MetadataClientCreateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.MetadataModel); err != nil { + return MetadataClientCreateResponse{}, err + } + return result, nil +} + +// Delete - Delete a Metadata. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// metadataName - The Metadata name. +// options - MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method. +func (client *MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientDeleteOptions) (MetadataClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, metadataName, options) + if err != nil { + return MetadataClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return MetadataClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return MetadataClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return MetadataClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *MetadataClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if metadataName == "" { + return nil, errors.New("parameter metadataName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{metadataName}", url.PathEscape(metadataName)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Get a Metadata. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// metadataName - The Metadata name. +// options - MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method. +func (client *MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientGetOptions) (MetadataClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, metadataName, options) + if err != nil { + return MetadataClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return MetadataClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return MetadataClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *MetadataClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if metadataName == "" { + return nil, errors.New("parameter metadataName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{metadataName}", url.PathEscape(metadataName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *MetadataClient) getHandleResponse(resp *http.Response) (MetadataClientGetResponse, error) { + result := MetadataClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.MetadataModel); err != nil { + return MetadataClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - List of all metadata +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - MetadataClientListOptions contains the optional parameters for the MetadataClient.List method. +func (client *MetadataClient) NewListPager(resourceGroupName string, workspaceName string, options *MetadataClientListOptions) *runtime.Pager[MetadataClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[MetadataClientListResponse]{ + More: func(page MetadataClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *MetadataClientListResponse) (MetadataClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return MetadataClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return MetadataClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return MetadataClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *MetadataClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *MetadataClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) + } + if options != nil && options.Skip != nil { + reqQP.Set("$skip", strconv.FormatInt(int64(*options.Skip), 10)) + } + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *MetadataClient) listHandleResponse(resp *http.Response) (MetadataClientListResponse, error) { + result := MetadataClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.MetadataList); err != nil { + return MetadataClientListResponse{}, err + } + return result, nil +} + +// Update - Update an existing Metadata. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// metadataName - The Metadata name. +// metadataPatch - Partial metadata request. +// options - MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method. +func (client *MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch, options *MetadataClientUpdateOptions) (MetadataClientUpdateResponse, error) { + req, err := client.updateCreateRequest(ctx, resourceGroupName, workspaceName, metadataName, metadataPatch, options) + if err != nil { + return MetadataClientUpdateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return MetadataClientUpdateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return MetadataClientUpdateResponse{}, runtime.NewResponseError(resp) + } + return client.updateHandleResponse(resp) +} + +// updateCreateRequest creates the Update request. +func (client *MetadataClient) updateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch, options *MetadataClientUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if metadataName == "" { + return nil, errors.New("parameter metadataName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{metadataName}", url.PathEscape(metadataName)) + req, err := runtime.NewRequest(ctx, http.MethodPatch, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, metadataPatch) +} + +// updateHandleResponse handles the Update response. +func (client *MetadataClient) updateHandleResponse(resp *http.Response) (MetadataClientUpdateResponse, error) { + result := MetadataClientUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.MetadataModel); err != nil { + return MetadataClientUpdateResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models.go index a611d44026df..6cf39bbf320f 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models.go @@ -10,6 +10,28 @@ package armsecurityinsights import "time" +// AADCheckRequirements - Represents AAD (Azure Active Directory) requirements check request. +type AADCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // AAD (Azure Active Directory) requirements check properties. + Properties *AADCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AADCheckRequirements. +func (a *AADCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: a.Kind, + } +} + +// AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. +type AADCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // AADDataConnector - Represents AAD (Azure Active Directory) data connector. type AADDataConnector struct { // REQUIRED; The data connector kind @@ -48,10 +70,32 @@ func (a *AADDataConnector) GetDataConnector() *DataConnector { // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. type AADDataConnectorProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// AATPCheckRequirements - Represents AATP (Azure Advanced Threat Protection) requirements check request. +type AATPCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // AATP (Azure Advanced Threat Protection) requirements check properties. + Properties *AATPCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AATPCheckRequirements. +func (a *AATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: a.Kind, + } +} - // The tenant id to connect to, and get the data from. +// AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. +type AATPCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } @@ -93,11 +137,42 @@ func (a *AATPDataConnector) GetDataConnector() *DataConnector { // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. type AATPDataConnectorProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} - // The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` +// APIPollingParameters - Represents Codeless API Polling data connector +type APIPollingParameters struct { + // Config to describe the instructions blade + ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"` + + // Config to describe the polling instructions + PollingConfig *CodelessConnectorPollingConfigProperties `json:"pollingConfig,omitempty"` +} + +// ASCCheckRequirements - Represents ASC (Azure Security Center) requirements check request. +type ASCCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // ASC (Azure Security Center) requirements check properties. + Properties *ASCCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type ASCCheckRequirements. +func (a *ASCCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: a.Kind, + } +} + +// ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. +type ASCCheckRequirementsProperties struct { + // The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` } // ASCDataConnector - Represents ASC (Azure Security Center) data connector. @@ -148,7 +223,7 @@ type ASCDataConnectorProperties struct { // AccountEntity - Represents an account entity. type AccountEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // Account entity properties Properties *AccountEntityProperties `json:"properties,omitempty"` @@ -207,7 +282,7 @@ type AccountEntityProperties struct { // READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"` - // READ-ONLY; The NetBIOS domain name as it appears in the alert format - domain\username. Examples: NT AUTHORITY. + // READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. NtDomain *string `json:"ntDomain,omitempty" azure:"ro"` // READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned @@ -262,7 +337,7 @@ type ActionRequestProperties struct { // ActionResponse - Action for alert rule. type ActionResponse struct { - // Etag of the action. + // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Action properties for get request @@ -319,6 +394,222 @@ type ActionsList struct { NextLink *string `json:"nextLink,omitempty" azure:"ro"` } +// ActivityCustomEntityQuery - Represents Activity entity query. +type ActivityCustomEntityQuery struct { + // REQUIRED; the entity query kind + Kind *CustomEntityQueryKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Activity entity query properties + Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type ActivityCustomEntityQuery. +func (a *ActivityCustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery { + return &CustomEntityQuery{ + Kind: a.Kind, + Etag: a.Etag, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } +} + +// ActivityEntityQueriesProperties - Describes activity entity query properties +type ActivityEntityQueriesProperties struct { + // The entity query content to display in timeline + Content *string `json:"content,omitempty"` + + // The entity query description + Description *string `json:"description,omitempty"` + + // Determines whether this activity is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + + // The query applied only to entities matching to all filters + EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"` + + // The type of the query's source entity + InputEntityType *EntityType `json:"inputEntityType,omitempty"` + + // The Activity query definitions + QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions `json:"queryDefinitions,omitempty"` + + // List of the fields of the source entity that are required to run the query + RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` + + // The template id this activity was created from + TemplateName *string `json:"templateName,omitempty"` + + // The entity query title + Title *string `json:"title,omitempty"` + + // READ-ONLY; The time the activity was created + CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` + + // READ-ONLY; The last time the activity was updated + LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` +} + +// ActivityEntityQueriesPropertiesQueryDefinitions - The Activity query definitions +type ActivityEntityQueriesPropertiesQueryDefinitions struct { + // The Activity query to run on a given entity + Query *string `json:"query,omitempty"` +} + +// ActivityEntityQuery - Represents Activity entity query. +type ActivityEntityQuery struct { + // REQUIRED; the entity query kind + Kind *EntityQueryKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Activity entity query properties + Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntityQuery implements the EntityQueryClassification interface for type ActivityEntityQuery. +func (a *ActivityEntityQuery) GetEntityQuery() *EntityQuery { + return &EntityQuery{ + Kind: a.Kind, + Etag: a.Etag, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } +} + +// ActivityEntityQueryTemplate - Represents Activity entity query. +type ActivityEntityQueryTemplate struct { + // REQUIRED; the entity query template kind + Kind *EntityQueryTemplateKind `json:"kind,omitempty"` + + // Activity entity query properties + Properties *ActivityEntityQueryTemplateProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type ActivityEntityQueryTemplate. +func (a *ActivityEntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate { + return &EntityQueryTemplate{ + Kind: a.Kind, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } +} + +// ActivityEntityQueryTemplateProperties - Describes activity entity query properties +type ActivityEntityQueryTemplateProperties struct { + // The entity query content to display in timeline + Content *string `json:"content,omitempty"` + + // List of required data types for the given entity query template + DataTypes []*DataTypeDefinitions `json:"dataTypes,omitempty"` + + // The entity query description + Description *string `json:"description,omitempty"` + + // The query applied only to entities matching to all filters + EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"` + + // The type of the query's source entity + InputEntityType *EntityType `json:"inputEntityType,omitempty"` + + // The Activity query definitions + QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions `json:"queryDefinitions,omitempty"` + + // List of the fields of the source entity that are required to run the query + RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` + + // The entity query title + Title *string `json:"title,omitempty"` +} + +// ActivityEntityQueryTemplatePropertiesQueryDefinitions - The Activity query definitions +type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct { + // The Activity query to run on a given entity + Query *string `json:"query,omitempty"` + + // The dimensions we want to summarize the timeline results on, this is comma separated list + SummarizeBy *string `json:"summarizeBy,omitempty"` +} + +// ActivityTimelineItem - Represents Activity timeline item. +type ActivityTimelineItem struct { + // REQUIRED; The grouping bucket end time. + BucketEndTimeUTC *time.Time `json:"bucketEndTimeUTC,omitempty"` + + // REQUIRED; The grouping bucket start time. + BucketStartTimeUTC *time.Time `json:"bucketStartTimeUTC,omitempty"` + + // REQUIRED; The activity timeline content. + Content *string `json:"content,omitempty"` + + // REQUIRED; The time of the first activity in the grouping bucket. + FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUTC,omitempty"` + + // REQUIRED; The entity query kind type. + Kind *EntityTimelineKind `json:"kind,omitempty"` + + // REQUIRED; The time of the last activity in the grouping bucket. + LastActivityTimeUTC *time.Time `json:"lastActivityTimeUTC,omitempty"` + + // REQUIRED; The activity query id. + QueryID *string `json:"queryId,omitempty"` + + // REQUIRED; The activity timeline title. + Title *string `json:"title,omitempty"` +} + +// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type ActivityTimelineItem. +func (a *ActivityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { + return &EntityTimelineItem{ + Kind: a.Kind, + } +} + // AlertDetailsOverride - Settings for how to dynamically override alert static details type AlertDetailsOverride struct { // the format containing columns name(s) to override the alert description @@ -337,7 +628,8 @@ type AlertDetailsOverride struct { // AlertRuleClassification provides polymorphic access to related types. // Call the interface's GetAlertRule() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AlertRule, *FusionAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *ScheduledAlertRule +// - *AlertRule, *FusionAlertRule, *MLBehaviorAnalyticsAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *NrtAlertRule, +// - *ScheduledAlertRule, *ThreatIntelligenceAlertRule type AlertRuleClassification interface { // GetAlertRule returns the AlertRule content of the underlying type. GetAlertRule() *AlertRule @@ -345,7 +637,7 @@ type AlertRuleClassification interface { // AlertRule - Alert rule. type AlertRule struct { - // REQUIRED; The alert rule kind + // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource @@ -370,7 +662,8 @@ func (a *AlertRule) GetAlertRule() *AlertRule { return a } // AlertRuleTemplateClassification provides polymorphic access to related types. // Call the interface's GetAlertRuleTemplate() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, *ScheduledAlertRuleTemplate +// - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MLBehaviorAnalyticsAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, +// - *NrtAlertRuleTemplate, *ScheduledAlertRuleTemplate, *ThreatIntelligenceAlertRuleTemplate type AlertRuleTemplateClassification interface { // GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type. GetAlertRuleTemplate() *AlertRuleTemplate @@ -378,7 +671,7 @@ type AlertRuleTemplateClassification interface { // AlertRuleTemplate - Alert rule template. type AlertRuleTemplate struct { - // REQUIRED; The alert rule kind + // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} @@ -406,6 +699,60 @@ type AlertRuleTemplateDataSource struct { DataTypes []*string `json:"dataTypes,omitempty"` } +// AlertRuleTemplatePropertiesBase - Base alert rule template property bag. +type AlertRuleTemplatePropertiesBase struct { + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + + // The description of the alert rule template. + Description *string `json:"description,omitempty"` + + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` + + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} + +// AlertRuleTemplateWithMitreProperties - Alert rule template with MITRE property bag. +type AlertRuleTemplateWithMitreProperties struct { + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + + // The description of the alert rule template. + Description *string `json:"description,omitempty"` + + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` + + // The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} + // AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method. type AlertRuleTemplatesClientGetOptions struct { // placeholder for future optional parameters @@ -456,17 +803,21 @@ type AlertRulesList struct { // AlertsDataTypeOfDataConnector - Alerts data type for data connectors. type AlertsDataTypeOfDataConnector struct { - // Alerts data type connection. + // REQUIRED; Alerts data type connection. Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` } -type AutomationRule struct { - // REQUIRED; Automation rule properties - Properties *AutomationRuleProperties `json:"properties,omitempty"` +// Anomalies - Settings with single toggle. +type Anomalies struct { + // REQUIRED; The kind of the setting + Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` + // Anomalies properties + Properties *AnomaliesSettingsProperties `json:"properties,omitempty"` + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -480,54 +831,220 @@ type AutomationRule struct { Type *string `json:"type,omitempty" azure:"ro"` } -// AutomationRuleActionClassification provides polymorphic access to related types. -// Call the interface's GetAutomationRuleAction() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction -type AutomationRuleActionClassification interface { - // GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type. - GetAutomationRuleAction() *AutomationRuleAction +// GetSettings implements the SettingsClassification interface for type Anomalies. +func (a *Anomalies) GetSettings() *Settings { + return &Settings{ + Kind: a.Kind, + Etag: a.Etag, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } } -// AutomationRuleAction - Describes an automation rule action -type AutomationRuleAction struct { - // REQUIRED; The type of the automation rule action - ActionType *ActionType `json:"actionType,omitempty"` - - // REQUIRED - Order *int32 `json:"order,omitempty"` +// AnomaliesSettingsProperties - Anomalies property bag. +type AnomaliesSettingsProperties struct { + // READ-ONLY; Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"` } -// GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction. -func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction { return a } +// AnomalySecurityMLAnalyticsSettings - Represents Anomaly Security ML Analytics Settings +type AnomalySecurityMLAnalyticsSettings struct { + // REQUIRED; The kind of security ML Analytics Settings + Kind *SecurityMLAnalyticsSettingsKind `json:"kind,omitempty"` -// AutomationRuleConditionClassification provides polymorphic access to related types. -// Call the interface's GetAutomationRuleCondition() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *AutomationRuleCondition, *PropertyConditionProperties -type AutomationRuleConditionClassification interface { - // GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type. - GetAutomationRuleCondition() *AutomationRuleCondition -} + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` -// AutomationRuleCondition - Describes an automation rule condition -type AutomationRuleCondition struct { - // REQUIRED - ConditionType *ConditionType `json:"conditionType,omitempty"` -} + // Anomaly Security ML Analytics Settings properties + Properties *AnomalySecurityMLAnalyticsSettingsProperties `json:"properties,omitempty"` -// GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition. -func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition { return a } + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` -// AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties. -type AutomationRuleModifyPropertiesAction struct { - // REQUIRED; The type of the automation rule action - ActionType *ActionType `json:"actionType,omitempty"` + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` - // REQUIRED - Order *int32 `json:"order,omitempty"` - ActionConfiguration *IncidentPropertiesAction `json:"actionConfiguration,omitempty"` -} + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSecurityMLAnalyticsSetting implements the SecurityMLAnalyticsSettingClassification interface for type AnomalySecurityMLAnalyticsSettings. +func (a *AnomalySecurityMLAnalyticsSettings) GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting { + return &SecurityMLAnalyticsSetting{ + Kind: a.Kind, + Etag: a.Etag, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } +} + +// AnomalySecurityMLAnalyticsSettingsProperties - AnomalySecurityMLAnalytics settings base property bag. +type AnomalySecurityMLAnalyticsSettingsProperties struct { + // REQUIRED; The anomaly version of the AnomalySecurityMLAnalyticsSettings. + AnomalyVersion *string `json:"anomalyVersion,omitempty"` + + // REQUIRED; The display name for settings created by this SecurityMLAnalyticsSettings. + DisplayName *string `json:"displayName,omitempty"` + + // REQUIRED; Determines whether this settings is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + + // REQUIRED; The frequency that this SecurityMLAnalyticsSettings will be run. + Frequency *string `json:"frequency,omitempty"` + + // REQUIRED; Determines whether this anomaly security ml analytics settings is a default settings + IsDefaultSettings *bool `json:"isDefaultSettings,omitempty"` + + // REQUIRED; The anomaly SecurityMLAnalyticsSettings status + SettingsStatus *SettingsStatus `json:"settingsStatus,omitempty"` + + // The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated + // or not. + AnomalySettingsVersion *int32 `json:"anomalySettingsVersion,omitempty"` + + // The customizable observations of the AnomalySecurityMLAnalyticsSettings. + CustomizableObservations interface{} `json:"customizableObservations,omitempty"` + + // The description of the SecurityMLAnalyticsSettings. + Description *string `json:"description,omitempty"` + + // The required data sources for this SecurityMLAnalyticsSettings + RequiredDataConnectors []*SecurityMLAnalyticsSettingsDataSource `json:"requiredDataConnectors,omitempty"` + + // The anomaly settings definition Id + SettingsDefinitionID *string `json:"settingsDefinitionId,omitempty"` + + // The tactics of the SecurityMLAnalyticsSettings + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the SecurityMLAnalyticsSettings + Techniques []*string `json:"techniques,omitempty"` + + // READ-ONLY; The last time that this SecurityMLAnalyticsSettings has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` +} + +// AnomalyTimelineItem - Represents anomaly timeline item. +type AnomalyTimelineItem struct { + // REQUIRED; The anomaly azure resource id. + AzureResourceID *string `json:"azureResourceId,omitempty"` + + // REQUIRED; The anomaly name. + DisplayName *string `json:"displayName,omitempty"` + + // REQUIRED; The anomaly end time. + EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"` + + // REQUIRED; The entity query kind type. + Kind *EntityTimelineKind `json:"kind,omitempty"` + + // REQUIRED; The anomaly start time. + StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"` + + // REQUIRED; The anomaly generated time. + TimeGenerated *time.Time `json:"timeGenerated,omitempty"` + + // The anomaly description. + Description *string `json:"description,omitempty"` + + // The intent of the anomaly. + Intent *string `json:"intent,omitempty"` + + // The anomaly product name. + ProductName *string `json:"productName,omitempty"` + + // The reasons that cause the anomaly. + Reasons []*string `json:"reasons,omitempty"` + + // The techniques of the anomaly. + Techniques []*string `json:"techniques,omitempty"` + + // The name of the anomaly vendor. + Vendor *string `json:"vendor,omitempty"` +} + +// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type AnomalyTimelineItem. +func (a *AnomalyTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { + return &EntityTimelineItem{ + Kind: a.Kind, + } +} + +type AutomationRule struct { + // REQUIRED; Automation rule properties + Properties *AutomationRuleProperties `json:"properties,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// AutomationRuleActionClassification provides polymorphic access to related types. +// Call the interface's GetAutomationRuleAction() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction +type AutomationRuleActionClassification interface { + // GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type. + GetAutomationRuleAction() *AutomationRuleAction +} + +// AutomationRuleAction - Describes an automation rule action. +type AutomationRuleAction struct { + // REQUIRED; The type of the automation rule action. + ActionType *ActionType `json:"actionType,omitempty"` + + // REQUIRED + Order *int32 `json:"order,omitempty"` +} + +// GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction. +func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction { return a } + +// AutomationRuleConditionClassification provides polymorphic access to related types. +// Call the interface's GetAutomationRuleCondition() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *AutomationRuleCondition, *PropertyArrayChangedConditionProperties, *PropertyChangedConditionProperties, *PropertyConditionProperties +type AutomationRuleConditionClassification interface { + // GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type. + GetAutomationRuleCondition() *AutomationRuleCondition +} + +// AutomationRuleCondition - Describes an automation rule condition. +type AutomationRuleCondition struct { + // REQUIRED + ConditionType *ConditionType `json:"conditionType,omitempty"` +} + +// GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition. +func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition { return a } + +// AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties +type AutomationRuleModifyPropertiesAction struct { + // REQUIRED; The type of the automation rule action. + ActionType *ActionType `json:"actionType,omitempty"` + + // REQUIRED + Order *int32 `json:"order,omitempty"` + ActionConfiguration *IncidentPropertiesAction `json:"actionConfiguration,omitempty"` +} // GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleModifyPropertiesAction. func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *AutomationRuleAction { @@ -539,42 +1056,54 @@ func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *Automa // AutomationRuleProperties - Automation rule properties type AutomationRuleProperties struct { - // REQUIRED; The actions to execute when the automation rule is triggered + // REQUIRED; The actions to execute when the automation rule is triggered. Actions []AutomationRuleActionClassification `json:"actions,omitempty"` - // REQUIRED; The display name of the automation rule + // REQUIRED; The display name of the automation rule. DisplayName *string `json:"displayName,omitempty"` - // REQUIRED; The order of execution of the automation rule + // REQUIRED; The order of execution of the automation rule. Order *int32 `json:"order,omitempty"` - // REQUIRED; Describes automation rule triggering logic + // REQUIRED; Describes automation rule triggering logic. TriggeringLogic *AutomationRuleTriggeringLogic `json:"triggeringLogic,omitempty"` // READ-ONLY; Information on the client (user or application) that made some action CreatedBy *ClientInfo `json:"createdBy,omitempty" azure:"ro"` - // READ-ONLY; The time the automation rule was created + // READ-ONLY; The time the automation rule was created. CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` // READ-ONLY; Information on the client (user or application) that made some action LastModifiedBy *ClientInfo `json:"lastModifiedBy,omitempty" azure:"ro"` - // READ-ONLY; The last time the automation rule was updated + // READ-ONLY; The last time the automation rule was updated. LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` } +type AutomationRulePropertyArrayChangedValuesCondition struct { + ArrayType *AutomationRulePropertyArrayChangedConditionSupportedArrayType `json:"arrayType,omitempty"` + ChangeType *AutomationRulePropertyArrayChangedConditionSupportedChangeType `json:"changeType,omitempty"` +} + +type AutomationRulePropertyValuesChangedCondition struct { + ChangeType *AutomationRulePropertyChangedConditionSupportedChangedType `json:"changeType,omitempty"` + Operator *AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"` + PropertyName *AutomationRulePropertyChangedConditionSupportedPropertyType `json:"propertyName,omitempty"` + PropertyValues []*string `json:"propertyValues,omitempty"` +} + type AutomationRulePropertyValuesCondition struct { Operator *AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"` - // The property to evaluate in an automation rule property condition + // The property to evaluate in an automation rule property condition. PropertyName *AutomationRulePropertyConditionSupportedProperty `json:"propertyName,omitempty"` PropertyValues []*string `json:"propertyValues,omitempty"` } // AutomationRuleRunPlaybookAction - Describes an automation rule action to run a playbook type AutomationRuleRunPlaybookAction struct { - // REQUIRED; The type of the automation rule action + // REQUIRED; The type of the automation rule action. ActionType *ActionType `json:"actionType,omitempty"` // REQUIRED @@ -590,9 +1119,9 @@ func (a *AutomationRuleRunPlaybookAction) GetAutomationRuleAction() *AutomationR } } -// AutomationRuleTriggeringLogic - Describes automation rule triggering logic +// AutomationRuleTriggeringLogic - Describes automation rule triggering logic. type AutomationRuleTriggeringLogic struct { - // REQUIRED; Determines whether the automation rule is enabled or disabled + // REQUIRED; Determines whether the automation rule is enabled or disabled. IsEnabled *bool `json:"isEnabled,omitempty"` // REQUIRED @@ -601,7 +1130,7 @@ type AutomationRuleTriggeringLogic struct { // REQUIRED TriggersWhen *TriggersWhen `json:"triggersWhen,omitempty"` - // The conditions to evaluate to determine if the automation rule should be triggered on a given object + // The conditions to evaluate to determine if the automation rule should be triggered on a given object. Conditions []AutomationRuleConditionClassification `json:"conditions,omitempty"` // Determines when the automation rule should automatically expire and be disabled. @@ -635,6 +1164,28 @@ type AutomationRulesList struct { Value []*AutomationRule `json:"value,omitempty"` } +// Availability - Connector Availability Status +type Availability struct { + // Set connector as preview + IsPreview *bool `json:"isPreview,omitempty"` + + // The connector Availability Status + Status *int32 `json:"status,omitempty"` +} + +// AwsCloudTrailCheckRequirements - Amazon Web Services CloudTrail requirements check request. +type AwsCloudTrailCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsCloudTrailCheckRequirements. +func (a *AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: a.Kind, + } +} + // AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector. type AwsCloudTrailDataConnector struct { // REQUIRED; The data connector kind @@ -673,29 +1224,114 @@ func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector { // AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector. type AwsCloudTrailDataConnectorDataTypes struct { - // Logs data type. + // REQUIRED; Logs data type. Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` } // AwsCloudTrailDataConnectorDataTypesLogs - Logs data type. type AwsCloudTrailDataConnectorDataTypesLogs struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. type AwsCloudTrailDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` + // The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. AwsRoleArn *string `json:"awsRoleArn,omitempty"` +} - // The available data types for the connector. - DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` +// AwsS3CheckRequirements - Amazon Web Services S3 requirements check request. +type AwsS3CheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsS3CheckRequirements. +func (a *AwsS3CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: a.Kind, + } +} + +// AwsS3DataConnector - Represents Amazon Web Services S3 data connector. +type AwsS3DataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Amazon Web Services S3 data connector properties. + Properties *AwsS3DataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type AwsS3DataConnector. +func (a *AwsS3DataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: a.Kind, + Etag: a.Etag, + ID: a.ID, + Name: a.Name, + Type: a.Type, + SystemData: a.SystemData, + } +} + +// AwsS3DataConnectorDataTypes - The available data types for Amazon Web Services S3 data connector. +type AwsS3DataConnectorDataTypes struct { + // REQUIRED; Logs data type. + Logs *AwsS3DataConnectorDataTypesLogs `json:"logs,omitempty"` +} + +// AwsS3DataConnectorDataTypesLogs - Logs data type. +type AwsS3DataConnectorDataTypesLogs struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} + +// AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties. +type AwsS3DataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *AwsS3DataConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The logs destination table name in LogAnalytics. + DestinationTable *string `json:"destinationTable,omitempty"` + + // REQUIRED; The Aws Role Arn that is used to access the Aws account. + RoleArn *string `json:"roleArn,omitempty"` + + // REQUIRED; The AWS sqs urls for the connector. + SqsUrls []*string `json:"sqsUrls,omitempty"` +} + +// AzureDevOpsResourceInfo - Resources created in Azure DevOps repository. +type AzureDevOpsResourceInfo struct { + // Id of the pipeline created for the source-control. + PipelineID *string `json:"pipelineId,omitempty"` + + // Id of the service-connection created for the source-control. + ServiceConnectionID *string `json:"serviceConnectionId,omitempty"` } // AzureResourceEntity - Represents an azure resource entity. type AzureResourceEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // AzureResource entity properties Properties *AzureResourceEntityProperties `json:"properties,omitempty"` @@ -761,12 +1397,56 @@ type Bookmark struct { Type *string `json:"type,omitempty" azure:"ro"` } +// BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method. +type BookmarkClientExpandOptions struct { + // placeholder for future optional parameters +} + +// BookmarkEntityMappings - Describes the entity mappings of a single entity +type BookmarkEntityMappings struct { + // The entity type + EntityType *string `json:"entityType,omitempty"` + + // Array of fields mapping for that entity type + FieldMappings []*EntityFieldMapping `json:"fieldMappings,omitempty"` +} + +// BookmarkExpandParameters - The parameters required to execute an expand operation on the given bookmark. +type BookmarkExpandParameters struct { + // The end date filter, so the only expansion results returned are before this date. + EndTime *time.Time `json:"endTime,omitempty"` + + // The Id of the expansion to perform. + ExpansionID *string `json:"expansionId,omitempty"` + + // The start date filter, so the only expansion results returned are after this date. + StartTime *time.Time `json:"startTime,omitempty"` +} + +// BookmarkExpandResponse - The entity expansion result operation response. +type BookmarkExpandResponse struct { + // The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + + // The expansion result values. + Value *BookmarkExpandResponseValue `json:"value,omitempty"` +} + +// BookmarkExpandResponseValue - The expansion result values. +type BookmarkExpandResponseValue struct { + // Array of expansion result connected entities + Edges []*ConnectedEntity `json:"edges,omitempty"` + + // Array of the expansion result entities. + Entities []EntityClassification `json:"entities,omitempty"` +} + // BookmarkList - List all the bookmarks. type BookmarkList struct { // REQUIRED; Array of bookmarks. Value []*Bookmark `json:"value,omitempty"` - // READ-ONLY; URL to fetch the next set of cases. + // READ-ONLY; URL to fetch the next set of bookmarks. NextLink *string `json:"nextLink,omitempty" azure:"ro"` } @@ -784,6 +1464,9 @@ type BookmarkProperties struct { // Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` + // Describes the entity mappings of the bookmark + EntityMappings []*BookmarkEntityMappings `json:"entityMappings,omitempty"` + // The bookmark event time EventTime *time.Time `json:"eventTime,omitempty"` @@ -805,6 +1488,12 @@ type BookmarkProperties struct { // The start time for the query QueryStartTime *time.Time `json:"queryStartTime,omitempty"` + // A list of relevant mitre attacks + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // A list of relevant mitre techniques + Techniques []*string `json:"techniques,omitempty"` + // The last time the bookmark was updated Updated *time.Time `json:"updated,omitempty"` @@ -812,6 +1501,73 @@ type BookmarkProperties struct { UpdatedBy *UserInfo `json:"updatedBy,omitempty"` } +// BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate +// method. +type BookmarkRelationsClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method. +type BookmarkRelationsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method. +type BookmarkRelationsClientGetOptions struct { + // placeholder for future optional parameters +} + +// BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method. +type BookmarkRelationsClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string + // Sorts the results. Optional. + Orderby *string + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + // Returns only the first n results. Optional. + Top *int32 +} + +// BookmarkTimelineItem - Represents bookmark timeline item. +type BookmarkTimelineItem struct { + // REQUIRED; The bookmark azure resource id. + AzureResourceID *string `json:"azureResourceId,omitempty"` + + // REQUIRED; The entity query kind type. + Kind *EntityTimelineKind `json:"kind,omitempty"` + + // Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + + // The bookmark display name. + DisplayName *string `json:"displayName,omitempty"` + + // The bookmark end time. + EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"` + + // The bookmark event time. + EventTime *time.Time `json:"eventTime,omitempty"` + + // List of labels relevant to this bookmark + Labels []*string `json:"labels,omitempty"` + + // The notes of the bookmark + Notes *string `json:"notes,omitempty"` + + // The bookmark start time. + StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"` +} + +// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type BookmarkTimelineItem. +func (b *BookmarkTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { + return &EntityTimelineItem{ + Kind: b.Kind, + } +} + // BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method. type BookmarksClientCreateOrUpdateOptions struct { // placeholder for future optional parameters @@ -850,7 +1606,7 @@ type ClientInfo struct { // CloudApplicationEntity - Represents a cloud application entity. type CloudApplicationEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // CloudApplication entity properties Properties *CloudApplicationEntityProperties `json:"properties,omitempty"` @@ -914,13 +1670,16 @@ type CloudErrorBody struct { Message *string `json:"message,omitempty" azure:"ro"` } -// DNSEntity - Represents a dns entity. -type DNSEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// CodelessAPIPollingDataConnector - Represents Codeless API Polling data connector. +type CodelessAPIPollingDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` - // Dns entity properties - Properties *DNSEntityProperties `json:"properties,omitempty"` + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Codeless poling data connector properties + Properties *APIPollingParameters `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -935,7 +1694,399 @@ type DNSEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type DNSEntity. +// GetDataConnector implements the DataConnectorClassification interface for type CodelessAPIPollingDataConnector. +func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: c.Kind, + Etag: c.Etag, + ID: c.ID, + Name: c.Name, + Type: c.Type, + SystemData: c.SystemData, + } +} + +// CodelessConnectorPollingAuthProperties - Describe the authentication properties needed to successfully authenticate with +// the server +type CodelessConnectorPollingAuthProperties struct { + // REQUIRED; The authentication type + AuthType *string `json:"authType,omitempty"` + + // A prefix send in the header before the actual token + APIKeyIdentifier *string `json:"apiKeyIdentifier,omitempty"` + + // The header name which the token is sent with + APIKeyName *string `json:"apiKeyName,omitempty"` + + // The endpoint used to authorize the user, used in Oauth 2.0 flow + AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"` + + // The query parameters used in authorization request, used in Oauth 2.0 flow + AuthorizationEndpointQueryParameters interface{} `json:"authorizationEndpointQueryParameters,omitempty"` + + // Describes the flow name, for example 'AuthCode' for Oauth 2.0 + FlowName *string `json:"flowName,omitempty"` + + // Marks if the key should sent in header + IsAPIKeyInPostPayload *string `json:"isApiKeyInPostPayload,omitempty"` + + // Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow + IsClientSecretInHeader *bool `json:"isClientSecretInHeader,omitempty"` + + // The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow + RedirectionEndpoint *string `json:"redirectionEndpoint,omitempty"` + + // The OAuth token scope + Scope *string `json:"scope,omitempty"` + + // The endpoint used to issue a token, used in Oauth 2.0 flow + TokenEndpoint *string `json:"tokenEndpoint,omitempty"` + + // The query headers used in token request, used in Oauth 2.0 flow + TokenEndpointHeaders interface{} `json:"tokenEndpointHeaders,omitempty"` + + // The query parameters used in token request, used in Oauth 2.0 flow + TokenEndpointQueryParameters interface{} `json:"tokenEndpointQueryParameters,omitempty"` +} + +// CodelessConnectorPollingConfigProperties - Config to describe the polling config for API poller connector +type CodelessConnectorPollingConfigProperties struct { + // REQUIRED; Describe the authentication type of the poller + Auth *CodelessConnectorPollingAuthProperties `json:"auth,omitempty"` + + // REQUIRED; Describe the poll request config parameters of the poller + Request *CodelessConnectorPollingRequestProperties `json:"request,omitempty"` + + // The poller active status + IsActive *bool `json:"isActive,omitempty"` + + // Describe the poll request paging config of the poller + Paging *CodelessConnectorPollingPagingProperties `json:"paging,omitempty"` + + // Describe the response config parameters of the poller + Response *CodelessConnectorPollingResponseProperties `json:"response,omitempty"` +} + +// CodelessConnectorPollingPagingProperties - Describe the properties needed to make a pagination call +type CodelessConnectorPollingPagingProperties struct { + // REQUIRED; Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' + PagingType *string `json:"pagingType,omitempty"` + + // Defines the name of a next page attribute + NextPageParaName *string `json:"nextPageParaName,omitempty"` + + // Defines the path to a next page token JSON + NextPageTokenJSONPath *string `json:"nextPageTokenJsonPath,omitempty"` + + // Defines the path to a page count attribute + PageCountAttributePath *string `json:"pageCountAttributePath,omitempty"` + + // Defines the paging size + PageSize *int32 `json:"pageSize,omitempty"` + + // Defines the name of the page size parameter + PageSizeParaName *string `json:"pageSizeParaName,omitempty"` + + // Defines the path to a paging time stamp attribute + PageTimeStampAttributePath *string `json:"pageTimeStampAttributePath,omitempty"` + + // Defines the path to a page total count attribute + PageTotalCountAttributePath *string `json:"pageTotalCountAttributePath,omitempty"` + + // Determines whether to search for the latest time stamp in the events list + SearchTheLatestTimeStampFromEventsList *string `json:"searchTheLatestTimeStampFromEventsList,omitempty"` +} + +// CodelessConnectorPollingRequestProperties - Describe the request properties needed to successfully pull from the server +type CodelessConnectorPollingRequestProperties struct { + // REQUIRED; Describe the endpoint we should pull the data from + APIEndpoint *string `json:"apiEndpoint,omitempty"` + + // REQUIRED; The http method type we will use in the poll request, GET or POST + HTTPMethod *string `json:"httpMethod,omitempty"` + + // REQUIRED; The time format will be used the query events in a specific window + QueryTimeFormat *string `json:"queryTimeFormat,omitempty"` + + // REQUIRED; The window interval we will use the pull the data + QueryWindowInMin *int32 `json:"queryWindowInMin,omitempty"` + + // This will be used the query events from the end of the time window + EndTimeAttributeName *string `json:"endTimeAttributeName,omitempty"` + + // Describe the headers sent in the poll request + Headers interface{} `json:"headers,omitempty"` + + // Describe the query parameters sent in the poll request + QueryParameters interface{} `json:"queryParameters,omitempty"` + + // For advanced scenarios for example user name/password embedded in nested JSON payload + QueryParametersTemplate *string `json:"queryParametersTemplate,omitempty"` + + // Defines the rate limit QPS + RateLimitQPS *int32 `json:"rateLimitQps,omitempty"` + + // Describe the amount of time we should try and poll the data in case of failure + RetryCount *int32 `json:"retryCount,omitempty"` + + // This will be used the query events from a start of the time window + StartTimeAttributeName *string `json:"startTimeAttributeName,omitempty"` + + // The number of seconds we will consider as a request timeout + TimeoutInSeconds *int32 `json:"timeoutInSeconds,omitempty"` +} + +// CodelessConnectorPollingResponseProperties - Describes the response from the external server +type CodelessConnectorPollingResponseProperties struct { + // REQUIRED; Describes the path we should extract the data in the response + EventsJSONPaths []*string `json:"eventsJsonPaths,omitempty"` + + // Describes if the data in the response is Gzip + IsGzipCompressed *bool `json:"isGzipCompressed,omitempty"` + + // Describes the path we should extract the status code in the response + SuccessStatusJSONPath *string `json:"successStatusJsonPath,omitempty"` + + // Describes the path we should extract the status value in the response + SuccessStatusValue *string `json:"successStatusValue,omitempty"` +} + +// CodelessParameters - Represents Codeless UI data connector +type CodelessParameters struct { + // Config to describe the instructions blade + ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"` +} + +// CodelessUIConnectorConfigProperties - Config to describe the instructions blade +type CodelessUIConnectorConfigProperties struct { + // REQUIRED; Connector Availability Status + Availability *Availability `json:"availability,omitempty"` + + // REQUIRED; Define the way the connector check connectivity + ConnectivityCriteria []*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem `json:"connectivityCriteria,omitempty"` + + // REQUIRED; Data types to check for last data received + DataTypes []*CodelessUIConnectorConfigPropertiesDataTypesItem `json:"dataTypes,omitempty"` + + // REQUIRED; Connector description + DescriptionMarkdown *string `json:"descriptionMarkdown,omitempty"` + + // REQUIRED; The graph query to show the current data status + GraphQueries []*CodelessUIConnectorConfigPropertiesGraphQueriesItem `json:"graphQueries,omitempty"` + + // REQUIRED; Name of the table the connector will insert the data to + GraphQueriesTableName *string `json:"graphQueriesTableName,omitempty"` + + // REQUIRED; Instruction steps to enable the connector + InstructionSteps []*CodelessUIConnectorConfigPropertiesInstructionStepsItem `json:"instructionSteps,omitempty"` + + // REQUIRED; Permissions required for the connector + Permissions *Permissions `json:"permissions,omitempty"` + + // REQUIRED; Connector publisher name + Publisher *string `json:"publisher,omitempty"` + + // REQUIRED; The sample queries for the connector + SampleQueries []*CodelessUIConnectorConfigPropertiesSampleQueriesItem `json:"sampleQueries,omitempty"` + + // REQUIRED; Connector blade title + Title *string `json:"title,omitempty"` + + // An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery + CustomImage *string `json:"customImage,omitempty"` +} + +type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct { + // type of connectivity + Type *ConnectivityType `json:"type,omitempty"` + + // Queries for checking connectivity + Value []*string `json:"value,omitempty"` +} + +type CodelessUIConnectorConfigPropertiesDataTypesItem struct { + // Query for indicate last data received + LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"` + + // Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder + Name *string `json:"name,omitempty"` +} + +type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct { + // The base query for the graph + BaseQuery *string `json:"baseQuery,omitempty"` + + // The legend for the graph + Legend *string `json:"legend,omitempty"` + + // the metric that the query is checking + MetricName *string `json:"metricName,omitempty"` +} + +type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct { + // Instruction step description + Description *string `json:"description,omitempty"` + + // Instruction step details + Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"` + + // Instruction step title + Title *string `json:"title,omitempty"` +} + +type CodelessUIConnectorConfigPropertiesSampleQueriesItem struct { + // The sample query description + Description *string `json:"description,omitempty"` + + // the sample query + Query *string `json:"query,omitempty"` +} + +// CodelessUIDataConnector - Represents Codeless UI data connector. +type CodelessUIDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Codeless UI data connector properties + Properties *CodelessParameters `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type CodelessUIDataConnector. +func (c *CodelessUIDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: c.Kind, + Etag: c.Etag, + ID: c.ID, + Name: c.Name, + Type: c.Type, + SystemData: c.SystemData, + } +} + +// ConnectedEntity - Expansion result connected entities +type ConnectedEntity struct { + // key-value pairs for a connected entity mapping + AdditionalData interface{} `json:"additionalData,omitempty"` + + // Entity Id of the connected entity + TargetEntityID *string `json:"targetEntityId,omitempty"` +} + +// ConnectivityCriteria - Setting for the connector check connectivity +type ConnectivityCriteria struct { + // type of connectivity + Type *ConnectivityType `json:"type,omitempty"` + + // Queries for checking connectivity + Value []*string `json:"value,omitempty"` +} + +// ConnectorInstructionModelBase - Instruction step details +type ConnectorInstructionModelBase struct { + // REQUIRED; The kind of the setting + Type *SettingType `json:"type,omitempty"` + + // The parameters for the setting + Parameters interface{} `json:"parameters,omitempty"` +} + +// ContentPathMap - The mapping of content type to a repo path. +type ContentPathMap struct { + // Content type. + ContentType *ContentType `json:"contentType,omitempty"` + + // The path to the content. + Path *string `json:"path,omitempty"` +} + +// CustomEntityQueryClassification provides polymorphic access to related types. +// Call the interface's GetCustomEntityQuery() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *ActivityCustomEntityQuery, *CustomEntityQuery +type CustomEntityQueryClassification interface { + // GetCustomEntityQuery returns the CustomEntityQuery content of the underlying type. + GetCustomEntityQuery() *CustomEntityQuery +} + +// CustomEntityQuery - Specific entity query that supports put requests. +type CustomEntityQuery struct { + // REQUIRED; the entity query kind + Kind *CustomEntityQueryKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type CustomEntityQuery. +func (c *CustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery { return c } + +// Customs permissions required for the connector +type Customs struct { + // Customs permissions description + Description *string `json:"description,omitempty"` + + // Customs permissions name + Name *string `json:"name,omitempty"` +} + +// CustomsPermission - Customs permissions required for the connector +type CustomsPermission struct { + // Customs permissions description + Description *string `json:"description,omitempty"` + + // Customs permissions name + Name *string `json:"name,omitempty"` +} + +// DNSEntity - Represents a dns entity. +type DNSEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // Dns entity properties + Properties *DNSEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type DNSEntity. func (d *DNSEntity) GetEntity() *Entity { return &Entity{ Kind: d.Kind, @@ -971,14 +2122,16 @@ type DNSEntityProperties struct { // DataConnectorClassification provides polymorphic access to related types. // Call the interface's GetDataConnector() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *DataConnector, *MCASDataConnector, -// - *MDATPDataConnector, *OfficeDataConnector, *TIDataConnector +// - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *AwsS3DataConnector, *CodelessAPIPollingDataConnector, +// - *CodelessUIDataConnector, *DataConnector, *Dynamics365DataConnector, *IoTDataConnector, *MCASDataConnector, *MDATPDataConnector, +// - *MSTIDataConnector, *MTPDataConnector, *Office365ProjectDataConnector, *OfficeATPDataConnector, *OfficeDataConnector, +// - *OfficeIRMDataConnector, *OfficePowerBIDataConnector, *TIDataConnector, *TiTaxiiDataConnector type DataConnectorClassification interface { // GetDataConnector returns the DataConnector content of the underlying type. GetDataConnector() *DataConnector } -// DataConnector - Data connector. +// DataConnector - Data connector type DataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` @@ -1002,9 +2155,34 @@ type DataConnector struct { // GetDataConnector implements the DataConnectorClassification interface for type DataConnector. func (d *DataConnector) GetDataConnector() *DataConnector { return d } +// DataConnectorConnectBody - Represents Codeless API Polling data connector. +type DataConnectorConnectBody struct { + // The API key of the audit server. + APIKey *string `json:"apiKey,omitempty"` + + // The authorization code used in OAuth 2.0 code flow to issue a token. + AuthorizationCode *string `json:"authorizationCode,omitempty"` + + // The client id of the OAuth 2.0 application. + ClientID *string `json:"clientId,omitempty"` + + // The client secret of the OAuth 2.0 application. + ClientSecret *string `json:"clientSecret,omitempty"` + + // The authentication kind used to poll the data + Kind *ConnectAuthKind `json:"kind,omitempty"` + + // The user password in the audit log server. + Password *string `json:"password,omitempty"` + RequestConfigUserInputValues []interface{} `json:"requestConfigUserInputValues,omitempty"` + + // The user name in the audit log server. + UserName *string `json:"userName,omitempty"` +} + // DataConnectorDataTypeCommon - Common field for data type in data connectors. type DataConnectorDataTypeCommon struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } @@ -1017,9 +2195,18 @@ type DataConnectorList struct { NextLink *string `json:"nextLink,omitempty" azure:"ro"` } +// DataConnectorRequirementsState - Data connector requirements status. +type DataConnectorRequirementsState struct { + // Authorization state for this connector + AuthorizationState *DataConnectorAuthorizationState `json:"authorizationState,omitempty"` + + // License state for this connector + LicenseState *DataConnectorLicenseState `json:"licenseState,omitempty"` +} + // DataConnectorTenantID - Properties data connector on tenant level. type DataConnectorTenantID struct { - // The tenant id to connect to, and get the data from. + // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } @@ -1029,6 +2216,40 @@ type DataConnectorWithAlertsProperties struct { DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` } +// DataConnectorsCheckRequirementsClassification provides polymorphic access to related types. +// Call the interface's GetDataConnectorsCheckRequirements() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *AADCheckRequirements, *AATPCheckRequirements, *ASCCheckRequirements, *AwsCloudTrailCheckRequirements, *AwsS3CheckRequirements, +// - *DataConnectorsCheckRequirements, *Dynamics365CheckRequirements, *IoTCheckRequirements, *MCASCheckRequirements, *MDATPCheckRequirements, +// - *MSTICheckRequirements, *MtpCheckRequirements, *Office365ProjectCheckRequirements, *OfficeATPCheckRequirements, *OfficeIRMCheckRequirements, +// - *OfficePowerBICheckRequirements, *TICheckRequirements, *TiTaxiiCheckRequirements +type DataConnectorsCheckRequirementsClassification interface { + // GetDataConnectorsCheckRequirements returns the DataConnectorsCheckRequirements content of the underlying type. + GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements +} + +// DataConnectorsCheckRequirements - Data connector requirements properties. +type DataConnectorsCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type DataConnectorsCheckRequirements. +func (d *DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return d +} + +// DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post +// method. +type DataConnectorsCheckRequirementsClientPostOptions struct { + // placeholder for future optional parameters +} + +// DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method. +type DataConnectorsClientConnectOptions struct { + // placeholder for future optional parameters +} + // DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate // method. type DataConnectorsClientCreateOrUpdateOptions struct { @@ -1040,6 +2261,11 @@ type DataConnectorsClientDeleteOptions struct { // placeholder for future optional parameters } +// DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method. +type DataConnectorsClientDisconnectOptions struct { + // placeholder for future optional parameters +} + // DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method. type DataConnectorsClientGetOptions struct { // placeholder for future optional parameters @@ -1050,80 +2276,79 @@ type DataConnectorsClientListOptions struct { // placeholder for future optional parameters } -// EntityClassification provides polymorphic access to related types. -// Call the interface's GetEntity() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, -// - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, -// - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, -// - *URLEntity -type EntityClassification interface { - // GetEntity returns the Entity content of the underlying type. - GetEntity() *Entity +// DataTypeDefinitions - The data type definition +type DataTypeDefinitions struct { + // The data type name + DataType *string `json:"dataType,omitempty"` } -// Entity - Specific entity. -type Entity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// Deployment - Description about a deployment. +type Deployment struct { + // Deployment identifier. + DeploymentID *string `json:"deploymentId,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // Url to access repository action logs. + DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The outcome of the deployment. + DeploymentResult *DeploymentResult `json:"deploymentResult,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // Current status of the deployment. + DeploymentState *DeploymentState `json:"deploymentState,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // The time when the deployment finished. + DeploymentTime *time.Time `json:"deploymentTime,omitempty"` } -// GetEntity implements the EntityClassification interface for type Entity. -func (e *Entity) GetEntity() *Entity { return e } +// DeploymentInfo - Information regarding a deployment. +type DeploymentInfo struct { + // Deployment information. + Deployment *Deployment `json:"deployment,omitempty"` -// EntityCommonProperties - Entity common property bag. -type EntityCommonProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + // Status while fetching the last deployment. + DeploymentFetchStatus *DeploymentFetchStatus `json:"deploymentFetchStatus,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // Additional details about the deployment that can be shown to the user. + Message *string `json:"message,omitempty"` } -// EntityMapping - Single entity mapping for the alert rule -type EntityMapping struct { - // The V3 type of the mapped entity - EntityType *EntityMappingType `json:"entityType,omitempty"` - - // array of field mappings for the given entity mapping - FieldMappings []*FieldMapping `json:"fieldMappings,omitempty"` +// DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method. +type DomainWhoisClientGetOptions struct { + // placeholder for future optional parameters } -// EventGroupingSettings - Event grouping settings property bag. -type EventGroupingSettings struct { - // The event grouping aggregation kinds - AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +// Dynamics365CheckRequirements - Represents Dynamics365 requirements check request. +type Dynamics365CheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Dynamics365 requirements check properties. + Properties *Dynamics365CheckRequirementsProperties `json:"properties,omitempty"` } -// FieldMapping - A single field mapping of the mapped entity -type FieldMapping struct { - // the column name to be mapped to the identifier - ColumnName *string `json:"columnName,omitempty"` +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Dynamics365CheckRequirements. +func (d *Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: d.Kind, + } +} - // the V3 identifier of the entity - Identifier *string `json:"identifier,omitempty"` +// Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties. +type Dynamics365CheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// FileEntity - Represents a file entity. -type FileEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// Dynamics365DataConnector - Represents Dynamics365 data connector. +type Dynamics365DataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` - // File entity properties - Properties *FileEntityProperties `json:"properties,omitempty"` + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Dynamics365 data connector properties. + Properties *Dynamics365DataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -1138,271 +2363,258 @@ type FileEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type FileEntity. -func (f *FileEntity) GetEntity() *Entity { - return &Entity{ - Kind: f.Kind, - ID: f.ID, - Name: f.Name, - Type: f.Type, - SystemData: f.SystemData, +// GetDataConnector implements the DataConnectorClassification interface for type Dynamics365DataConnector. +func (d *Dynamics365DataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: d.Kind, + Etag: d.Etag, + ID: d.ID, + Name: d.Name, + Type: d.Type, + SystemData: d.SystemData, } } -// FileEntityProperties - File entity property bag. -type FileEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - - // READ-ONLY; The full path to the file. - Directory *string `json:"directory,omitempty" azure:"ro"` - - // READ-ONLY; The file hash entity identifiers associated with this file - FileHashEntityIDs []*string `json:"fileHashEntityIds,omitempty" azure:"ro"` +// Dynamics365DataConnectorDataTypes - The available data types for Dynamics365 data connector. +type Dynamics365DataConnectorDataTypes struct { + // REQUIRED; Common Data Service data type connection. + Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities `json:"dynamics365CdsActivities,omitempty"` +} - // READ-ONLY; The file name without path (some alerts might not include path). - FileName *string `json:"fileName,omitempty" azure:"ro"` +// Dynamics365DataConnectorDataTypesDynamics365CdsActivities - Common Data Service data type connection. +type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` +// Dynamics365DataConnectorProperties - Dynamics365 data connector properties. +type Dynamics365DataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *Dynamics365DataConnectorDataTypes `json:"dataTypes,omitempty"` - // READ-ONLY; The Host entity id which the file belongs to - HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// FileHashEntity - Represents a file hash entity. -type FileHashEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` - - // FileHash entity properties - Properties *FileHashEntityProperties `json:"properties,omitempty"` +// EnrichmentDomainWhois - Whois information for a given domain and associated metadata +type EnrichmentDomainWhois struct { + // The timestamp at which this record was created + Created *time.Time `json:"created,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // The domain for this whois record + Domain *string `json:"domain,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The timestamp at which this record will expire + Expires *time.Time `json:"expires,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // The whois record for a given domain + ParsedWhois *EnrichmentDomainWhoisDetails `json:"parsedWhois,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` -} + // The hostname of this registrar's whois server + Server *string `json:"server,omitempty"` -// GetEntity implements the EntityClassification interface for type FileHashEntity. -func (f *FileHashEntity) GetEntity() *Entity { - return &Entity{ - Kind: f.Kind, - ID: f.ID, - Name: f.Name, - Type: f.Type, - SystemData: f.SystemData, - } + // The timestamp at which this record was last updated + Updated *time.Time `json:"updated,omitempty"` } -// FileHashEntityProperties - FileHash entity property bag. -type FileHashEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - - // READ-ONLY; The hash algorithm type. - Algorithm *FileHashAlgorithm `json:"algorithm,omitempty" azure:"ro"` +// EnrichmentDomainWhoisContact - An individual contact associated with this domain +type EnrichmentDomainWhoisContact struct { + // The city for this contact + City *string `json:"city,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // The country for this contact + Country *string `json:"country,omitempty"` - // READ-ONLY; The file hash value. - HashValue *string `json:"hashValue,omitempty" azure:"ro"` -} + // The email address for this contact + Email *string `json:"email,omitempty"` -// FusionAlertRule - Represents Fusion alert rule. -type FusionAlertRule struct { - // REQUIRED; The alert rule kind - Kind *AlertRuleKind `json:"kind,omitempty"` + // The fax number for this contact + Fax *string `json:"fax,omitempty"` - // Etag of the azure resource - Etag *string `json:"etag,omitempty"` + // The name of this contact + Name *string `json:"name,omitempty"` - // Fusion alert rule properties - Properties *FusionAlertRuleProperties `json:"properties,omitempty"` + // The organization for this contact + Org *string `json:"org,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // The phone number for this contact + Phone *string `json:"phone,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The postal code for this contact + Postal *string `json:"postal,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // The state for this contact + State *string `json:"state,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // A list describing the street address for this contact + Street []*string `json:"street,omitempty"` } -// GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule. -func (f *FusionAlertRule) GetAlertRule() *AlertRule { - return &AlertRule{ - Kind: f.Kind, - Etag: f.Etag, - ID: f.ID, - Name: f.Name, - Type: f.Type, - SystemData: f.SystemData, - } -} +// EnrichmentDomainWhoisContacts - The set of contacts associated with this domain +type EnrichmentDomainWhoisContacts struct { + // The admin contact for this whois record + Admin *EnrichmentDomainWhoisContact `json:"admin,omitempty"` -// FusionAlertRuleProperties - Fusion alert rule base property bag. -type FusionAlertRuleProperties struct { - // REQUIRED; The Name of the alert rule template used to create this rule. - AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // The billing contact for this whois record + Billing *EnrichmentDomainWhoisContact `json:"billing,omitempty"` - // REQUIRED; Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` + // The registrant contact for this whois record + Registrant *EnrichmentDomainWhoisContact `json:"registrant,omitempty"` - // READ-ONLY; The description of the alert rule. - Description *string `json:"description,omitempty" azure:"ro"` + // The technical contact for this whois record + Tech *EnrichmentDomainWhoisContact `json:"tech,omitempty"` +} - // READ-ONLY; The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty" azure:"ro"` +// EnrichmentDomainWhoisDetails - The whois record for a given domain +type EnrichmentDomainWhoisDetails struct { + // The set of contacts associated with this domain + Contacts *EnrichmentDomainWhoisContacts `json:"contacts,omitempty"` - // READ-ONLY; The last time that this alert has been modified. - LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` + // A list of name servers associated with this domain + NameServers []*string `json:"nameServers,omitempty"` - // READ-ONLY; The severity for alerts created by this alert rule. - Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` + // The registrar associated with this domain + Registrar *EnrichmentDomainWhoisRegistrarDetails `json:"registrar,omitempty"` - // READ-ONLY; The tactics of the alert rule - Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` + // The set of status flags for this whois record + Statuses []*string `json:"statuses,omitempty"` } -// FusionAlertRuleTemplate - Represents Fusion alert rule template. -type FusionAlertRuleTemplate struct { - // REQUIRED; The alert rule kind - Kind *AlertRuleKind `json:"kind,omitempty"` +// EnrichmentDomainWhoisRegistrarDetails - The registrar associated with this domain +type EnrichmentDomainWhoisRegistrarDetails struct { + // This registrar's abuse contact email + AbuseContactEmail *string `json:"abuseContactEmail,omitempty"` - // Fusion alert rule template properties - Properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` + // This registrar's abuse contact phone number + AbuseContactPhone *string `json:"abuseContactPhone,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // This registrar's Internet Assigned Numbers Authority id + IanaID *string `json:"ianaId,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The name of this registrar + Name *string `json:"name,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // This registrar's URL + URL *string `json:"url,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // The hostname of this registrar's whois server + WhoisServer *string `json:"whoisServer,omitempty"` } -// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate. -func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { - return &AlertRuleTemplate{ - Kind: f.Kind, - ID: f.ID, - Name: f.Name, - Type: f.Type, - SystemData: f.SystemData, - } -} +// EnrichmentIPGeodata - Geodata information for a given IP address +type EnrichmentIPGeodata struct { + // The autonomous system number associated with this IP address + Asn *string `json:"asn,omitempty"` -// FusionAlertRuleTemplateProperties - Represents Fusion alert rule template properties -type FusionAlertRuleTemplateProperties struct { - // the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // The name of the carrier for this IP address + Carrier *string `json:"carrier,omitempty"` - // The description of the alert rule template. - Description *string `json:"description,omitempty"` + // The city this IP address is located in + City *string `json:"city,omitempty"` - // The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` + // A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 + CityCf *int32 `json:"cityCf,omitempty"` - // The required data connectors for this template - RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // The continent this IP address is located on + Continent *string `json:"continent,omitempty"` - // The severity for alerts created by this alert rule. - Severity *AlertSeverity `json:"severity,omitempty"` + // The county this IP address is located in + Country *string `json:"country,omitempty"` - // The alert rule template status. - Status *TemplateStatus `json:"status,omitempty"` + // A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 + CountryCf *int32 `json:"countryCf,omitempty"` - // The tactics of the alert rule template - Tactics []*AttackTactic `json:"tactics,omitempty"` + // The dotted-decimal or colon-separated string representation of the IP address + IPAddr *string `json:"ipAddr,omitempty"` - // READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + // A description of the connection type of this IP address + IPRoutingType *string `json:"ipRoutingType,omitempty"` - // READ-ONLY; The time that this alert rule template was last updated. - LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` -} + // The latitude of this IP address + Latitude *string `json:"latitude,omitempty"` -// GeoLocation - The geo-location context attached to the ip entity -type GeoLocation struct { - // READ-ONLY; Autonomous System Number - Asn *int32 `json:"asn,omitempty" azure:"ro"` + // The longitude of this IP address + Longitude *string `json:"longitude,omitempty"` - // READ-ONLY; City name - City *string `json:"city,omitempty" azure:"ro"` + // The name of the organization for this IP address + Organization *string `json:"organization,omitempty"` - // READ-ONLY; The country code according to ISO 3166 format - CountryCode *string `json:"countryCode,omitempty" azure:"ro"` + // The type of the organization for this IP address + OrganizationType *string `json:"organizationType,omitempty"` - // READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name - CountryName *string `json:"countryName,omitempty" azure:"ro"` + // The geographic region this IP address is located in + Region *string `json:"region,omitempty"` - // READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with - // positive numbers representing East and negative numbers representing West. Latitude and - // longitude are derived from the city or postal code. - Latitude *float64 `json:"latitude,omitempty" azure:"ro"` + // The state this IP address is located in + State *string `json:"state,omitempty"` - // READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with - // positive numbers representing North and negative numbers representing South. Latitude and - // longitude are derived from the city or postal code. - Longitude *float64 `json:"longitude,omitempty" azure:"ro"` + // A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 + StateCf *int32 `json:"stateCf,omitempty"` - // READ-ONLY; State name - State *string `json:"state,omitempty" azure:"ro"` + // The abbreviated name for the state this IP address is located in + StateCode *string `json:"stateCode,omitempty"` } -// GroupingConfiguration - Grouping configuration property bag. -type GroupingConfiguration struct { - // REQUIRED; Grouping enabled - Enabled *bool `json:"enabled,omitempty"` - - // REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) - LookbackDuration *string `json:"lookbackDuration,omitempty"` +// EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method. +type EntitiesClientExpandOptions struct { + // placeholder for future optional parameters +} - // REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails - // must be provided and not empty. - MatchingMethod *MatchingMethod `json:"matchingMethod,omitempty"` +// EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method. +type EntitiesClientGetInsightsOptions struct { + // placeholder for future optional parameters +} - // REQUIRED; Re-open closed matching incidents - ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"` +// EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method. +type EntitiesClientGetOptions struct { + // placeholder for future optional parameters +} - // A list of alert details to group by (when matchingMethod is Selected) - GroupByAlertDetails []*AlertDetail `json:"groupByAlertDetails,omitempty"` +// EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method. +type EntitiesClientListOptions struct { + // placeholder for future optional parameters +} - // A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule - // may be used. - GroupByCustomDetails []*string `json:"groupByCustomDetails,omitempty"` +// EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method. +type EntitiesClientQueriesOptions struct { + // placeholder for future optional parameters +} - // A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may - // be used. - GroupByEntities []*EntityMappingType `json:"groupByEntities,omitempty"` +// EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method. +type EntitiesGetTimelineClientListOptions struct { + // placeholder for future optional parameters } -// HostEntity - Represents a host entity. -type HostEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method. +type EntitiesRelationsClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string + // Sorts the results. Optional. + Orderby *string + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + // Returns only the first n results. Optional. + Top *int32 +} - // Host entity properties - Properties *HostEntityProperties `json:"properties,omitempty"` +// EntityClassification provides polymorphic access to related types. +// Call the interface's GetEntity() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, +// - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, +// - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, +// - *URLEntity +type EntityClassification interface { + // GetEntity returns the Entity content of the underlying type. + GetEntity() *Entity +} + +// Entity - Specific entity. +type Entity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -1417,137 +2629,212 @@ type HostEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type HostEntity. -func (h *HostEntity) GetEntity() *Entity { - return &Entity{ - Kind: h.Kind, - ID: h.ID, - Name: h.Name, - Type: h.Type, - SystemData: h.SystemData, +// GetEntity implements the EntityClassification interface for type Entity. +func (e *Entity) GetEntity() *Entity { return e } + +// EntityAnalytics - Settings with single toggle. +type EntityAnalytics struct { + // REQUIRED; The kind of the setting + Kind *SettingKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // EntityAnalytics properties + Properties *EntityAnalyticsProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSettings implements the SettingsClassification interface for type EntityAnalytics. +func (e *EntityAnalytics) GetSettings() *Settings { + return &Settings{ + Kind: e.Kind, + Etag: e.Etag, + ID: e.ID, + Name: e.Name, + Type: e.Type, + SystemData: e.SystemData, } } -// HostEntityProperties - Host entity property bag. -type HostEntityProperties struct { - // The operating system type. - OSFamily *OSFamily `json:"osFamily,omitempty"` +// EntityAnalyticsProperties - EntityAnalytics property bag. +type EntityAnalyticsProperties struct { + // The relevant entity providers that are synced + EntityProviders []*EntityProviders `json:"entityProviders,omitempty"` +} +// EntityCommonProperties - Entity common property bag. +type EntityCommonProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - // READ-ONLY; The azure resource id of the VM. - AzureID *string `json:"azureID,omitempty" azure:"ro"` - - // READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain - DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` +} - // READ-ONLY; The hostname without the domain suffix. - HostName *string `json:"hostName,omitempty" azure:"ro"` +// EntityEdges - The edge that connects the entity to the other entity. +type EntityEdges struct { + // A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty"` - // READ-ONLY; Determines whether this host belongs to a domain. - IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"` + // The target entity Id. + TargetEntityID *string `json:"targetEntityId,omitempty"` +} - // READ-ONLY; The host name (pre-windows2000). - NetBiosName *string `json:"netBiosName,omitempty" azure:"ro"` +// EntityExpandParameters - The parameters required to execute an expand operation on the given entity. +type EntityExpandParameters struct { + // The end date filter, so the only expansion results returned are before this date. + EndTime *time.Time `json:"endTime,omitempty"` - // READ-ONLY; The NT domain that this host belongs to. - NtDomain *string `json:"ntDomain,omitempty" azure:"ro"` + // The Id of the expansion to perform. + ExpansionID *string `json:"expansionId,omitempty"` - // READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more - // fine grained than OSFamily or future values not supported by OSFamily enumeration - OSVersion *string `json:"osVersion,omitempty" azure:"ro"` + // The start date filter, so the only expansion results returned are after this date. + StartTime *time.Time `json:"startTime,omitempty"` +} - // READ-ONLY; The OMS agent id, if the host has OMS agent installed. - OmsAgentID *string `json:"omsAgentID,omitempty" azure:"ro"` +// EntityExpandResponse - The entity expansion result operation response. +type EntityExpandResponse struct { + // The metadata from the expansion operation results. + MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` + + // The expansion result values. + Value *EntityExpandResponseValue `json:"value,omitempty"` } -// HuntingBookmark - Represents a Hunting bookmark entity. -type HuntingBookmark struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// EntityExpandResponseValue - The expansion result values. +type EntityExpandResponseValue struct { + // Array of edges that connects the entity to the list of entities. + Edges []*EntityEdges `json:"edges,omitempty"` - // HuntingBookmark entity properties - Properties *HuntingBookmarkProperties `json:"properties,omitempty"` + // Array of the expansion result entities. + Entities []EntityClassification `json:"entities,omitempty"` +} - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` +// EntityFieldMapping - Map identifiers of a single entity +type EntityFieldMapping struct { + // Alert V3 identifier + Identifier *string `json:"identifier,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The value of the identifier + Value *string `json:"value,omitempty"` +} - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` +// EntityGetInsightsParameters - The parameters required to execute insights operation on the given entity. +type EntityGetInsightsParameters struct { + // REQUIRED; The end timeline date, so the results returned are before this date. + EndTime *time.Time `json:"endTime,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // REQUIRED; The start timeline date, so the results returned are after this date. + StartTime *time.Time `json:"startTime,omitempty"` + + // Indicates if query time range should be extended with default time range of the query. Default value is false + AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"` + + // List of Insights Query Id. If empty, default value is all insights of this entity + InsightQueryIDs []*string `json:"insightQueryIds,omitempty"` } -// GetEntity implements the EntityClassification interface for type HuntingBookmark. -func (h *HuntingBookmark) GetEntity() *Entity { - return &Entity{ - Kind: h.Kind, - ID: h.ID, - Name: h.Name, - Type: h.Type, - SystemData: h.SystemData, - } +// EntityGetInsightsResponse - The Get Insights result operation response. +type EntityGetInsightsResponse struct { + // The metadata from the get insights operation results. + MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"` + + // The insights result values. + Value []*EntityInsightItem `json:"value,omitempty"` } -// HuntingBookmarkProperties - Describes bookmark properties -type HuntingBookmarkProperties struct { - // REQUIRED; The display name of the bookmark - DisplayName *string `json:"displayName,omitempty"` +// EntityInsightItem - Entity insight Item. +type EntityInsightItem struct { + // Query results for table insights query. + ChartQueryResults []*InsightsTableResult `json:"chartQueryResults,omitempty"` - // REQUIRED; The query of the bookmark. - Query *string `json:"query,omitempty"` + // The query id of the insight + QueryID *string `json:"queryId,omitempty"` - // The time the bookmark was created - Created *time.Time `json:"created,omitempty"` + // The Time interval that the query actually executed on. + QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"` - // Describes a user that created the bookmark - CreatedBy *UserInfo `json:"createdBy,omitempty"` + // Query results for table insights query. + TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"` +} - // The time of the event - EventTime *time.Time `json:"eventTime,omitempty"` +// EntityInsightItemQueryTimeInterval - The Time interval that the query actually executed on. +type EntityInsightItemQueryTimeInterval struct { + // Insight query end time + EndTime *time.Time `json:"endTime,omitempty"` - // Describes an incident that relates to bookmark - IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` + // Insight query start time + StartTime *time.Time `json:"startTime,omitempty"` +} - // List of labels relevant to this bookmark - Labels []*string `json:"labels,omitempty"` +// EntityList - List of all the entities. +type EntityList struct { + // REQUIRED; Array of entities. + Value []EntityClassification `json:"value,omitempty"` - // The notes of the bookmark - Notes *string `json:"notes,omitempty"` + // READ-ONLY; URL to fetch the next set of entities. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} - // The query result of the bookmark. - QueryResult *string `json:"queryResult,omitempty"` +// EntityMapping - Single entity mapping for the alert rule +type EntityMapping struct { + // The V3 type of the mapped entity + EntityType *EntityMappingType `json:"entityType,omitempty"` - // The last time the bookmark was updated - Updated *time.Time `json:"updated,omitempty"` + // array of field mappings for the given entity mapping + FieldMappings []*FieldMapping `json:"fieldMappings,omitempty"` +} - // Describes a user that updated the bookmark - UpdatedBy *UserInfo `json:"updatedBy,omitempty"` +// EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method. +type EntityQueriesClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` +// EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method. +type EntityQueriesClientDeleteOptions struct { + // placeholder for future optional parameters +} - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` +// EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method. +type EntityQueriesClientGetOptions struct { + // placeholder for future optional parameters } -// IPEntity - Represents an ip entity. -type IPEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method. +type EntityQueriesClientListOptions struct { + // The entity query kind we want to fetch + Kind *Enum13 +} - // Ip entity properties - Properties *IPEntityProperties `json:"properties,omitempty"` +// EntityQueryClassification provides polymorphic access to related types. +// Call the interface's GetEntityQuery() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *ActivityEntityQuery, *EntityQuery, *ExpansionEntityQuery +type EntityQueryClassification interface { + // GetEntityQuery returns the EntityQuery content of the underlying type. + GetEntityQuery() *EntityQuery +} + +// EntityQuery - Specific entity query. +type EntityQuery struct { + // REQUIRED; the entity query kind + Kind *EntityQueryKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -1562,43 +2849,78 @@ type IPEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type IPEntity. -func (i *IPEntity) GetEntity() *Entity { - return &Entity{ - Kind: i.Kind, - ID: i.ID, - Name: i.Name, - Type: i.Type, - SystemData: i.SystemData, - } +// GetEntityQuery implements the EntityQueryClassification interface for type EntityQuery. +func (e *EntityQuery) GetEntityQuery() *EntityQuery { return e } + +// EntityQueryItemClassification provides polymorphic access to related types. +// Call the interface's GetEntityQueryItem() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *EntityQueryItem, *InsightQueryItem +type EntityQueryItemClassification interface { + // GetEntityQueryItem returns the EntityQueryItem content of the underlying type. + GetEntityQueryItem() *EntityQueryItem } -// IPEntityProperties - Ip entity property bag. -type IPEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` +// EntityQueryItem - An abstract Query item for entity +type EntityQueryItem struct { + // REQUIRED; The kind of the entity query + Kind *EntityQueryKind `json:"kind,omitempty"` - // READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) - Address *string `json:"address,omitempty" azure:"ro"` + // Query Template ARM Name + Name *string `json:"name,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // ARM Type + Type *string `json:"type,omitempty"` - // READ-ONLY; The geo-location context attached to the ip entity - Location *GeoLocation `json:"location,omitempty" azure:"ro"` + // READ-ONLY; Query Template ARM ID + ID *string `json:"id,omitempty" azure:"ro"` +} - // READ-ONLY; A list of TI contexts attached to the ip entity. - ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` +// GetEntityQueryItem implements the EntityQueryItemClassification interface for type EntityQueryItem. +func (e *EntityQueryItem) GetEntityQueryItem() *EntityQueryItem { return e } + +// EntityQueryItemProperties - An properties abstract Query item for entity +type EntityQueryItemProperties struct { + // Data types for template + DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"` + + // The query applied only to entities matching to all filters + EntitiesFilter interface{} `json:"entitiesFilter,omitempty"` + + // The type of the entity + InputEntityType *EntityType `json:"inputEntityType,omitempty"` + + // Data types for template + RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` } -// Incident - Represents an incident in Azure Security Insights. -type Incident struct { - // Etag of the azure resource - Etag *string `json:"etag,omitempty"` +type EntityQueryItemPropertiesDataTypesItem struct { + // Data type name + DataType *string `json:"dataType,omitempty"` +} - // Incident properties - Properties *IncidentProperties `json:"properties,omitempty"` +// EntityQueryList - List of all the entity queries. +type EntityQueryList struct { + // REQUIRED; Array of entity queries. + Value []EntityQueryClassification `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of entity queries. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// EntityQueryTemplateClassification provides polymorphic access to related types. +// Call the interface's GetEntityQueryTemplate() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *ActivityEntityQueryTemplate, *EntityQueryTemplate +type EntityQueryTemplateClassification interface { + // GetEntityQueryTemplate returns the EntityQueryTemplate content of the underlying type. + GetEntityQueryTemplate() *EntityQueryTemplate +} + +// EntityQueryTemplate - Specific entity query template. +type EntityQueryTemplate struct { + // REQUIRED; the entity query template kind + Kind *EntityQueryTemplateKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -1613,362 +2935,2397 @@ type Incident struct { Type *string `json:"type,omitempty" azure:"ro"` } -// IncidentAdditionalData - Incident additional data property bag. -type IncidentAdditionalData struct { - // READ-ONLY; List of product names of alerts in the incident - AlertProductNames []*string `json:"alertProductNames,omitempty" azure:"ro"` +// GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type EntityQueryTemplate. +func (e *EntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate { return e } - // READ-ONLY; The number of alerts in the incident - AlertsCount *int32 `json:"alertsCount,omitempty" azure:"ro"` +// EntityQueryTemplateList - List of all the entity query templates. +type EntityQueryTemplateList struct { + // REQUIRED; Array of entity query templates. + Value []EntityQueryTemplateClassification `json:"value,omitempty"` - // READ-ONLY; The number of bookmarks in the incident - BookmarksCount *int32 `json:"bookmarksCount,omitempty" azure:"ro"` + // READ-ONLY; URL to fetch the next set of entity query templates. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} - // READ-ONLY; The number of comments in the incident - CommentsCount *int32 `json:"commentsCount,omitempty" azure:"ro"` +// EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method. +type EntityQueryTemplatesClientGetOptions struct { + // placeholder for future optional parameters +} - // READ-ONLY; The tactics associated with incident - Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` +// EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List method. +type EntityQueryTemplatesClientListOptions struct { + // The entity template query kind we want to fetch + Kind *Enum15 } -// IncidentAlertList - List of incident alerts. -type IncidentAlertList struct { - // REQUIRED; Array of incident alerts. - Value []*SecurityAlert `json:"value,omitempty"` +// EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method. +type EntityRelationsClientGetRelationOptions struct { + // placeholder for future optional parameters } -// IncidentBookmarkList - List of incident bookmarks. -type IncidentBookmarkList struct { - // REQUIRED; Array of incident bookmarks. - Value []*HuntingBookmark `json:"value,omitempty"` +// EntityTimelineItemClassification provides polymorphic access to related types. +// Call the interface's GetEntityTimelineItem() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *ActivityTimelineItem, *AnomalyTimelineItem, *BookmarkTimelineItem, *EntityTimelineItem, *SecurityAlertTimelineItem +type EntityTimelineItemClassification interface { + // GetEntityTimelineItem returns the EntityTimelineItem content of the underlying type. + GetEntityTimelineItem() *EntityTimelineItem } -// IncidentComment - Represents an incident comment -type IncidentComment struct { - // Etag of the azure resource - Etag *string `json:"etag,omitempty"` +// EntityTimelineItem - Entity timeline Item. +type EntityTimelineItem struct { + // REQUIRED; The entity query kind type. + Kind *EntityTimelineKind `json:"kind,omitempty"` +} - // Incident comment properties - Properties *IncidentCommentProperties `json:"properties,omitempty"` +// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type EntityTimelineItem. +func (e *EntityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { return e } - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` +// EntityTimelineParameters - The parameters required to execute s timeline operation on the given entity. +type EntityTimelineParameters struct { + // REQUIRED; The end timeline date, so the results returned are before this date. + EndTime *time.Time `json:"endTime,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // REQUIRED; The start timeline date, so the results returned are after this date. + StartTime *time.Time `json:"startTime,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // Array of timeline Item kinds. + Kinds []*EntityTimelineKind `json:"kinds,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // The number of bucket for timeline queries aggregation. + NumberOfBucket *int32 `json:"numberOfBucket,omitempty"` } -// IncidentCommentList - List of incident comments. -type IncidentCommentList struct { - // REQUIRED; Array of comments. - Value []*IncidentComment `json:"value,omitempty"` +// EntityTimelineResponse - The entity timeline result operation response. +type EntityTimelineResponse struct { + // The metadata from the timeline operation results. + MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` - // READ-ONLY; URL to fetch the next set of comments. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` + // The timeline result values. + Value []EntityTimelineItemClassification `json:"value,omitempty"` } -// IncidentCommentProperties - Incident comment property bag. -type IncidentCommentProperties struct { - // REQUIRED; The comment message +// EventGroupingSettings - Event grouping settings property bag. +type EventGroupingSettings struct { + // The event grouping aggregation kinds + AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +} + +// ExpansionEntityQueriesProperties - Describes expansion entity query properties +type ExpansionEntityQueriesProperties struct { + // List of the data sources that are required to run the query + DataSources []*string `json:"dataSources,omitempty"` + + // The query display name + DisplayName *string `json:"displayName,omitempty"` + + // The type of the query's source entity + InputEntityType *EntityType `json:"inputEntityType,omitempty"` + + // List of the fields of the source entity that are required to run the query + InputFields []*string `json:"inputFields,omitempty"` + + // List of the desired output types to be constructed from the result + OutputEntityTypes []*EntityType `json:"outputEntityTypes,omitempty"` + + // The template query string to be parsed and formatted + QueryTemplate *string `json:"queryTemplate,omitempty"` +} + +// ExpansionEntityQuery - Represents Expansion entity query. +type ExpansionEntityQuery struct { + // REQUIRED; the entity query kind + Kind *EntityQueryKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Expansion entity query properties + Properties *ExpansionEntityQueriesProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntityQuery implements the EntityQueryClassification interface for type ExpansionEntityQuery. +func (e *ExpansionEntityQuery) GetEntityQuery() *EntityQuery { + return &EntityQuery{ + Kind: e.Kind, + Etag: e.Etag, + ID: e.ID, + Name: e.Name, + Type: e.Type, + SystemData: e.SystemData, + } +} + +// ExpansionResultAggregation - Information of a specific aggregation in the expansion result. +type ExpansionResultAggregation struct { + // REQUIRED; Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. + Count *int32 `json:"count,omitempty"` + + // REQUIRED; The kind of the aggregated entity. + EntityKind *EntityKind `json:"entityKind,omitempty"` + + // The common type of the aggregation. (for e.g. entity field name) + AggregationType *string `json:"aggregationType,omitempty"` + + // The display name of the aggregation by type. + DisplayName *string `json:"displayName,omitempty"` +} + +// ExpansionResultsMetadata - Expansion result metadata. +type ExpansionResultsMetadata struct { + // Information of the aggregated nodes in the expansion result. + Aggregations []*ExpansionResultAggregation `json:"aggregations,omitempty"` +} + +// EyesOn - Settings with single toggle. +type EyesOn struct { + // REQUIRED; The kind of the setting + Kind *SettingKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // EyesOn properties + Properties *EyesOnSettingsProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSettings implements the SettingsClassification interface for type EyesOn. +func (e *EyesOn) GetSettings() *Settings { + return &Settings{ + Kind: e.Kind, + Etag: e.Etag, + ID: e.ID, + Name: e.Name, + Type: e.Type, + SystemData: e.SystemData, + } +} + +// EyesOnSettingsProperties - EyesOn property bag. +type EyesOnSettingsProperties struct { + // READ-ONLY; Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"` +} + +// FieldMapping - A single field mapping of the mapped entity +type FieldMapping struct { + // the column name to be mapped to the identifier + ColumnName *string `json:"columnName,omitempty"` + + // the V3 identifier of the entity + Identifier *string `json:"identifier,omitempty"` +} + +// FileEntity - Represents a file entity. +type FileEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // File entity properties + Properties *FileEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type FileEntity. +func (f *FileEntity) GetEntity() *Entity { + return &Entity{ + Kind: f.Kind, + ID: f.ID, + Name: f.Name, + Type: f.Type, + SystemData: f.SystemData, + } +} + +// FileEntityProperties - File entity property bag. +type FileEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The full path to the file. + Directory *string `json:"directory,omitempty" azure:"ro"` + + // READ-ONLY; The file hash entity identifiers associated with this file + FileHashEntityIDs []*string `json:"fileHashEntityIds,omitempty" azure:"ro"` + + // READ-ONLY; The file name without path (some alerts might not include path). + FileName *string `json:"fileName,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The Host entity id which the file belongs to + HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` +} + +// FileHashEntity - Represents a file hash entity. +type FileHashEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // FileHash entity properties + Properties *FileHashEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type FileHashEntity. +func (f *FileHashEntity) GetEntity() *Entity { + return &Entity{ + Kind: f.Kind, + ID: f.ID, + Name: f.Name, + Type: f.Type, + SystemData: f.SystemData, + } +} + +// FileHashEntityProperties - FileHash entity property bag. +type FileHashEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The hash algorithm type. + Algorithm *FileHashAlgorithm `json:"algorithm,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The file hash value. + HashValue *string `json:"hashValue,omitempty" azure:"ro"` +} + +// FusionAlertRule - Represents Fusion alert rule. +type FusionAlertRule struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Fusion alert rule properties + Properties *FusionAlertRuleProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule. +func (f *FusionAlertRule) GetAlertRule() *AlertRule { + return &AlertRule{ + Kind: f.Kind, + Etag: f.Etag, + ID: f.ID, + Name: f.Name, + Type: f.Type, + SystemData: f.SystemData, + } +} + +// FusionAlertRuleProperties - Fusion alert rule base property bag. +type FusionAlertRuleProperties struct { + // REQUIRED; The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + + // REQUIRED; Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + + // Configuration to exclude scenarios in fusion detection. + ScenarioExclusionPatterns []*FusionScenarioExclusionPattern `json:"scenarioExclusionPatterns,omitempty"` + + // Configuration for all supported source signals in fusion detection. + SourceSettings []*FusionSourceSettings `json:"sourceSettings,omitempty"` + + // READ-ONLY; The description of the alert rule. + Description *string `json:"description,omitempty" azure:"ro"` + + // READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` + + // READ-ONLY; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` + + // READ-ONLY; The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` + + // READ-ONLY; The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty" azure:"ro"` +} + +// FusionAlertRuleTemplate - Represents Fusion alert rule template. +type FusionAlertRuleTemplate struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // Fusion alert rule template properties + Properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate. +func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { + return &AlertRuleTemplate{ + Kind: f.Kind, + ID: f.ID, + Name: f.Name, + Type: f.Type, + SystemData: f.SystemData, + } +} + +// FusionAlertRuleTemplateProperties - Fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + + // The description of the alert rule template. + Description *string `json:"description,omitempty"` + + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + + // The required data connectors for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + + // The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` + + // All supported source signal configurations consumed in fusion detection. + SourceSettings []*FusionTemplateSourceSetting `json:"sourceSettings,omitempty"` + + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` + + // The tactics of the alert rule template + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + + // READ-ONLY; The time that this alert rule template was last updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} + +// FusionScenarioExclusionPattern - Represents a Fusion scenario exclusion patterns in Fusion detection. +type FusionScenarioExclusionPattern struct { + // REQUIRED; DateTime when scenario exclusion pattern is added in UTC. + DateAddedInUTC *string `json:"dateAddedInUTC,omitempty"` + + // REQUIRED; Scenario exclusion pattern. + ExclusionPattern *string `json:"exclusionPattern,omitempty"` +} + +// FusionSourceSettings - Represents a supported source signal configuration in Fusion detection. +type FusionSourceSettings struct { + // REQUIRED; Determines whether this source signal is enabled or disabled in Fusion detection. + Enabled *bool `json:"enabled,omitempty"` + + // REQUIRED; Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. + SourceName *string `json:"sourceName,omitempty"` + + // Configuration for all source subtypes under this source signal consumed in fusion detection. + SourceSubTypes []*FusionSourceSubTypeSetting `json:"sourceSubTypes,omitempty"` +} + +// FusionSourceSubTypeSetting - Represents a supported source subtype configuration under a source signal in Fusion detection. +type FusionSourceSubTypeSetting struct { + // REQUIRED; Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. + Enabled *bool `json:"enabled,omitempty"` + + // REQUIRED; Severity configuration for a source subtype consumed in fusion detection. + SeverityFilters *FusionSubTypeSeverityFilter `json:"severityFilters,omitempty"` + + // REQUIRED; The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template + // for supported values. + SourceSubTypeName *string `json:"sourceSubTypeName,omitempty"` + + // READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection. + SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty" azure:"ro"` +} + +// FusionSubTypeSeverityFilter - Represents severity configuration for a source subtype consumed in Fusion detection. +type FusionSubTypeSeverityFilter struct { + // Individual Severity configuration settings for a given source subtype consumed in Fusion detection. + Filters []*FusionSubTypeSeverityFiltersItem `json:"filters,omitempty"` + + // READ-ONLY; Determines whether this source subtype supports severity configuration or not. + IsSupported *bool `json:"isSupported,omitempty" azure:"ro"` +} + +// FusionSubTypeSeverityFiltersItem - Represents a Severity filter setting for a given source subtype consumed in Fusion detection. +type FusionSubTypeSeverityFiltersItem struct { + // REQUIRED; Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. + Enabled *bool `json:"enabled,omitempty"` + + // REQUIRED; The Severity for a given source subtype consumed in Fusion detection. + Severity *AlertSeverity `json:"severity,omitempty"` +} + +// FusionTemplateSourceSetting - Represents a source signal consumed in Fusion detection. +type FusionTemplateSourceSetting struct { + // REQUIRED; The name of a source signal consumed in Fusion detection. + SourceName *string `json:"sourceName,omitempty"` + + // All supported source subtypes under this source signal consumed in fusion detection. + SourceSubTypes []*FusionTemplateSourceSubType `json:"sourceSubTypes,omitempty"` +} + +// FusionTemplateSourceSubType - Represents a source subtype under a source signal consumed in Fusion detection. +type FusionTemplateSourceSubType struct { + // REQUIRED; Severity configuration available for a source subtype consumed in fusion detection. + SeverityFilter *FusionTemplateSubTypeSeverityFilter `json:"severityFilter,omitempty"` + + // REQUIRED; The name of source subtype under a source signal consumed in Fusion detection. + SourceSubTypeName *string `json:"sourceSubTypeName,omitempty"` + + // READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection. + SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty" azure:"ro"` +} + +// FusionTemplateSubTypeSeverityFilter - Represents severity configurations available for a source subtype consumed in Fusion +// detection. +type FusionTemplateSubTypeSeverityFilter struct { + // REQUIRED; Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. + IsSupported *bool `json:"isSupported,omitempty"` + + // List of all supported severities for this source subtype consumed in Fusion detection. + SeverityFilters []*AlertSeverity `json:"severityFilters,omitempty"` +} + +// GeoLocation - The geo-location context attached to the ip entity +type GeoLocation struct { + // READ-ONLY; Autonomous System Number + Asn *int32 `json:"asn,omitempty" azure:"ro"` + + // READ-ONLY; City name + City *string `json:"city,omitempty" azure:"ro"` + + // READ-ONLY; The country code according to ISO 3166 format + CountryCode *string `json:"countryCode,omitempty" azure:"ro"` + + // READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name + CountryName *string `json:"countryName,omitempty" azure:"ro"` + + // READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with + // positive numbers representing East and negative numbers representing West. Latitude and + // longitude are derived from the city or postal code. + Latitude *float64 `json:"latitude,omitempty" azure:"ro"` + + // READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with + // positive numbers representing North and negative numbers representing South. Latitude and + // longitude are derived from the city or postal code. + Longitude *float64 `json:"longitude,omitempty" azure:"ro"` + + // READ-ONLY; State name + State *string `json:"state,omitempty" azure:"ro"` +} + +// GetInsightsErrorKind - GetInsights Query Errors. +type GetInsightsErrorKind struct { + // REQUIRED; the error message + ErrorMessage *string `json:"errorMessage,omitempty"` + + // REQUIRED; the query kind + Kind *GetInsightsError `json:"kind,omitempty"` + + // the query id + QueryID *string `json:"queryId,omitempty"` +} + +// GetInsightsResultsMetadata - Get Insights result metadata. +type GetInsightsResultsMetadata struct { + // REQUIRED; the total items found for the insights request + TotalCount *int32 `json:"totalCount,omitempty"` + + // information about the failed queries + Errors []*GetInsightsErrorKind `json:"errors,omitempty"` +} + +// GetQueriesResponse - Retrieve queries for entity result operation response. +type GetQueriesResponse struct { + // The query result values. + Value []EntityQueryItemClassification `json:"value,omitempty"` +} + +// GitHubResourceInfo - Resources created in GitHub repository. +type GitHubResourceInfo struct { + // GitHub application installation id. + AppInstallationID *string `json:"appInstallationId,omitempty"` +} + +// GraphQueries - The graph query to show the current data status +type GraphQueries struct { + // The base query for the graph + BaseQuery *string `json:"baseQuery,omitempty"` + + // The legend for the graph + Legend *string `json:"legend,omitempty"` + + // the metric that the query is checking + MetricName *string `json:"metricName,omitempty"` +} + +// GroupingConfiguration - Grouping configuration property bag. +type GroupingConfiguration struct { + // REQUIRED; Grouping enabled + Enabled *bool `json:"enabled,omitempty"` + + // REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) + LookbackDuration *string `json:"lookbackDuration,omitempty"` + + // REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails + // must be provided and not empty. + MatchingMethod *MatchingMethod `json:"matchingMethod,omitempty"` + + // REQUIRED; Re-open closed matching incidents + ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"` + + // A list of alert details to group by (when matchingMethod is Selected) + GroupByAlertDetails []*AlertDetail `json:"groupByAlertDetails,omitempty"` + + // A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule + // may be used. + GroupByCustomDetails []*string `json:"groupByCustomDetails,omitempty"` + + // A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may + // be used. + GroupByEntities []*EntityMappingType `json:"groupByEntities,omitempty"` +} + +// HostEntity - Represents a host entity. +type HostEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // Host entity properties + Properties *HostEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type HostEntity. +func (h *HostEntity) GetEntity() *Entity { + return &Entity{ + Kind: h.Kind, + ID: h.ID, + Name: h.Name, + Type: h.Type, + SystemData: h.SystemData, + } +} + +// HostEntityProperties - Host entity property bag. +type HostEntityProperties struct { + // The operating system type. + OSFamily *OSFamily `json:"osFamily,omitempty"` + + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The azure resource id of the VM. + AzureID *string `json:"azureID,omitempty" azure:"ro"` + + // READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain + DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The hostname without the domain suffix. + HostName *string `json:"hostName,omitempty" azure:"ro"` + + // READ-ONLY; Determines whether this host belongs to a domain. + IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"` + + // READ-ONLY; The host name (pre-windows2000). + NetBiosName *string `json:"netBiosName,omitempty" azure:"ro"` + + // READ-ONLY; The NT domain that this host belongs to. + NtDomain *string `json:"ntDomain,omitempty" azure:"ro"` + + // READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more + // fine grained than OSFamily or future values not supported by OSFamily enumeration + OSVersion *string `json:"osVersion,omitempty" azure:"ro"` + + // READ-ONLY; The OMS agent id, if the host has OMS agent installed. + OmsAgentID *string `json:"omsAgentID,omitempty" azure:"ro"` +} + +// HuntingBookmark - Represents a Hunting bookmark entity. +type HuntingBookmark struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // HuntingBookmark entity properties + Properties *HuntingBookmarkProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type HuntingBookmark. +func (h *HuntingBookmark) GetEntity() *Entity { + return &Entity{ + Kind: h.Kind, + ID: h.ID, + Name: h.Name, + Type: h.Type, + SystemData: h.SystemData, + } +} + +// HuntingBookmarkProperties - Describes bookmark properties +type HuntingBookmarkProperties struct { + // REQUIRED; The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` + + // REQUIRED; The query of the bookmark. + Query *string `json:"query,omitempty"` + + // The time the bookmark was created + Created *time.Time `json:"created,omitempty"` + + // Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + + // The time of the event + EventTime *time.Time `json:"eventTime,omitempty"` + + // Describes an incident that relates to bookmark + IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` + + // List of labels relevant to this bookmark + Labels []*string `json:"labels,omitempty"` + + // The notes of the bookmark + Notes *string `json:"notes,omitempty"` + + // The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` + + // The last time the bookmark was updated + Updated *time.Time `json:"updated,omitempty"` + + // Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` +} + +// IPEntity - Represents an ip entity. +type IPEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // Ip entity properties + Properties *IPEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type IPEntity. +func (i *IPEntity) GetEntity() *Entity { + return &Entity{ + Kind: i.Kind, + ID: i.ID, + Name: i.Name, + Type: i.Type, + SystemData: i.SystemData, + } +} + +// IPEntityProperties - Ip entity property bag. +type IPEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) + Address *string `json:"address,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The geo-location context attached to the ip entity + Location *GeoLocation `json:"location,omitempty" azure:"ro"` + + // READ-ONLY; A list of TI contexts attached to the ip entity. + ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` +} + +// IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method. +type IPGeodataClientGetOptions struct { + // placeholder for future optional parameters +} + +// Incident - Represents an incident in Azure Security Insights. +type Incident struct { + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Incident properties + Properties *IncidentProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// IncidentAdditionalData - Incident additional data property bag. +type IncidentAdditionalData struct { + // READ-ONLY; List of product names of alerts in the incident + AlertProductNames []*string `json:"alertProductNames,omitempty" azure:"ro"` + + // READ-ONLY; The number of alerts in the incident + AlertsCount *int32 `json:"alertsCount,omitempty" azure:"ro"` + + // READ-ONLY; The number of bookmarks in the incident + BookmarksCount *int32 `json:"bookmarksCount,omitempty" azure:"ro"` + + // READ-ONLY; The number of comments in the incident + CommentsCount *int32 `json:"commentsCount,omitempty" azure:"ro"` + + // READ-ONLY; The provider incident url to the incident in Microsoft 365 Defender portal + ProviderIncidentURL *string `json:"providerIncidentUrl,omitempty" azure:"ro"` + + // READ-ONLY; The tactics associated with incident + Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` + + // READ-ONLY; The techniques associated with incident's tactics' + Techniques []*string `json:"techniques,omitempty" azure:"ro"` +} + +// IncidentAlertList - List of incident alerts. +type IncidentAlertList struct { + // REQUIRED; Array of incident alerts. + Value []*SecurityAlert `json:"value,omitempty"` +} + +// IncidentBookmarkList - List of incident bookmarks. +type IncidentBookmarkList struct { + // REQUIRED; Array of incident bookmarks. + Value []*HuntingBookmark `json:"value,omitempty"` +} + +// IncidentComment - Represents an incident comment +type IncidentComment struct { + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Incident comment properties + Properties *IncidentCommentProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// IncidentCommentList - List of incident comments. +type IncidentCommentList struct { + // REQUIRED; Array of comments. + Value []*IncidentComment `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// IncidentCommentProperties - Incident comment property bag. +type IncidentCommentProperties struct { + // REQUIRED; The comment message Message *string `json:"message,omitempty"` - // READ-ONLY; Describes the client that created the comment - Author *ClientInfo `json:"author,omitempty" azure:"ro"` + // READ-ONLY; Describes the client that created the comment + Author *ClientInfo `json:"author,omitempty" azure:"ro"` + + // READ-ONLY; The time the comment was created + CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` + + // READ-ONLY; The time the comment was updated + LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` +} + +// IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate +// method. +type IncidentCommentsClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method. +type IncidentCommentsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method. +type IncidentCommentsClientGetOptions struct { + // placeholder for future optional parameters +} + +// IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method. +type IncidentCommentsClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string + // Sorts the results. Optional. + Orderby *string + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + // Returns only the first n results. Optional. + Top *int32 +} + +// IncidentConfiguration - Incident Configuration property bag. +type IncidentConfiguration struct { + // REQUIRED; Create incidents from alerts triggered by this analytics rule + CreateIncident *bool `json:"createIncident,omitempty"` + + // Set how the alerts that are triggered by this analytics rule, are grouped into incidents + GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` +} + +// IncidentEntitiesResponse - The incident related entities response. +type IncidentEntitiesResponse struct { + // Array of the incident related entities. + Entities []EntityClassification `json:"entities,omitempty"` + + // The metadata from the incident related entities results. + MetaData []*IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` +} + +// IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result. +type IncidentEntitiesResultsMetadata struct { + // REQUIRED; Total number of aggregations of the given kind in the incident related entities result. + Count *int32 `json:"count,omitempty"` + + // REQUIRED; The kind of the aggregated entity. + EntityKind *EntityKind `json:"entityKind,omitempty"` +} + +// IncidentInfo - Describes related incident information for the bookmark +type IncidentInfo struct { + // Incident Id + IncidentID *string `json:"incidentId,omitempty"` + + // Relation Name + RelationName *string `json:"relationName,omitempty"` + + // The severity of the incident + Severity *IncidentSeverity `json:"severity,omitempty"` + + // The title of the incident + Title *string `json:"title,omitempty"` +} + +// IncidentLabel - Represents an incident label +type IncidentLabel struct { + // REQUIRED; The name of the label + LabelName *string `json:"labelName,omitempty"` + + // READ-ONLY; The type of the label + LabelType *IncidentLabelType `json:"labelType,omitempty" azure:"ro"` +} + +// IncidentList - List all the incidents. +type IncidentList struct { + // REQUIRED; Array of incidents. + Value []*Incident `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of incidents. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// IncidentOwnerInfo - Information on the user an incident is assigned to +type IncidentOwnerInfo struct { + // The name of the user the incident is assigned to. + AssignedTo *string `json:"assignedTo,omitempty"` + + // The email of the user the incident is assigned to. + Email *string `json:"email,omitempty"` + + // The object id of the user the incident is assigned to. + ObjectID *string `json:"objectId,omitempty"` + + // The type of the owner the incident is assigned to. + OwnerType *OwnerType `json:"ownerType,omitempty"` + + // The user principal name of the user the incident is assigned to. + UserPrincipalName *string `json:"userPrincipalName,omitempty"` +} + +// IncidentProperties - Describes incident properties +type IncidentProperties struct { + // REQUIRED; The severity of the incident + Severity *IncidentSeverity `json:"severity,omitempty"` + + // REQUIRED; The status of the incident + Status *IncidentStatus `json:"status,omitempty"` + + // REQUIRED; The title of the incident + Title *string `json:"title,omitempty"` + + // The reason the incident was closed + Classification *IncidentClassification `json:"classification,omitempty"` + + // Describes the reason the incident was closed + ClassificationComment *string `json:"classificationComment,omitempty"` + + // The classification reason the incident was closed with + ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` + + // The description of the incident + Description *string `json:"description,omitempty"` + + // The time of the first activity in the incident + FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUtc,omitempty"` + + // List of labels relevant to this incident + Labels []*IncidentLabel `json:"labels,omitempty"` + + // The time of the last activity in the incident + LastActivityTimeUTC *time.Time `json:"lastActivityTimeUtc,omitempty"` + + // Describes a user that the incident is assigned to + Owner *IncidentOwnerInfo `json:"owner,omitempty"` + + // The incident ID assigned by the incident provider + ProviderIncidentID *string `json:"providerIncidentId,omitempty"` + + // The name of the source provider that generated the incident + ProviderName *string `json:"providerName,omitempty"` + + // Describes a team for the incident + TeamInformation *TeamInformation `json:"teamInformation,omitempty"` + + // READ-ONLY; Additional data on the incident + AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The time the incident was created + CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` + + // READ-ONLY; A sequential number + IncidentNumber *int32 `json:"incidentNumber,omitempty" azure:"ro"` + + // READ-ONLY; The deep-link url to the incident in Azure portal + IncidentURL *string `json:"incidentUrl,omitempty" azure:"ro"` + + // READ-ONLY; The last time the incident was updated + LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` + + // READ-ONLY; List of resource ids of Analytic rules related to the incident + RelatedAnalyticRuleIDs []*string `json:"relatedAnalyticRuleIds,omitempty" azure:"ro"` +} + +type IncidentPropertiesAction struct { + // The reason the incident was closed + Classification *IncidentClassification `json:"classification,omitempty"` + + // Describes the reason the incident was closed. + ClassificationComment *string `json:"classificationComment,omitempty"` + + // The classification reason the incident was closed with + ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` + + // List of labels to add to the incident. + Labels []*IncidentLabel `json:"labels,omitempty"` + + // Information on the user an incident is assigned to + Owner *IncidentOwnerInfo `json:"owner,omitempty"` + + // The severity of the incident + Severity *IncidentSeverity `json:"severity,omitempty"` + + // The status of the incident + Status *IncidentStatus `json:"status,omitempty"` +} + +// IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate +// method. +type IncidentRelationsClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method. +type IncidentRelationsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method. +type IncidentRelationsClientGetOptions struct { + // placeholder for future optional parameters +} + +// IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method. +type IncidentRelationsClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string + // Sorts the results. Optional. + Orderby *string + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + // Returns only the first n results. Optional. + Top *int32 +} + +// IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method. +type IncidentsClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method. +type IncidentsClientCreateTeamOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method. +type IncidentsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method. +type IncidentsClientGetOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method. +type IncidentsClientListAlertsOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method. +type IncidentsClientListBookmarksOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method. +type IncidentsClientListEntitiesOptions struct { + // placeholder for future optional parameters +} + +// IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method. +type IncidentsClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string + // Sorts the results. Optional. + Orderby *string + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + // Returns only the first n results. Optional. + Top *int32 +} + +// IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method. +type IncidentsClientRunPlaybookOptions struct { + RequestBody *ManualTriggerRequestBody +} + +// InsightQueryItem - Represents Insight Query. +type InsightQueryItem struct { + // REQUIRED; The kind of the entity query + Kind *EntityQueryKind `json:"kind,omitempty"` + + // Query Template ARM Name + Name *string `json:"name,omitempty"` + + // Properties bag for InsightQueryItem + Properties *InsightQueryItemProperties `json:"properties,omitempty"` + + // ARM Type + Type *string `json:"type,omitempty"` + + // READ-ONLY; Query Template ARM ID + ID *string `json:"id,omitempty" azure:"ro"` +} + +// GetEntityQueryItem implements the EntityQueryItemClassification interface for type InsightQueryItem. +func (i *InsightQueryItem) GetEntityQueryItem() *EntityQueryItem { + return &EntityQueryItem{ + ID: i.ID, + Name: i.Name, + Type: i.Type, + Kind: i.Kind, + } +} + +// InsightQueryItemProperties - Represents Insight Query. +type InsightQueryItemProperties struct { + // The activity query definitions. + AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"` + + // The base query of the insight. + BaseQuery *string `json:"baseQuery,omitempty"` + + // The insight chart query. + ChartQuery interface{} `json:"chartQuery,omitempty"` + + // Data types for template + DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"` + + // The insight chart query. + DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"` + + // The insight description. + Description *string `json:"description,omitempty"` + + // The insight display name. + DisplayName *string `json:"displayName,omitempty"` + + // The query applied only to entities matching to all filters + EntitiesFilter interface{} `json:"entitiesFilter,omitempty"` + + // The type of the entity + InputEntityType *EntityType `json:"inputEntityType,omitempty"` + + // The insight chart query. + ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"` + + // Data types for template + RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` + + // The insight table query. + TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"` +} + +// InsightQueryItemPropertiesAdditionalQuery - The activity query definitions. +type InsightQueryItemPropertiesAdditionalQuery struct { + // The insight query. + Query *string `json:"query,omitempty"` + + // The insight text. + Text *string `json:"text,omitempty"` +} + +// InsightQueryItemPropertiesDefaultTimeRange - The insight chart query. +type InsightQueryItemPropertiesDefaultTimeRange struct { + // The padding for the end time of the query. + AfterRange *string `json:"afterRange,omitempty"` + + // The padding for the start time of the query. + BeforeRange *string `json:"beforeRange,omitempty"` +} + +// InsightQueryItemPropertiesReferenceTimeRange - The insight chart query. +type InsightQueryItemPropertiesReferenceTimeRange struct { + // Additional query time for looking back. + BeforeRange *string `json:"beforeRange,omitempty"` +} + +// InsightQueryItemPropertiesTableQuery - The insight table query. +type InsightQueryItemPropertiesTableQuery struct { + // List of insight column definitions. + ColumnsDefinitions []*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem `json:"columnsDefinitions,omitempty"` + + // List of insight queries definitions. + QueriesDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem `json:"queriesDefinitions,omitempty"` +} + +type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct { + // Insight column header. + Header *string `json:"header,omitempty"` + + // Insights Column type. + OutputType *OutputType `json:"outputType,omitempty"` + + // Is query supports deep-link. + SupportDeepLink *bool `json:"supportDeepLink,omitempty"` +} + +type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct { + // Insight column header. + Filter *string `json:"filter,omitempty"` + + // Insight column header. + LinkColumnsDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem `json:"linkColumnsDefinitions,omitempty"` + + // Insight column header. + Project *string `json:"project,omitempty"` + + // Insight column header. + Summarize *string `json:"summarize,omitempty"` +} + +type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem struct { + // Insight Link Definition Projected Name. + ProjectedName *string `json:"projectedName,omitempty"` + + // Insight Link Definition Query. + Query *string `json:"Query,omitempty"` +} + +// InsightsTableResult - Query results for table insights query. +type InsightsTableResult struct { + // Columns Metadata of the table + Columns []*InsightsTableResultColumnsItem `json:"columns,omitempty"` + + // Rows data of the table + Rows [][]*string `json:"rows,omitempty"` +} + +type InsightsTableResultColumnsItem struct { + // the name of the colum + Name *string `json:"name,omitempty"` + + // the type of the colum + Type *string `json:"type,omitempty"` +} + +// InstructionSteps - Instruction steps to enable the connector +type InstructionSteps struct { + // Instruction step description + Description *string `json:"description,omitempty"` + + // Instruction step details + Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"` + + // Instruction step title + Title *string `json:"title,omitempty"` +} + +type InstructionStepsInstructionsItem struct { + // REQUIRED; The kind of the setting + Type *SettingType `json:"type,omitempty"` + + // The parameters for the setting + Parameters interface{} `json:"parameters,omitempty"` +} + +// IoTCheckRequirements - Represents IoT requirements check request. +type IoTCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // IoT requirements check properties. + Properties *IoTCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type IoTCheckRequirements. +func (i *IoTCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: i.Kind, + } +} + +// IoTCheckRequirementsProperties - IoT requirements check properties. +type IoTCheckRequirementsProperties struct { + // The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` +} + +// IoTDataConnector - Represents IoT data connector. +type IoTDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // IoT data connector properties. + Properties *IoTDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type IoTDataConnector. +func (i *IoTDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: i.Kind, + Etag: i.Etag, + ID: i.ID, + Name: i.Name, + Type: i.Type, + SystemData: i.SystemData, + } +} + +// IoTDataConnectorProperties - IoT data connector properties. +type IoTDataConnectorProperties struct { + // The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` + + // The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` +} + +// IoTDeviceEntity - Represents an IoT device entity. +type IoTDeviceEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // IoTDevice entity properties + Properties *IoTDeviceEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type IoTDeviceEntity. +func (i *IoTDeviceEntity) GetEntity() *Entity { + return &Entity{ + Kind: i.Kind, + ID: i.ID, + Name: i.Name, + Type: i.Type, + SystemData: i.SystemData, + } +} + +// IoTDeviceEntityProperties - IoTDevice entity property bag. +type IoTDeviceEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The ID of the IoT Device in the IoT Hub + DeviceID *string `json:"deviceId,omitempty" azure:"ro"` + + // READ-ONLY; The friendly name of the device + DeviceName *string `json:"deviceName,omitempty" azure:"ro"` + + // READ-ONLY; The type of the device + DeviceType *string `json:"deviceType,omitempty" azure:"ro"` + + // READ-ONLY; The ID of the edge device + EdgeID *string `json:"edgeId,omitempty" azure:"ro"` + + // READ-ONLY; The firmware version of the device + FirmwareVersion *string `json:"firmwareVersion,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The Host entity id of this device + HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` + + // READ-ONLY; The IP entity if of this device + IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"` + + // READ-ONLY; The AzureResource entity id of the IoT Hub + IotHubEntityID *string `json:"iotHubEntityId,omitempty" azure:"ro"` + + // READ-ONLY; The ID of the security agent running on the device + IotSecurityAgentID *string `json:"iotSecurityAgentId,omitempty" azure:"ro"` + + // READ-ONLY; The MAC address of the device + MacAddress *string `json:"macAddress,omitempty" azure:"ro"` + + // READ-ONLY; The model of the device + Model *string `json:"model,omitempty" azure:"ro"` + + // READ-ONLY; The operating system of the device + OperatingSystem *string `json:"operatingSystem,omitempty" azure:"ro"` + + // READ-ONLY; A list of protocols of the IoTDevice entity. + Protocols []*string `json:"protocols,omitempty" azure:"ro"` + + // READ-ONLY; The serial number of the device + SerialNumber *string `json:"serialNumber,omitempty" azure:"ro"` + + // READ-ONLY; The source of the device + Source *string `json:"source,omitempty" azure:"ro"` + + // READ-ONLY; A list of TI contexts attached to the IoTDevice entity. + ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` + + // READ-ONLY; The vendor of the device + Vendor *string `json:"vendor,omitempty" azure:"ro"` +} + +// LastDataReceivedDataType - Data type for last data received +type LastDataReceivedDataType struct { + // Query for indicate last data received + LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"` + + // Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder + Name *string `json:"name,omitempty"` +} + +// MCASCheckRequirements - Represents MCAS (Microsoft Cloud App Security) requirements check request. +type MCASCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // MCAS (Microsoft Cloud App Security) requirements check properties. + Properties *MCASCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MCASCheckRequirements. +func (m *MCASCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: m.Kind, + } +} + +// MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. +type MCASCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // MCAS (Microsoft Cloud App Security) data connector properties. + Properties *MCASDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector. +func (m *MCASDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: m.Kind, + Etag: m.Etag, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnectorDataTypes struct { + // REQUIRED; Alerts data type connection. + Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` + + // Discovery log data type connection. + DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"` +} + +// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPCheckRequirements - Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. +type MDATPCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. + Properties *MDATPCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MDATPCheckRequirements. +func (m *MDATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: m.Kind, + } +} + +// MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. +type MDATPCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + Properties *MDATPDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector. +func (m *MDATPDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: m.Kind, + Etag: m.Etag, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. +type MDATPDataConnectorProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + + // The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// MLBehaviorAnalyticsAlertRule - Represents MLBehaviorAnalytics alert rule. +type MLBehaviorAnalyticsAlertRule struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // MLBehaviorAnalytics alert rule properties + Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRule implements the AlertRuleClassification interface for type MLBehaviorAnalyticsAlertRule. +func (m *MLBehaviorAnalyticsAlertRule) GetAlertRule() *AlertRule { + return &AlertRule{ + Kind: m.Kind, + Etag: m.Etag, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule base property bag. +type MLBehaviorAnalyticsAlertRuleProperties struct { + // REQUIRED; The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + + // REQUIRED; Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + + // READ-ONLY; The description of the alert rule. + Description *string `json:"description,omitempty" azure:"ro"` + + // READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert rule has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` + + // READ-ONLY; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` + + // READ-ONLY; The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` + + // READ-ONLY; The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty" azure:"ro"` +} + +// MLBehaviorAnalyticsAlertRuleTemplate - Represents MLBehaviorAnalytics alert rule template. +type MLBehaviorAnalyticsAlertRuleTemplate struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // MLBehaviorAnalytics alert rule template properties. + Properties *MLBehaviorAnalyticsAlertRuleTemplateProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MLBehaviorAnalyticsAlertRuleTemplate. +func (m *MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { + return &AlertRuleTemplate{ + Kind: m.Kind, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties. +type MLBehaviorAnalyticsAlertRuleTemplateProperties struct { + // REQUIRED; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` + + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + + // The description of the alert rule template. + Description *string `json:"description,omitempty"` + + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` + + // The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} + +// MSTICheckRequirements - Represents Microsoft Threat Intelligence requirements check request. +type MSTICheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Microsoft Threat Intelligence requirements check properties. + Properties *MSTICheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MSTICheckRequirements. +func (m *MSTICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: m.Kind, + } +} + +// MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties. +type MSTICheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// MSTIDataConnector - Represents Microsoft Threat Intelligence data connector. +type MSTIDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Microsoft Threat Intelligence data connector properties. + Properties *MSTIDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type MSTIDataConnector. +func (m *MSTIDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: m.Kind, + Etag: m.Etag, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence Platforms data connector. +type MSTIDataConnectorDataTypes struct { + // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. + BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL `json:"bingSafetyPhishingURL,omitempty"` - // READ-ONLY; The time the comment was created - CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` + // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. + MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed `json:"microsoftEmergingThreatFeed,omitempty"` +} - // READ-ONLY; The time the comment was updated - LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` +// MSTIDataConnectorDataTypesBingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector. +type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct { + // REQUIRED; lookback period + LookbackPeriod *string `json:"lookbackPeriod,omitempty"` + + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` } -// IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate -// method. -type IncidentCommentsClientCreateOrUpdateOptions struct { - // placeholder for future optional parameters +// MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector. +type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct { + // REQUIRED; lookback period + LookbackPeriod *string `json:"lookbackPeriod,omitempty"` + + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` } -// IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method. -type IncidentCommentsClientDeleteOptions struct { - // placeholder for future optional parameters +// MSTIDataConnectorProperties - Microsoft Threat Intelligence data connector properties. +type MSTIDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *MSTIDataConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method. -type IncidentCommentsClientGetOptions struct { - // placeholder for future optional parameters +// MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties. +type MTPCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method. -type IncidentCommentsClientListOptions struct { - // Filters the results, based on a Boolean condition. Optional. - Filter *string - // Sorts the results. Optional. - Orderby *string - // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, - // the value of the nextLink element will include a skiptoken parameter that - // specifies a starting point to use for subsequent calls. Optional. - SkipToken *string - // Returns only the first n results. Optional. - Top *int32 +// MTPDataConnector - Represents MTP (Microsoft Threat Protection) data connector. +type MTPDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // MTP (Microsoft Threat Protection) data connector properties. + Properties *MTPDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` } -// IncidentConfiguration - Incident Configuration property bag. -type IncidentConfiguration struct { - // REQUIRED; Create incidents from alerts triggered by this analytics rule - CreateIncident *bool `json:"createIncident,omitempty"` +// GetDataConnector implements the DataConnectorClassification interface for type MTPDataConnector. +func (m *MTPDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: m.Kind, + Etag: m.Etag, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} - // Set how the alerts that are triggered by this analytics rule, are grouped into incidents - GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` +// MTPDataConnectorDataTypes - The available data types for Microsoft Threat Protection Platforms data connector. +type MTPDataConnectorDataTypes struct { + // REQUIRED; Data type for Microsoft Threat Protection Platforms data connector. + Incidents *MTPDataConnectorDataTypesIncidents `json:"incidents,omitempty"` } -// IncidentEntitiesResponse - The incident related entities response. -type IncidentEntitiesResponse struct { - // Array of the incident related entities. - Entities []EntityClassification `json:"entities,omitempty"` +// MTPDataConnectorDataTypesIncidents - Data type for Microsoft Threat Protection Platforms data connector. +type MTPDataConnectorDataTypesIncidents struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} - // The metadata from the incident related entities results. - MetaData []*IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` +// MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties. +type MTPDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *MTPDataConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result. -type IncidentEntitiesResultsMetadata struct { - // REQUIRED; Total number of aggregations of the given kind in the incident related entities result. - Count *int32 `json:"count,omitempty"` +// MailClusterEntity - Represents a mail cluster entity. +type MailClusterEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // Mail cluster entity properties + Properties *MailClusterEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type MailClusterEntity. +func (m *MailClusterEntity) GetEntity() *Entity { + return &Entity{ + Kind: m.Kind, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MailClusterEntityProperties - Mail cluster entity property bag. +type MailClusterEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The cluster group + ClusterGroup *string `json:"clusterGroup,omitempty" azure:"ro"` + + // READ-ONLY; The cluster query end time + ClusterQueryEndTime *time.Time `json:"clusterQueryEndTime,omitempty" azure:"ro"` + + // READ-ONLY; The cluster query start time + ClusterQueryStartTime *time.Time `json:"clusterQueryStartTime,omitempty" azure:"ro"` + + // READ-ONLY; The id of the cluster source + ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty" azure:"ro"` + + // READ-ONLY; The type of the cluster source + ClusterSourceType *string `json:"clusterSourceType,omitempty" azure:"ro"` + + // READ-ONLY; Count of mail messages by DeliveryStatus string representation + CountByDeliveryStatus interface{} `json:"countByDeliveryStatus,omitempty" azure:"ro"` + + // READ-ONLY; Count of mail messages by ProtectionStatus string representation + CountByProtectionStatus interface{} `json:"countByProtectionStatus,omitempty" azure:"ro"` + + // READ-ONLY; Count of mail messages by ThreatType string representation + CountByThreatType interface{} `json:"countByThreatType,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; Is this a volume anomaly mail cluster + IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty" azure:"ro"` + + // READ-ONLY; The number of mail messages that are part of the mail cluster + MailCount *int32 `json:"mailCount,omitempty" azure:"ro"` + + // READ-ONLY; The mail message IDs that are part of the mail cluster + NetworkMessageIDs []*string `json:"networkMessageIds,omitempty" azure:"ro"` + + // READ-ONLY; The query that was used to identify the messages of the mail cluster + Query *string `json:"query,omitempty" azure:"ro"` + + // READ-ONLY; The query time + QueryTime *time.Time `json:"queryTime,omitempty" azure:"ro"` + + // READ-ONLY; The source of the mail cluster (default is 'O365 ATP') + Source *string `json:"source,omitempty" azure:"ro"` + + // READ-ONLY; The threats of mail messages that are part of the mail cluster + Threats []*string `json:"threats,omitempty" azure:"ro"` +} + +// MailMessageEntity - Represents a mail message entity. +type MailMessageEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` + + // Mail message entity properties + Properties *MailMessageEntityProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetEntity implements the EntityClassification interface for type MailMessageEntity. +func (m *MailMessageEntity) GetEntity() *Entity { + return &Entity{ + Kind: m.Kind, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} + +// MailMessageEntityProperties - Mail message entity property bag. +type MailMessageEntityProperties struct { + // The directionality of this mail message + AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"` + + // The bodyFingerprintBin1 + BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"` + + // The bodyFingerprintBin2 + BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"` + + // The bodyFingerprintBin3 + BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"` + + // The bodyFingerprintBin4 + BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"` + + // The bodyFingerprintBin5 + BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"` + + // The delivery action of this mail message like Delivered, Blocked, Replaced etc + DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"` + + // The delivery location of this mail message like Inbox, JunkFolder etc + DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"` + + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + + // READ-ONLY; The File entity ids of this mail message's attachments + FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + + // READ-ONLY; The internet message id of this mail message + InternetMessageID *string `json:"internetMessageId,omitempty" azure:"ro"` + + // READ-ONLY; The language of this mail message + Language *string `json:"language,omitempty" azure:"ro"` + + // READ-ONLY; The network message id of this mail message + NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"` + + // READ-ONLY; The p1 sender's email address + P1Sender *string `json:"p1Sender,omitempty" azure:"ro"` + + // READ-ONLY; The p1 sender's display name + P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty" azure:"ro"` + + // READ-ONLY; The p1 sender's domain + P1SenderDomain *string `json:"p1SenderDomain,omitempty" azure:"ro"` - // REQUIRED; The kind of the aggregated entity. - EntityKind *EntityKindEnum `json:"entityKind,omitempty"` -} + // READ-ONLY; The p2 sender's email address + P2Sender *string `json:"p2Sender,omitempty" azure:"ro"` -// IncidentInfo - Describes related incident information for the bookmark -type IncidentInfo struct { - // Incident Id - IncidentID *string `json:"incidentId,omitempty"` + // READ-ONLY; The p2 sender's display name + P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty" azure:"ro"` - // Relation Name - RelationName *string `json:"relationName,omitempty"` + // READ-ONLY; The p2 sender's domain + P2SenderDomain *string `json:"p2SenderDomain,omitempty" azure:"ro"` - // The severity of the incident - Severity *IncidentSeverity `json:"severity,omitempty"` + // READ-ONLY; The receive date of this message + ReceiveDate *time.Time `json:"receiveDate,omitempty" azure:"ro"` - // The title of the incident - Title *string `json:"title,omitempty"` -} + // READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and + // each copy has one recipient + Recipient *string `json:"recipient,omitempty" azure:"ro"` -// IncidentLabel - Represents an incident label -type IncidentLabel struct { - // REQUIRED; The name of the label - LabelName *string `json:"labelName,omitempty"` + // READ-ONLY; The sender's IP address + SenderIP *string `json:"senderIP,omitempty" azure:"ro"` - // READ-ONLY; The type of the label - LabelType *IncidentLabelType `json:"labelType,omitempty" azure:"ro"` -} + // READ-ONLY; The subject of this mail message + Subject *string `json:"subject,omitempty" azure:"ro"` -// IncidentList - List all the incidents. -type IncidentList struct { - // REQUIRED; Array of incidents. - Value []*Incident `json:"value,omitempty"` + // READ-ONLY; The threat detection methods + ThreatDetectionMethods []*string `json:"threatDetectionMethods,omitempty" azure:"ro"` - // READ-ONLY; URL to fetch the next set of incidents. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` + // READ-ONLY; The threats of this mail message + Threats []*string `json:"threats,omitempty" azure:"ro"` + + // READ-ONLY; The Urls contained in this mail message + Urls []*string `json:"urls,omitempty" azure:"ro"` } -// IncidentOwnerInfo - Information on the user an incident is assigned to -type IncidentOwnerInfo struct { - // The name of the user the incident is assigned to. - AssignedTo *string `json:"assignedTo,omitempty"` +// MailboxEntity - Represents a mailbox entity. +type MailboxEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` - // The email of the user the incident is assigned to. - Email *string `json:"email,omitempty"` + // Mailbox entity properties + Properties *MailboxEntityProperties `json:"properties,omitempty"` - // The object id of the user the incident is assigned to. - ObjectID *string `json:"objectId,omitempty"` + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` - // The user principal name of the user the incident is assigned to. - UserPrincipalName *string `json:"userPrincipalName,omitempty"` -} + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` -// IncidentOwnerInfoAutoGenerated - Information on the user an incident is assigned to -type IncidentOwnerInfoAutoGenerated struct { - // The name of the user the incident is assigned to. - AssignedTo *string `json:"assignedTo,omitempty"` + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` - // The email of the user the incident is assigned to. - Email *string `json:"email,omitempty"` + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} - // The object id of the user the incident is assigned to. - ObjectID *string `json:"objectId,omitempty"` +// GetEntity implements the EntityClassification interface for type MailboxEntity. +func (m *MailboxEntity) GetEntity() *Entity { + return &Entity{ + Kind: m.Kind, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} - // The type of the owner the incident is assigned to. - OwnerType *OwnerType `json:"ownerType,omitempty"` +// MailboxEntityProperties - Mailbox entity property bag. +type MailboxEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - // The user principal name of the user the incident is assigned to. - UserPrincipalName *string `json:"userPrincipalName,omitempty"` -} + // READ-ONLY; The mailbox's display name + DisplayName *string `json:"displayName,omitempty" azure:"ro"` -// IncidentProperties - Describes incident properties -type IncidentProperties struct { - // REQUIRED; The severity of the incident - Severity *IncidentSeverity `json:"severity,omitempty"` + // READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox + // object on office side + ExternalDirectoryObjectID *string `json:"externalDirectoryObjectId,omitempty" azure:"ro"` - // REQUIRED; The status of the incident - Status *IncidentStatus `json:"status,omitempty"` + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` - // REQUIRED; The title of the incident - Title *string `json:"title,omitempty"` + // READ-ONLY; The mailbox's primary address + MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty" azure:"ro"` - // The reason the incident was closed - Classification *IncidentClassification `json:"classification,omitempty"` + // READ-ONLY; The mailbox's UPN + Upn *string `json:"upn,omitempty" azure:"ro"` +} - // Describes the reason the incident was closed - ClassificationComment *string `json:"classificationComment,omitempty"` +// MalwareEntity - Represents a malware entity. +type MalwareEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKind `json:"kind,omitempty"` - // The classification reason the incident was closed with - ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` + // File entity properties + Properties *MalwareEntityProperties `json:"properties,omitempty"` - // The description of the incident - Description *string `json:"description,omitempty"` + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` - // The time of the first activity in the incident - FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUtc,omitempty"` + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` - // List of labels relevant to this incident - Labels []*IncidentLabel `json:"labels,omitempty"` + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` - // The time of the last activity in the incident - LastActivityTimeUTC *time.Time `json:"lastActivityTimeUtc,omitempty"` + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} - // Describes a user that the incident is assigned to - Owner *IncidentOwnerInfo `json:"owner,omitempty"` +// GetEntity implements the EntityClassification interface for type MalwareEntity. +func (m *MalwareEntity) GetEntity() *Entity { + return &Entity{ + Kind: m.Kind, + ID: m.ID, + Name: m.Name, + Type: m.Type, + SystemData: m.SystemData, + } +} - // READ-ONLY; Additional data on the incident - AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty" azure:"ro"` +// MalwareEntityProperties - Malware entity property bag. +type MalwareEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - // READ-ONLY; The time the incident was created - CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` + // READ-ONLY; The malware category by the vendor, e.g. Trojan + Category *string `json:"category,omitempty" azure:"ro"` - // READ-ONLY; A sequential number - IncidentNumber *int32 `json:"incidentNumber,omitempty" azure:"ro"` + // READ-ONLY; List of linked file entity identifiers on which the malware was found + FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` - // READ-ONLY; The deep-link url to the incident in Azure portal - IncidentURL *string `json:"incidentUrl,omitempty" azure:"ro"` + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` - // READ-ONLY; The last time the incident was updated - LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` + // READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn + MalwareName *string `json:"malwareName,omitempty" azure:"ro"` - // READ-ONLY; List of resource ids of Analytic rules related to the incident - RelatedAnalyticRuleIDs []*string `json:"relatedAnalyticRuleIds,omitempty" azure:"ro"` + // READ-ONLY; List of linked process entity identifiers on which the malware was found. + ProcessEntityIDs []*string `json:"processEntityIds,omitempty" azure:"ro"` } -type IncidentPropertiesAction struct { - // The reason the incident was closed - Classification *IncidentClassification `json:"classification,omitempty"` - - // Describes the reason the incident was closed - ClassificationComment *string `json:"classificationComment,omitempty"` +type ManualTriggerRequestBody struct { + LogicAppsResourceID *string `json:"logicAppsResourceId,omitempty"` + TenantID *string `json:"tenantId,omitempty"` +} - // The classification reason the incident was closed with - ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` +// MetadataAuthor - Publisher or creator of the content item. +type MetadataAuthor struct { + // Email of author contact + Email *string `json:"email,omitempty"` - // List of labels to add to the incident - Labels []*IncidentLabel `json:"labels,omitempty"` + // Link for author/vendor page + Link *string `json:"link,omitempty"` - // Information on the user an incident is assigned to - Owner *IncidentOwnerInfoAutoGenerated `json:"owner,omitempty"` + // Name of the author. Company or person. + Name *string `json:"name,omitempty"` +} - // The severity of the incident - Severity *IncidentSeverity `json:"severity,omitempty"` +// MetadataCategories - ies for the solution content item +type MetadataCategories struct { + // domain for the solution content item + Domains []*string `json:"domains,omitempty"` - // The status of the incident - Status *IncidentStatus `json:"status,omitempty"` + // Industry verticals for the solution content item + Verticals []*string `json:"verticals,omitempty"` } -// IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate -// method. -type IncidentRelationsClientCreateOrUpdateOptions struct { +// MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method. +type MetadataClientCreateOptions struct { // placeholder for future optional parameters } -// IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method. -type IncidentRelationsClientDeleteOptions struct { +// MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method. +type MetadataClientDeleteOptions struct { // placeholder for future optional parameters } -// IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method. -type IncidentRelationsClientGetOptions struct { +// MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method. +type MetadataClientGetOptions struct { // placeholder for future optional parameters } -// IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method. -type IncidentRelationsClientListOptions struct { +// MetadataClientListOptions contains the optional parameters for the MetadataClient.List method. +type MetadataClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string - // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, - // the value of the nextLink element will include a skiptoken parameter that - // specifies a starting point to use for subsequent calls. Optional. - SkipToken *string + // Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. + Skip *int32 // Returns only the first n results. Optional. Top *int32 } -// IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method. -type IncidentsClientCreateOrUpdateOptions struct { - // placeholder for future optional parameters -} - -// IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method. -type IncidentsClientDeleteOptions struct { - // placeholder for future optional parameters -} - -// IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method. -type IncidentsClientGetOptions struct { +// MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method. +type MetadataClientUpdateOptions struct { // placeholder for future optional parameters } -// IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method. -type IncidentsClientListAlertsOptions struct { - // placeholder for future optional parameters -} +// MetadataDependencies - Dependencies for the content item, what other content items it requires to work. Can describe more +// complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version +// can be supplied or operator/criteria for complex dependencies. +type MetadataDependencies struct { + // Id of the content item we depend on + ContentID *string `json:"contentId,omitempty"` -// IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method. -type IncidentsClientListBookmarksOptions struct { - // placeholder for future optional parameters -} + // This is the list of dependencies we must fulfill, according to the AND/OR operator + Criteria []*MetadataDependencies `json:"criteria,omitempty"` -// IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method. -type IncidentsClientListEntitiesOptions struct { - // placeholder for future optional parameters -} + // Type of the content item we depend on + Kind *Kind `json:"kind,omitempty"` -// IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method. -type IncidentsClientListOptions struct { - // Filters the results, based on a Boolean condition. Optional. - Filter *string - // Sorts the results. Optional. - Orderby *string - // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, - // the value of the nextLink element will include a skiptoken parameter that - // specifies a starting point to use for subsequent calls. Optional. - SkipToken *string - // Returns only the first n results. Optional. - Top *int32 + // Name of the content item + Name *string `json:"name,omitempty"` + + // Operator used for list of dependencies in criteria array. + Operator *Operator `json:"operator,omitempty"` + + // Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. + // If version does not match our defined numeric format then an exact match is + // required. + Version *string `json:"version,omitempty"` } -// IoTDeviceEntity - Represents an IoT device entity. -type IoTDeviceEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// MetadataList - List of all the metadata. +type MetadataList struct { + // REQUIRED; Array of metadata. + Value []*MetadataModel `json:"value,omitempty"` - // IoTDevice entity properties - Properties *IoTDeviceEntityProperties `json:"properties,omitempty"` + // READ-ONLY; URL to fetch the next page of metadata. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// MetadataModel - Metadata resource definition. +type MetadataModel struct { + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Metadata properties + Properties *MetadataProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -1983,184 +5340,199 @@ type IoTDeviceEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type IoTDeviceEntity. -func (i *IoTDeviceEntity) GetEntity() *Entity { - return &Entity{ - Kind: i.Kind, - ID: i.ID, - Name: i.Name, - Type: i.Type, - SystemData: i.SystemData, - } +// MetadataPatch - Metadata patch request body. +type MetadataPatch struct { + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Metadata patch request body + Properties *MetadataPropertiesPatch `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` } -// IoTDeviceEntityProperties - IoTDevice entity property bag. -type IoTDeviceEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` +// MetadataProperties - Metadata property bag. +type MetadataProperties struct { + // REQUIRED; The kind of content the metadata is for. + Kind *Kind `json:"kind,omitempty"` - // READ-ONLY; The ID of the IoT Device in the IoT Hub - DeviceID *string `json:"deviceId,omitempty" azure:"ro"` + // REQUIRED; Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope + // (subscription and resource group) + ParentID *string `json:"parentId,omitempty"` - // READ-ONLY; The friendly name of the device - DeviceName *string `json:"deviceName,omitempty" azure:"ro"` + // The creator of the content item. + Author *MetadataAuthor `json:"author,omitempty"` - // READ-ONLY; The type of the device - DeviceType *string `json:"deviceType,omitempty" azure:"ro"` + // Categories for the solution content item + Categories *MetadataCategories `json:"categories,omitempty"` - // READ-ONLY; The ID of the edge device - EdgeID *string `json:"edgeId,omitempty" azure:"ro"` + // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for + // out of the box content and solutions. Dynamic for user-created. This is the + // resource name + ContentID *string `json:"contentId,omitempty"` - // READ-ONLY; The firmware version of the device - FirmwareVersion *string `json:"firmwareVersion,omitempty" azure:"ro"` + // Schema version of the content. Can be used to distinguish between different flow based on the schema version + ContentSchemaVersion *string `json:"contentSchemaVersion,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // The custom version of the content. A optional free text + CustomVersion *string `json:"customVersion,omitempty"` - // READ-ONLY; The Host entity id of this device - HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` + // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies + // using a recursive/nested structure. For a single dependency an id/kind/version + // can be supplied or operator/criteria for complex formats. + Dependencies *MetadataDependencies `json:"dependencies,omitempty"` - // READ-ONLY; The IP entity if of this device - IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"` + // first publish date solution content item + FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"` - // READ-ONLY; The AzureResource entity id of the IoT Hub - IotHubEntityID *string `json:"iotHubEntityId,omitempty" azure:"ro"` + // the icon identifier. this id can later be fetched from the solution template + Icon *string `json:"icon,omitempty"` - // READ-ONLY; The ID of the security agent running on the device - IotSecurityAgentID *string `json:"iotSecurityAgentId,omitempty" azure:"ro"` + // last publish date for the solution content item + LastPublishDate *time.Time `json:"lastPublishDate,omitempty"` - // READ-ONLY; The MAC address of the device - MacAddress *string `json:"macAddress,omitempty" azure:"ro"` + // preview image file names. These will be taken from the solution artifacts + PreviewImages []*string `json:"previewImages,omitempty"` - // READ-ONLY; The model of the device - Model *string `json:"model,omitempty" azure:"ro"` + // preview image file names. These will be taken from the solution artifacts. used for dark theme support + PreviewImagesDark []*string `json:"previewImagesDark,omitempty"` - // READ-ONLY; The operating system of the device - OperatingSystem *string `json:"operatingSystem,omitempty" azure:"ro"` + // Providers for the solution content item + Providers []*string `json:"providers,omitempty"` - // READ-ONLY; A list of protocols of the IoTDevice entity. - Protocols []*string `json:"protocols,omitempty" azure:"ro"` + // Source of the content. This is where/how it was created. + Source *MetadataSource `json:"source,omitempty"` - // READ-ONLY; The serial number of the device - SerialNumber *string `json:"serialNumber,omitempty" azure:"ro"` + // Support information for the metadata - type, name, contact information + Support *MetadataSupport `json:"support,omitempty"` - // READ-ONLY; The source of the device - Source *string `json:"source,omitempty" azure:"ro"` + // the tactics the resource covers + ThreatAnalysisTactics []*string `json:"threatAnalysisTactics,omitempty"` - // READ-ONLY; A list of TI contexts attached to the IoTDevice entity. - ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string `json:"threatAnalysisTechniques,omitempty"` - // READ-ONLY; The vendor of the device - Vendor *string `json:"vendor,omitempty" azure:"ro"` + // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + Version *string `json:"version,omitempty"` } -// MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind `json:"kind,omitempty"` +// MetadataPropertiesPatch - Metadata property bag for patch requests. This is the same as the MetadataProperties, but with +// nothing required +type MetadataPropertiesPatch struct { + // The creator of the content item. + Author *MetadataAuthor `json:"author,omitempty"` - // Etag of the azure resource - Etag *string `json:"etag,omitempty"` + // Categories for the solution content item + Categories *MetadataCategories `json:"categories,omitempty"` - // MCAS (Microsoft Cloud App Security) data connector properties. - Properties *MCASDataConnectorProperties `json:"properties,omitempty"` + // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for + // out of the box content and solutions. Dynamic for user-created. This is the + // resource name + ContentID *string `json:"contentId,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // Schema version of the content. Can be used to distinguish between different flow based on the schema version + ContentSchemaVersion *string `json:"contentSchemaVersion,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The custom version of the content. A optional free text + CustomVersion *string `json:"customVersion,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies + // using a recursive/nested structure. For a single dependency an id/kind/version + // can be supplied or operator/criteria for complex formats. + Dependencies *MetadataDependencies `json:"dependencies,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` -} + // first publish date solution content item + FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"` -// GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector. -func (m *MCASDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Kind: m.Kind, - Etag: m.Etag, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, - } -} + // the icon identifier. this id can later be fetched from the solution template + Icon *string `json:"icon,omitempty"` -// MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector. -type MCASDataConnectorDataTypes struct { - // Alerts data type connection. - Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` + // The kind of content the metadata is for. + Kind *Kind `json:"kind,omitempty"` - // Discovery log data type connection. - DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"` -} + // last publish date for the solution content item + LastPublishDate *time.Time `json:"lastPublishDate,omitempty"` -// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. -type MCASDataConnectorProperties struct { - // The available data types for the connector. - DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` + // Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription + // and resource group) + ParentID *string `json:"parentId,omitempty"` - // The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` -} + // preview image file names. These will be taken from the solution artifacts + PreviewImages []*string `json:"previewImages,omitempty"` -// MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. -type MDATPDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind `json:"kind,omitempty"` + // preview image file names. These will be taken from the solution artifacts. used for dark theme support + PreviewImagesDark []*string `json:"previewImagesDark,omitempty"` - // Etag of the azure resource - Etag *string `json:"etag,omitempty"` + // Providers for the solution content item + Providers []*string `json:"providers,omitempty"` - // MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - Properties *MDATPDataConnectorProperties `json:"properties,omitempty"` + // Source of the content. This is where/how it was created. + Source *MetadataSource `json:"source,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // Support information for the metadata - type, name, contact information + Support *MetadataSupport `json:"support,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // the tactics the resource covers + ThreatAnalysisTactics []*string `json:"threatAnalysisTactics,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string `json:"threatAnalysisTechniques,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` + // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + Version *string `json:"version,omitempty"` } -// GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector. -func (m *MDATPDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Kind: m.Kind, - Etag: m.Etag, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, - } +// MetadataSource - The original source of the content item, where it comes from. +type MetadataSource struct { + // REQUIRED; Source type of the content + Kind *SourceKind `json:"kind,omitempty"` + + // Name of the content source. The repo name, solution name, LA workspace name etc. + Name *string `json:"name,omitempty"` + + // ID of the content source. The solution ID, workspace ID, etc + SourceID *string `json:"sourceId,omitempty"` } -// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. -type MDATPDataConnectorProperties struct { - // The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +// MetadataSupport - Support information for the content item. +type MetadataSupport struct { + // REQUIRED; Type of support for content item + Tier *SupportTier `json:"tier,omitempty"` - // The tenant id to connect to, and get the data from. - TenantID *string `json:"tenantId,omitempty"` + // Email of support contact + Email *string `json:"email,omitempty"` + + // Link for support help, like to support page to open a ticket etc. + Link *string `json:"link,omitempty"` + + // Name of the support contact. Company or person. + Name *string `json:"name,omitempty"` } -// MailClusterEntity - Represents a mail cluster entity. -type MailClusterEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule. +type MicrosoftSecurityIncidentCreationAlertRule struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` - // Mail cluster entity properties - Properties *MailClusterEntityProperties `json:"properties,omitempty"` + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // MicrosoftSecurityIncidentCreation rule properties + Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -2175,10 +5547,11 @@ type MailClusterEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type MailClusterEntity. -func (m *MailClusterEntity) GetEntity() *Entity { - return &Entity{ +// GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule. +func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule { + return &AlertRule{ Kind: m.Kind, + Etag: m.Etag, ID: m.ID, Name: m.Name, Type: m.Type, @@ -2186,68 +5559,58 @@ func (m *MailClusterEntity) GetEntity() *Entity { } } -// MailClusterEntityProperties - Mail cluster entity property bag. -type MailClusterEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` - - // READ-ONLY; The cluster group - ClusterGroup *string `json:"clusterGroup,omitempty" azure:"ro"` - - // READ-ONLY; The cluster query end time - ClusterQueryEndTime *time.Time `json:"clusterQueryEndTime,omitempty" azure:"ro"` - - // READ-ONLY; The cluster query start time - ClusterQueryStartTime *time.Time `json:"clusterQueryStartTime,omitempty" azure:"ro"` - - // READ-ONLY; The id of the cluster source - ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty" azure:"ro"` - - // READ-ONLY; The type of the cluster source - ClusterSourceType *string `json:"clusterSourceType,omitempty" azure:"ro"` +// MicrosoftSecurityIncidentCreationAlertRuleCommonProperties - MicrosoftSecurityIncidentCreation rule common property bag. +type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { + // REQUIRED; The alerts' productName on which the cases will be generated + ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` - // READ-ONLY; Count of mail messages by DeliveryStatus string representation - CountByDeliveryStatus interface{} `json:"countByDeliveryStatus,omitempty" azure:"ro"` + // the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` - // READ-ONLY; Count of mail messages by ProtectionStatus string representation - CountByProtectionStatus interface{} `json:"countByProtectionStatus,omitempty" azure:"ro"` + // the alerts' displayNames on which the cases will be generated + DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` - // READ-ONLY; Count of mail messages by ThreatType string representation - CountByThreatType interface{} `json:"countByThreatType,omitempty" azure:"ro"` + // the alerts' severities on which the cases will be generated + SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` +} - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` +// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag. +type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { + // REQUIRED; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` - // READ-ONLY; Is this a volume anomaly mail cluster - IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty" azure:"ro"` + // REQUIRED; Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` - // READ-ONLY; The number of mail messages that are part of the mail cluster - MailCount *int32 `json:"mailCount,omitempty" azure:"ro"` + // REQUIRED; The alerts' productName on which the cases will be generated + ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` - // READ-ONLY; The mail message IDs that are part of the mail cluster - NetworkMessageIDs []*string `json:"networkMessageIds,omitempty" azure:"ro"` + // The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` - // READ-ONLY; The query that was used to identify the messages of the mail cluster - Query *string `json:"query,omitempty" azure:"ro"` + // The description of the alert rule. + Description *string `json:"description,omitempty"` - // READ-ONLY; The query time - QueryTime *time.Time `json:"queryTime,omitempty" azure:"ro"` + // the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` - // READ-ONLY; The source of the mail cluster (default is 'O365 ATP') - Source *string `json:"source,omitempty" azure:"ro"` + // the alerts' displayNames on which the cases will be generated + DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` - // READ-ONLY; The threats of mail messages that are part of the mail cluster - Threats []*string `json:"threats,omitempty" azure:"ro"` -} + // the alerts' severities on which the cases will be generated + SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` -// MailMessageEntity - Represents a mail message entity. -type MailMessageEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + // READ-ONLY; The last time that this alert has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` +} - // Mail message entity properties - Properties *MailMessageEntityProperties `json:"properties,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template. +type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // MicrosoftSecurityIncidentCreation rule template properties + Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -2262,9 +5625,9 @@ type MailMessageEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type MailMessageEntity. -func (m *MailMessageEntity) GetEntity() *Entity { - return &Entity{ +// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { + return &AlertRuleTemplate{ Kind: m.Kind, ID: m.ID, Name: m.Name, @@ -2273,99 +5636,152 @@ func (m *MailMessageEntity) GetEntity() *Entity { } } -// MailMessageEntityProperties - Mail message entity property bag. -type MailMessageEntityProperties struct { - // The directionality of this mail message - AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"` +// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties +type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // The bodyFingerprintBin1 - BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"` + // The description of the alert rule template. + Description *string `json:"description,omitempty"` - // The bodyFingerprintBin2 - BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"` + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` - // The bodyFingerprintBin3 - BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"` + // the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` - // The bodyFingerprintBin4 - BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"` + // the alerts' displayNames on which the cases will be generated + DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` - // The bodyFingerprintBin5 - BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"` + // The alerts' productName on which the cases will be generated + ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` - // The delivery action of this mail message like Delivered, Blocked, Replaced etc - DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"` + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` - // The delivery location of this mail message like Inbox, JunkFolder etc - DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"` + // the alerts' severities on which the cases will be generated + SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` - // READ-ONLY; The File entity ids of this mail message's attachments - FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} - // READ-ONLY; The internet message id of this mail message - InternetMessageID *string `json:"internetMessageId,omitempty" azure:"ro"` +// MtpCheckRequirements - Represents MTP (Microsoft Threat Protection) requirements check request. +type MtpCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` - // READ-ONLY; The language of this mail message - Language *string `json:"language,omitempty" azure:"ro"` + // MTP (Microsoft Threat Protection) requirements check properties. + Properties *MTPCheckRequirementsProperties `json:"properties,omitempty"` +} - // READ-ONLY; The network message id of this mail message - NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"` +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MtpCheckRequirements. +func (m *MtpCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: m.Kind, + } +} - // READ-ONLY; The p1 sender's email address - P1Sender *string `json:"p1Sender,omitempty" azure:"ro"` +// NrtAlertRule - Represents NRT alert rule. +type NrtAlertRule struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` - // READ-ONLY; The p1 sender's display name - P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty" azure:"ro"` + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` - // READ-ONLY; The p1 sender's domain - P1SenderDomain *string `json:"p1SenderDomain,omitempty" azure:"ro"` + // NRT alert rule properties + Properties *NrtAlertRuleProperties `json:"properties,omitempty"` - // READ-ONLY; The p2 sender's email address - P2Sender *string `json:"p2Sender,omitempty" azure:"ro"` + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` - // READ-ONLY; The p2 sender's display name - P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty" azure:"ro"` + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` - // READ-ONLY; The p2 sender's domain - P2SenderDomain *string `json:"p2SenderDomain,omitempty" azure:"ro"` + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` - // READ-ONLY; The receive date of this message - ReceiveDate *time.Time `json:"receiveDate,omitempty" azure:"ro"` + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} - // READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and - // each copy has one recipient - Recipient *string `json:"recipient,omitempty" azure:"ro"` +// GetAlertRule implements the AlertRuleClassification interface for type NrtAlertRule. +func (n *NrtAlertRule) GetAlertRule() *AlertRule { + return &AlertRule{ + Kind: n.Kind, + Etag: n.Etag, + ID: n.ID, + Name: n.Name, + Type: n.Type, + SystemData: n.SystemData, + } +} - // READ-ONLY; The sender's IP address - SenderIP *string `json:"senderIP,omitempty" azure:"ro"` +// NrtAlertRuleProperties - Nrt alert rule base property bag. +type NrtAlertRuleProperties struct { + // REQUIRED; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` - // READ-ONLY; The subject of this mail message - Subject *string `json:"subject,omitempty" azure:"ro"` + // REQUIRED; Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` - // READ-ONLY; The threat detection methods - ThreatDetectionMethods []*string `json:"threatDetectionMethods,omitempty" azure:"ro"` + // REQUIRED; The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` - // READ-ONLY; The threats of this mail message - Threats []*string `json:"threats,omitempty" azure:"ro"` + // REQUIRED; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` - // READ-ONLY; The Urls contained in this mail message - Urls []*string `json:"urls,omitempty" azure:"ro"` + // REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + + // REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + + // The alert details override settings + AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` + + // The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + + // Dictionary of string key-value pairs of columns to be attached to the alert + CustomDetails map[string]*string `json:"customDetails,omitempty"` + + // The description of the alert rule. + Description *string `json:"description,omitempty"` + + // Array of the entity mappings of the alert rule + EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` + + // The settings of the incidents that created from alerts triggered by this analytics rule + IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` + + // The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + + // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 + TemplateVersion *string `json:"templateVersion,omitempty"` + + // READ-ONLY; The last time that this alert rule has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` } -// MailboxEntity - Represents a mailbox entity. -type MailboxEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` +// NrtAlertRuleTemplate - Represents NRT alert rule template. +type NrtAlertRuleTemplate struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` - // Mailbox entity properties - Properties *MailboxEntityProperties `json:"properties,omitempty"` + // NRT alert rule template properties + Properties *NrtAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -2380,104 +5796,109 @@ type MailboxEntity struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetEntity implements the EntityClassification interface for type MailboxEntity. -func (m *MailboxEntity) GetEntity() *Entity { - return &Entity{ - Kind: m.Kind, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, +// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type NrtAlertRuleTemplate. +func (n *NrtAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { + return &AlertRuleTemplate{ + Kind: n.Kind, + ID: n.ID, + Name: n.Name, + Type: n.Type, + SystemData: n.SystemData, } } -// MailboxEntityProperties - Mailbox entity property bag. -type MailboxEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` +// NrtAlertRuleTemplateProperties - NRT alert rule template properties +type NrtAlertRuleTemplateProperties struct { + // The alert details override settings + AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` - // READ-ONLY; The mailbox's display name - DisplayName *string `json:"displayName,omitempty" azure:"ro"` + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` - // READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox - // object on office side - ExternalDirectoryObjectID *string `json:"externalDirectoryObjectId,omitempty" azure:"ro"` + // Dictionary of string key-value pairs of columns to be attached to the alert + CustomDetails map[string]*string `json:"customDetails,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // The description of the alert rule template. + Description *string `json:"description,omitempty"` - // READ-ONLY; The mailbox's primary address - MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty" azure:"ro"` + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` - // READ-ONLY; The mailbox's UPN - Upn *string `json:"upn,omitempty" azure:"ro"` -} + // Array of the entity mappings of the alert rule + EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` -// MalwareEntity - Represents a malware entity. -type MalwareEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + // The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` - // File entity properties - Properties *MalwareEntityProperties `json:"properties,omitempty"` + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string `json:"id,omitempty" azure:"ro"` + // The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` - // READ-ONLY; The name of the resource - Name *string `json:"name,omitempty" azure:"ro"` + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + // The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty"` - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string `json:"type,omitempty" azure:"ro"` -} + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` -// GetEntity implements the EntityClassification interface for type MalwareEntity. -func (m *MalwareEntity) GetEntity() *Entity { - return &Entity{ - Kind: m.Kind, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, - } -} + // The version of this template - in format , where all are numbers. For example . + Version *string `json:"version,omitempty"` -// MalwareEntityProperties - Malware entity property bag. -type MalwareEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` - // READ-ONLY; The malware category by the vendor, e.g. Trojan - Category *string `json:"category,omitempty" azure:"ro"` + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} - // READ-ONLY; List of linked file entity identifiers on which the malware was found - FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` +// Office365ProjectCheckRequirements - Represents Office365 Project requirements check request. +type Office365ProjectCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` + // Office365 Project requirements check properties. + Properties *Office365ProjectCheckRequirementsProperties `json:"properties,omitempty"` +} - // READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn - MalwareName *string `json:"malwareName,omitempty" azure:"ro"` +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Office365ProjectCheckRequirements. +func (o *Office365ProjectCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: o.Kind, + } +} + +// Office365ProjectCheckRequirementsProperties - Office365 Project requirements check properties. +type Office365ProjectCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} - // READ-ONLY; List of linked process entity identifiers on which the malware was found. - ProcessEntityIDs []*string `json:"processEntityIds,omitempty" azure:"ro"` +// Office365ProjectConnectorDataTypes - The available data types for Office Microsoft Project data connector. +type Office365ProjectConnectorDataTypes struct { + // REQUIRED; Logs data type. + Logs *Office365ProjectConnectorDataTypesLogs `json:"logs,omitempty"` } -// MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule. -type MicrosoftSecurityIncidentCreationAlertRule struct { - // REQUIRED; The alert rule kind - Kind *AlertRuleKind `json:"kind,omitempty"` +// Office365ProjectConnectorDataTypesLogs - Logs data type. +type Office365ProjectConnectorDataTypesLogs struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} + +// Office365ProjectDataConnector - Represents Office Microsoft Project data connector. +type Office365ProjectDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` - // MicrosoftSecurityIncidentCreation rule properties - Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` + // Office Microsoft Project data connector properties. + Properties *Office365ProjectDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -2492,70 +5913,59 @@ type MicrosoftSecurityIncidentCreationAlertRule struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule. -func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule { - return &AlertRule{ - Kind: m.Kind, - Etag: m.Etag, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, +// GetDataConnector implements the DataConnectorClassification interface for type Office365ProjectDataConnector. +func (o *Office365ProjectDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: o.Kind, + Etag: o.Etag, + ID: o.ID, + Name: o.Name, + Type: o.Type, + SystemData: o.SystemData, } } -// MicrosoftSecurityIncidentCreationAlertRuleCommonProperties - MicrosoftSecurityIncidentCreation rule common property bag. -type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { - // REQUIRED; The alerts' productName on which the cases will be generated - ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` - - // the alerts' displayNames on which the cases will not be generated - DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` - - // the alerts' displayNames on which the cases will be generated - DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` +// Office365ProjectDataConnectorProperties - Office Microsoft Project data connector properties. +type Office365ProjectDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *Office365ProjectConnectorDataTypes `json:"dataTypes,omitempty"` - // the alerts' severities on which the cases will be generated - SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag. -type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { - // REQUIRED; The display name for alerts created by this alert rule. - DisplayName *string `json:"displayName,omitempty"` - - // REQUIRED; Determines whether this alert rule is enabled or disabled. - Enabled *bool `json:"enabled,omitempty"` - - // REQUIRED; The alerts' productName on which the cases will be generated - ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` - - // The Name of the alert rule template used to create this rule. - AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` - - // The description of the alert rule. - Description *string `json:"description,omitempty"` - - // the alerts' displayNames on which the cases will not be generated - DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` +// OfficeATPCheckRequirements - Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. +type OfficeATPCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` - // the alerts' displayNames on which the cases will be generated - DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` + // OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. + Properties *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` +} - // the alerts' severities on which the cases will be generated - SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeATPCheckRequirements. +func (o *OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: o.Kind, + } +} - // READ-ONLY; The last time that this alert has been modified. - LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` +// OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. +type OfficeATPCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` } -// MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template. -type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { - // REQUIRED; The alert rule kind - Kind *AlertRuleKind `json:"kind,omitempty"` +// OfficeATPDataConnector - Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +type OfficeATPDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` - // MicrosoftSecurityIncidentCreation rule template properties - Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // OfficeATP (Office 365 Advanced Threat Protection) data connector properties. + Properties *OfficeATPDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` @@ -2570,51 +5980,76 @@ type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { Type *string `json:"type,omitempty" azure:"ro"` } -// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. -func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { - return &AlertRuleTemplate{ - Kind: m.Kind, - ID: m.ID, - Name: m.Name, - Type: m.Type, - SystemData: m.SystemData, +// GetDataConnector implements the DataConnectorClassification interface for type OfficeATPDataConnector. +func (o *OfficeATPDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: o.Kind, + Etag: o.Etag, + ID: o.ID, + Name: o.Name, + Type: o.Type, + SystemData: o.SystemData, } } -// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties -type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { - // REQUIRED; The alerts' productName on which the cases will be generated - ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` +// OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. +type OfficeATPDataConnectorProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` - // the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} - // The description of the alert rule template. - Description *string `json:"description,omitempty"` +// OfficeConsent - Consent for Office365 tenant that already made. +type OfficeConsent struct { + // Office consent properties + Properties *OfficeConsentProperties `json:"properties,omitempty"` - // The display name for alert rule template. - DisplayName *string `json:"displayName,omitempty"` + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` - // the alerts' displayNames on which the cases will not be generated - DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` - // the alerts' displayNames on which the cases will be generated - DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` - // The required data connectors for this template - RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} - // the alerts' severities on which the cases will be generated - SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` +// OfficeConsentList - List of all the office365 consents. +type OfficeConsentList struct { + // REQUIRED; Array of the consents. + Value []*OfficeConsent `json:"value,omitempty"` - // The alert rule template status. - Status *TemplateStatus `json:"status,omitempty"` + // READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} - // READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` +// OfficeConsentProperties - Consent property bag. +type OfficeConsentProperties struct { + // Help to easily cascade among the data layers. + ConsentID *string `json:"consentId,omitempty"` - // READ-ONLY; The time that this alert rule template was last updated. - LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` + // The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method. +type OfficeConsentsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method. +type OfficeConsentsClientGetOptions struct { + // placeholder for future optional parameters +} + +// OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method. +type OfficeConsentsClientListOptions struct { + // placeholder for future optional parameters } // OfficeDataConnector - Represents office data connector. @@ -2655,40 +6090,186 @@ func (o *OfficeDataConnector) GetDataConnector() *DataConnector { // OfficeDataConnectorDataTypes - The available data types for office data connector. type OfficeDataConnectorDataTypes struct { - // Exchange data type connection. + // REQUIRED; Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` - // SharePoint data type connection. + // REQUIRED; SharePoint data type connection. SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` - // Teams data type connection. + // REQUIRED; Teams data type connection. Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` } // OfficeDataConnectorDataTypesExchange - Exchange data type connection. type OfficeDataConnectorDataTypesExchange struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } // OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection. type OfficeDataConnectorDataTypesSharePoint struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } // OfficeDataConnectorDataTypesTeams - Teams data type connection. type OfficeDataConnectorDataTypesTeams struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } // OfficeDataConnectorProperties - Office data connector properties. type OfficeDataConnectorProperties struct { - // The available data types for the connector. + // REQUIRED; The available data types for the connector. DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` - // The tenant id to connect to, and get the data from. + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeIRMCheckRequirements - Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. +type OfficeIRMCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // OfficeIRM (Microsoft Insider Risk Management) requirements check properties. + Properties *OfficeIRMCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeIRMCheckRequirements. +func (o *OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: o.Kind, + } +} + +// OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties. +type OfficeIRMCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficeIRMDataConnector - Represents OfficeIRM (Microsoft Insider Risk Management) data connector. +type OfficeIRMDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // OfficeIRM (Microsoft Insider Risk Management) data connector properties. + Properties *OfficeIRMDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type OfficeIRMDataConnector. +func (o *OfficeIRMDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: o.Kind, + Etag: o.Etag, + ID: o.ID, + Name: o.Name, + Type: o.Type, + SystemData: o.SystemData, + } +} + +// OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties. +type OfficeIRMDataConnectorProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + + // The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// OfficePowerBICheckRequirements - Represents Office PowerBI requirements check request. +type OfficePowerBICheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Office Power BI requirements check properties. + Properties *OfficePowerBICheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficePowerBICheckRequirements. +func (o *OfficePowerBICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: o.Kind, + } +} + +// OfficePowerBICheckRequirementsProperties - Office PowerBI requirements check properties. +type OfficePowerBICheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// OfficePowerBIConnectorDataTypes - The available data types for Office Microsoft PowerBI data connector. +type OfficePowerBIConnectorDataTypes struct { + // REQUIRED; Logs data type. + Logs *OfficePowerBIConnectorDataTypesLogs `json:"logs,omitempty"` +} + +// OfficePowerBIConnectorDataTypesLogs - Logs data type. +type OfficePowerBIConnectorDataTypesLogs struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} + +// OfficePowerBIDataConnector - Represents Office Microsoft PowerBI data connector. +type OfficePowerBIDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Office Microsoft PowerBI data connector properties. + Properties *OfficePowerBIDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type OfficePowerBIDataConnector. +func (o *OfficePowerBIDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: o.Kind, + Etag: o.Etag, + ID: o.ID, + Name: o.Name, + Type: o.Type, + SystemData: o.SystemData, + } +} + +// OfficePowerBIDataConnectorProperties - Office Microsoft PowerBI data connector properties. +type OfficePowerBIDataConnectorProperties struct { + // REQUIRED; The available data types for the connector. + DataTypes *OfficePowerBIConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` } @@ -2727,27 +6308,61 @@ type OperationsClientListOptions struct { // placeholder for future optional parameters } -// OperationsList - Lists the operations available in the SecurityInsights RP. -type OperationsList struct { - // REQUIRED; Array of operations - Value []*Operation `json:"value,omitempty"` +// OperationsList - Lists the operations available in the SecurityInsights RP. +type OperationsList struct { + // REQUIRED; Array of operations + Value []*Operation `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// Permissions required for the connector +type Permissions struct { + // Customs permissions required for the connector + Customs []*PermissionsCustomsItem `json:"customs,omitempty"` + + // Resource provider permissions required for the connector + ResourceProvider []*PermissionsResourceProviderItem `json:"resourceProvider,omitempty"` +} + +type PermissionsCustomsItem struct { + // Customs permissions description + Description *string `json:"description,omitempty"` + + // Customs permissions name + Name *string `json:"name,omitempty"` +} + +type PermissionsResourceProviderItem struct { + // Permission description text + PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"` - // READ-ONLY; URL to fetch the next set of operations. - NextLink *string `json:"nextLink,omitempty" azure:"ro"` + // Provider name + Provider *ProviderName `json:"provider,omitempty"` + + // Permission provider display name + ProviderDisplayName *string `json:"providerDisplayName,omitempty"` + + // Required permissions for the connector + RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"` + + // Permission provider scope + Scope *PermissionProviderScope `json:"scope,omitempty"` } type PlaybookActionProperties struct { - // REQUIRED; The resource id of the playbook resource + // The resource id of the playbook resource. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` - // The tenant id of the playbook resource + // The tenant id of the playbook resource. TenantID *string `json:"tenantId,omitempty"` } // ProcessEntity - Represents a process entity. type ProcessEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // Process entity properties Properties *ProcessEntityProperties `json:"properties,omitempty"` @@ -2813,6 +6428,55 @@ type ProcessEntityProperties struct { ProcessID *string `json:"processId,omitempty" azure:"ro"` } +// ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method. +type ProductSettingsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method. +type ProductSettingsClientGetOptions struct { + // placeholder for future optional parameters +} + +// ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method. +type ProductSettingsClientListOptions struct { + // placeholder for future optional parameters +} + +// ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method. +type ProductSettingsClientUpdateOptions struct { + // placeholder for future optional parameters +} + +// PropertyArrayChangedConditionProperties - Describes an automation rule condition that evaluates an array property's value +// change +type PropertyArrayChangedConditionProperties struct { + // REQUIRED + ConditionType *ConditionType `json:"conditionType,omitempty"` + ConditionProperties *AutomationRulePropertyArrayChangedValuesCondition `json:"conditionProperties,omitempty"` +} + +// GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyArrayChangedConditionProperties. +func (p *PropertyArrayChangedConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition { + return &AutomationRuleCondition{ + ConditionType: p.ConditionType, + } +} + +// PropertyChangedConditionProperties - Describes an automation rule condition that evaluates a property's value change +type PropertyChangedConditionProperties struct { + // REQUIRED + ConditionType *ConditionType `json:"conditionType,omitempty"` + ConditionProperties *AutomationRulePropertyValuesChangedCondition `json:"conditionProperties,omitempty"` +} + +// GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyChangedConditionProperties. +func (p *PropertyChangedConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition { + return &AutomationRuleCondition{ + ConditionType: p.ConditionType, + } +} + // PropertyConditionProperties - Describes an automation rule condition that evaluates a property's value type PropertyConditionProperties struct { // REQUIRED @@ -2827,10 +6491,31 @@ func (p *PropertyConditionProperties) GetAutomationRuleCondition() *AutomationRu } } +// QueryBasedAlertRuleTemplateProperties - Query based alert rule template base property bag. +type QueryBasedAlertRuleTemplateProperties struct { + // The alert details override settings + AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` + + // Dictionary of string key-value pairs of columns to be attached to the alert + CustomDetails map[string]*string `json:"customDetails,omitempty"` + + // Array of the entity mappings of the alert rule + EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` + + // The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + + // The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` + + // The version of this template - in format , where all are numbers. For example . + Version *string `json:"version,omitempty"` +} + // RegistryKeyEntity - Represents a registry key entity. type RegistryKeyEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // RegistryKey entity properties Properties *RegistryKeyEntityProperties `json:"properties,omitempty"` @@ -2878,7 +6563,7 @@ type RegistryKeyEntityProperties struct { // RegistryValueEntity - Represents a registry value entity. type RegistryValueEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // RegistryKey entity properties Properties *RegistryValueEntityProperties `json:"properties,omitempty"` @@ -2975,6 +6660,72 @@ type RelationProperties struct { RelatedResourceType *string `json:"relatedResourceType,omitempty" azure:"ro"` } +// Repo - Represents a repository. +type Repo struct { + // Array of branches. + Branches []*string `json:"branches,omitempty"` + + // The name of the repository. + FullName *string `json:"fullName,omitempty"` + + // The url to access the repository. + URL *string `json:"url,omitempty"` +} + +// RepoList - List all the source controls. +type RepoList struct { + // REQUIRED; Array of repositories. + Value []*Repo `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of repositories. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// Repository - metadata of a repository. +type Repository struct { + // Branch name of repository. + Branch *string `json:"branch,omitempty"` + + // Url to access repository action logs. + DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"` + + // Display url of repository. + DisplayURL *string `json:"displayUrl,omitempty"` + + // Dictionary of source control content type and path mapping. + PathMapping []*ContentPathMap `json:"pathMapping,omitempty"` + + // Url of repository. + URL *string `json:"url,omitempty"` +} + +// RepositoryResourceInfo - Resources created in user's repository for the source-control. +type RepositoryResourceInfo struct { + // Resources created in Azure DevOps for this source-control. + AzureDevOpsResourceInfo *AzureDevOpsResourceInfo `json:"azureDevOpsResourceInfo,omitempty"` + + // Resources created in GitHub for this source-control. + GitHubResourceInfo *GitHubResourceInfo `json:"gitHubResourceInfo,omitempty"` + + // The webhook object created for the source-control. + Webhook *Webhook `json:"webhook,omitempty"` +} + +// RequiredPermissions - Required permissions for the connector +type RequiredPermissions struct { + // action permission + Action *bool `json:"action,omitempty"` + + // delete permission + Delete *bool `json:"delete,omitempty"` + + // read permission + Read *bool `json:"read,omitempty"` + + // write permission + Write *bool `json:"write,omitempty"` +} + // Resource - Common fields that are returned in the response for all Azure Resource Manager resources type Resource struct { // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} @@ -2990,6 +6741,24 @@ type Resource struct { Type *string `json:"type,omitempty" azure:"ro"` } +// ResourceProvider - Resource provider permissions required for the connector +type ResourceProvider struct { + // Permission description text + PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"` + + // Provider name + Provider *ProviderName `json:"provider,omitempty"` + + // Permission provider display name + ProviderDisplayName *string `json:"providerDisplayName,omitempty"` + + // Required permissions for the connector + RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"` + + // Permission provider scope + Scope *PermissionProviderScope `json:"scope,omitempty"` +} + // ResourceWithEtag - An azure resource object with an Etag property type ResourceWithEtag struct { // Etag of the azure resource @@ -3008,9 +6777,18 @@ type ResourceWithEtag struct { Type *string `json:"type,omitempty" azure:"ro"` } +// SampleQueries - The sample queries for the connector +type SampleQueries struct { + // The sample query description + Description *string `json:"description,omitempty"` + + // the sample query + Query *string `json:"query,omitempty"` +} + // ScheduledAlertRule - Represents scheduled alert rule. type ScheduledAlertRule struct { - // REQUIRED; The alert rule kind + // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource @@ -3127,6 +6905,9 @@ type ScheduledAlertRuleProperties struct { // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 TemplateVersion *string `json:"templateVersion,omitempty"` @@ -3142,7 +6923,7 @@ type ScheduledAlertRuleProperties struct { // ScheduledAlertRuleTemplate - Represents scheduled alert rule template. type ScheduledAlertRuleTemplate struct { - // REQUIRED; The alert rule kind + // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Scheduled alert rule template properties @@ -3216,6 +6997,9 @@ type ScheduledAlertRuleTemplateProperties struct { // The tactics of the alert rule template Tactics []*AttackTactic `json:"tactics,omitempty"` + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + // The operation against the threshold that triggers alert rule. TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` @@ -3235,7 +7019,7 @@ type ScheduledAlertRuleTemplateProperties struct { // SecurityAlert - Represents a security alert entity. type SecurityAlert struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // SecurityAlert entity properties Properties *SecurityAlertProperties `json:"properties,omitempty"` @@ -3359,10 +7143,50 @@ type SecurityAlertPropertiesConfidenceReasonsItem struct { ReasonType *string `json:"reasonType,omitempty" azure:"ro"` } +// SecurityAlertTimelineItem - Represents security alert timeline item. +type SecurityAlertTimelineItem struct { + // REQUIRED; The name of the alert type. + AlertType *string `json:"alertType,omitempty"` + + // REQUIRED; The alert azure resource id. + AzureResourceID *string `json:"azureResourceId,omitempty"` + + // REQUIRED; The alert name. + DisplayName *string `json:"displayName,omitempty"` + + // REQUIRED; The alert end time. + EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"` + + // REQUIRED; The entity query kind type. + Kind *EntityTimelineKind `json:"kind,omitempty"` + + // REQUIRED; The alert severity. + Severity *AlertSeverity `json:"severity,omitempty"` + + // REQUIRED; The alert start time. + StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"` + + // REQUIRED; The alert generated time. + TimeGenerated *time.Time `json:"timeGenerated,omitempty"` + + // The alert description. + Description *string `json:"description,omitempty"` + + // The alert product name. + ProductName *string `json:"productName,omitempty"` +} + +// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type SecurityAlertTimelineItem. +func (s *SecurityAlertTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { + return &EntityTimelineItem{ + Kind: s.Kind, + } +} + // SecurityGroupEntity - Represents a security group entity. type SecurityGroupEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // SecurityGroup entity properties Properties *SecurityGroupEntityProperties `json:"properties,omitempty"` @@ -3410,6 +7234,83 @@ type SecurityGroupEntityProperties struct { Sid *string `json:"sid,omitempty" azure:"ro"` } +// SecurityMLAnalyticsSettingClassification provides polymorphic access to related types. +// Call the interface's GetSecurityMLAnalyticsSetting() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *AnomalySecurityMLAnalyticsSettings, *SecurityMLAnalyticsSetting +type SecurityMLAnalyticsSettingClassification interface { + // GetSecurityMLAnalyticsSetting returns the SecurityMLAnalyticsSetting content of the underlying type. + GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting +} + +// SecurityMLAnalyticsSetting - Security ML Analytics Setting +type SecurityMLAnalyticsSetting struct { + // REQUIRED; The kind of security ML Analytics Settings + Kind *SecurityMLAnalyticsSettingsKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSecurityMLAnalyticsSetting implements the SecurityMLAnalyticsSettingClassification interface for type SecurityMLAnalyticsSetting. +func (s *SecurityMLAnalyticsSetting) GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting { + return s +} + +// SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.CreateOrUpdate +// method. +type SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// SecurityMLAnalyticsSettingsClientDeleteOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Delete +// method. +type SecurityMLAnalyticsSettingsClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// SecurityMLAnalyticsSettingsClientGetOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Get +// method. +type SecurityMLAnalyticsSettingsClientGetOptions struct { + // placeholder for future optional parameters +} + +// SecurityMLAnalyticsSettingsClientListOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.List +// method. +type SecurityMLAnalyticsSettingsClientListOptions struct { + // placeholder for future optional parameters +} + +// SecurityMLAnalyticsSettingsDataSource - security ml analytics settings data sources +type SecurityMLAnalyticsSettingsDataSource struct { + // The connector id that provides the following data types + ConnectorID *string `json:"connectorId,omitempty"` + + // The data types used by the security ml analytics settings + DataTypes []*string `json:"dataTypes,omitempty"` +} + +// SecurityMLAnalyticsSettingsList - List all the SecurityMLAnalyticsSettings +type SecurityMLAnalyticsSettingsList struct { + // REQUIRED; Array of SecurityMLAnalyticsSettings + Value []SecurityMLAnalyticsSettingClassification `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of SecurityMLAnalyticsSettings. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + // SentinelOnboardingState - Sentinel onboarding state type SentinelOnboardingState struct { // Etag of the azure resource @@ -3431,46 +7332,171 @@ type SentinelOnboardingState struct { Type *string `json:"type,omitempty" azure:"ro"` } -// SentinelOnboardingStateProperties - The Sentinel onboarding state properties -type SentinelOnboardingStateProperties struct { - // Flag that indicates the status of the CMK setting - CustomerManagedKey *bool `json:"customerManagedKey,omitempty"` -} +// SentinelOnboardingStateProperties - The Sentinel onboarding state properties +type SentinelOnboardingStateProperties struct { + // Flag that indicates the status of the CMK setting + CustomerManagedKey *bool `json:"customerManagedKey,omitempty"` +} + +// SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create +// method. +type SentinelOnboardingStatesClientCreateOptions struct { + // The Sentinel onboarding state parameter + SentinelOnboardingStateParameter *SentinelOnboardingState +} + +// SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete +// method. +type SentinelOnboardingStatesClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method. +type SentinelOnboardingStatesClientGetOptions struct { + // placeholder for future optional parameters +} + +// SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List +// method. +type SentinelOnboardingStatesClientListOptions struct { + // placeholder for future optional parameters +} + +// SentinelOnboardingStatesList - List of the Sentinel onboarding states +type SentinelOnboardingStatesList struct { + // REQUIRED; Array of Sentinel onboarding states + Value []*SentinelOnboardingState `json:"value,omitempty"` +} + +// SettingList - List of all the settings. +type SettingList struct { + // REQUIRED; Array of settings. + Value []SettingsClassification `json:"value,omitempty"` +} + +// SettingsClassification provides polymorphic access to related types. +// Call the interface's GetSettings() method to access the common type. +// Use a type switch to determine the concrete type. The possible types are: +// - *Anomalies, *EntityAnalytics, *EyesOn, *Settings, *Ueba +type SettingsClassification interface { + // GetSettings returns the Settings content of the underlying type. + GetSettings() *Settings +} + +// Settings - The Setting. +type Settings struct { + // REQUIRED; The kind of the setting + Kind *SettingKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSettings implements the SettingsClassification interface for type Settings. +func (s *Settings) GetSettings() *Settings { return s } + +// SourceControl - Represents a SourceControl in Azure Security Insights. +type SourceControl struct { + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // source control properties + Properties *SourceControlProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories +// method. +type SourceControlClientListRepositoriesOptions struct { + // placeholder for future optional parameters +} + +// SourceControlList - List all the source controls. +type SourceControlList struct { + // REQUIRED; Array of source controls. + Value []*SourceControl `json:"value,omitempty"` + + // READ-ONLY; URL to fetch the next set of source controls. + NextLink *string `json:"nextLink,omitempty" azure:"ro"` +} + +// SourceControlProperties - Describes source control properties +type SourceControlProperties struct { + // REQUIRED; Array of source control content types. + ContentTypes []*ContentType `json:"contentTypes,omitempty"` + + // REQUIRED; The display name of the source control + DisplayName *string `json:"displayName,omitempty"` + + // REQUIRED; The repository type of the source control + RepoType *RepoType `json:"repoType,omitempty"` + + // REQUIRED; Repository metadata. + Repository *Repository `json:"repository,omitempty"` + + // A description of the source control + Description *string `json:"description,omitempty"` + + // The id (a Guid) of the source control + ID *string `json:"id,omitempty"` + + // Information regarding the latest deployment for the source control. + LastDeploymentInfo *DeploymentInfo `json:"lastDeploymentInfo,omitempty"` + + // Information regarding the resources created in user's repository. + RepositoryResourceInfo *RepositoryResourceInfo `json:"repositoryResourceInfo,omitempty"` -// SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create -// method. -type SentinelOnboardingStatesClientCreateOptions struct { - // The Sentinel onboarding state parameter - SentinelOnboardingStateParameter *SentinelOnboardingState + // The version number associated with the source control + Version *Version `json:"version,omitempty"` } -// SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete -// method. -type SentinelOnboardingStatesClientDeleteOptions struct { +// SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method. +type SourceControlsClientCreateOptions struct { // placeholder for future optional parameters } -// SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method. -type SentinelOnboardingStatesClientGetOptions struct { +// SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method. +type SourceControlsClientDeleteOptions struct { // placeholder for future optional parameters } -// SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List -// method. -type SentinelOnboardingStatesClientListOptions struct { +// SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method. +type SourceControlsClientGetOptions struct { // placeholder for future optional parameters } -// SentinelOnboardingStatesList - List of the Sentinel onboarding states -type SentinelOnboardingStatesList struct { - // REQUIRED; Array of Sentinel onboarding states - Value []*SentinelOnboardingState `json:"value,omitempty"` +// SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method. +type SourceControlsClientListOptions struct { + // placeholder for future optional parameters } // SubmissionMailEntity - Represents a submission mail entity. type SubmissionMailEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // Submission mail entity properties Properties *SubmissionMailEntityProperties `json:"properties,omitempty"` @@ -3560,6 +7586,28 @@ type SystemData struct { LastModifiedByType *CreatedByType `json:"lastModifiedByType,omitempty"` } +// TICheckRequirements - Threat Intelligence Platforms data connector check requirements +type TICheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Threat Intelligence Platforms data connector check required properties + Properties *TICheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TICheckRequirements. +func (t *TICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: t.Kind, + } +} + +// TICheckRequirementsProperties - Threat Intelligence Platforms data connector required properties. +type TICheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + // TIDataConnector - Represents threat intelligence data connector. type TIDataConnector struct { // REQUIRED; The data connector kind @@ -3598,28 +7646,61 @@ func (t *TIDataConnector) GetDataConnector() *DataConnector { // TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector. type TIDataConnectorDataTypes struct { - // Data type for indicators connection. + // REQUIRED; Data type for indicators connection. Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` } // TIDataConnectorDataTypesIndicators - Data type for indicators connection. type TIDataConnectorDataTypesIndicators struct { - // Describe whether this data type connection is enabled or not. + // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` } // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. type TIDataConnectorProperties struct { - // The available data types for the connector. + // REQUIRED; The available data types for the connector. DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` - // The tenant id to connect to, and get the data from. + // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The lookback period for the feed to be imported. TipLookbackPeriod *time.Time `json:"tipLookbackPeriod,omitempty"` } +// TeamInformation - Describes team information +type TeamInformation struct { + // READ-ONLY; The description of the team + Description *string `json:"description,omitempty" azure:"ro"` + + // READ-ONLY; The name of the team + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; The primary channel URL of the team + PrimaryChannelURL *string `json:"primaryChannelUrl,omitempty" azure:"ro"` + + // READ-ONLY; The time the team was created + TeamCreationTimeUTC *time.Time `json:"teamCreationTimeUtc,omitempty" azure:"ro"` + + // READ-ONLY; Team ID + TeamID *string `json:"teamId,omitempty" azure:"ro"` +} + +// TeamProperties - Describes team properties +type TeamProperties struct { + // REQUIRED; The name of the team + TeamName *string `json:"teamName,omitempty"` + + // List of group IDs to add their members to the team + GroupIDs []*string `json:"groupIds,omitempty"` + + // List of member IDs to add to the team + MemberIDs []*string `json:"memberIds,omitempty"` + + // The description of the team + TeamDescription *string `json:"teamDescription,omitempty"` +} + // ThreatIntelligence property bag. type ThreatIntelligence struct { // READ-ONLY; Confidence (must be between 0 and 1) @@ -3641,6 +7722,134 @@ type ThreatIntelligence struct { ThreatType *string `json:"threatType,omitempty" azure:"ro"` } +// ThreatIntelligenceAlertRule - Represents Threat Intelligence alert rule. +type ThreatIntelligenceAlertRule struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Threat Intelligence alert rule properties + Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRule implements the AlertRuleClassification interface for type ThreatIntelligenceAlertRule. +func (t *ThreatIntelligenceAlertRule) GetAlertRule() *AlertRule { + return &AlertRule{ + Kind: t.Kind, + Etag: t.Etag, + ID: t.ID, + Name: t.Name, + Type: t.Type, + SystemData: t.SystemData, + } +} + +// ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule base property bag. +type ThreatIntelligenceAlertRuleProperties struct { + // REQUIRED; The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + + // REQUIRED; Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + + // READ-ONLY; The description of the alert rule. + Description *string `json:"description,omitempty" azure:"ro"` + + // READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert has been modified. + LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` + + // READ-ONLY; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` + + // READ-ONLY; The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` + + // READ-ONLY; The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty" azure:"ro"` +} + +// ThreatIntelligenceAlertRuleTemplate - Represents Threat Intelligence alert rule template. +type ThreatIntelligenceAlertRuleTemplate struct { + // REQUIRED; The kind of the alert rule + Kind *AlertRuleKind `json:"kind,omitempty"` + + // Threat Intelligence alert rule template properties + Properties *ThreatIntelligenceAlertRuleTemplateProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ThreatIntelligenceAlertRuleTemplate. +func (t *ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { + return &AlertRuleTemplate{ + Kind: t.Kind, + ID: t.ID, + Name: t.Name, + Type: t.Type, + SystemData: t.SystemData, + } +} + +// ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties +type ThreatIntelligenceAlertRuleTemplateProperties struct { + // REQUIRED; The severity for alerts created by this alert rule. + Severity *AlertSeverity `json:"severity,omitempty"` + + // the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + + // The description of the alert rule template. + Description *string `json:"description,omitempty"` + + // The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + + // The required data sources for this template + RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + + // The alert rule template status. + Status *TemplateStatus `json:"status,omitempty"` + + // The tactics of the alert rule + Tactics []*AttackTactic `json:"tactics,omitempty"` + + // The techniques of the alert rule + Techniques []*string `json:"techniques,omitempty"` + + // READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` + + // READ-ONLY; The last time that this alert rule template has been updated. + LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` +} + // ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator. type ThreatIntelligenceAppendTags struct { // List of tags to be appended. @@ -3770,7 +7979,7 @@ type ThreatIntelligenceIndicatorMetricsClientListOptions struct { // ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity. type ThreatIntelligenceIndicatorModel struct { // REQUIRED; The kind of the entity. - Kind *ThreatIntelligenceResourceInnerKind `json:"kind,omitempty"` + Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` @@ -3924,7 +8133,7 @@ type ThreatIntelligenceInformationClassification interface { // ThreatIntelligenceInformation - Threat intelligence information object. type ThreatIntelligenceInformation struct { // REQUIRED; The kind of the entity. - Kind *ThreatIntelligenceResourceInnerKind `json:"kind,omitempty"` + Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` @@ -4025,13 +8234,149 @@ type ThreatIntelligenceSortingCriteria struct { ItemKey *string `json:"itemKey,omitempty"` // Sorting order (ascending/descending/unsorted). - SortOrder *ThreatIntelligenceSortingOrder `json:"sortOrder,omitempty"` + SortOrder *ThreatIntelligenceSortingCriteriaEnum `json:"sortOrder,omitempty"` +} + +// TiTaxiiCheckRequirements - Threat Intelligence TAXII data connector check requirements +type TiTaxiiCheckRequirements struct { + // REQUIRED; Describes the kind of connector to be checked. + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Threat Intelligence TAXII check required properties. + Properties *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` +} + +// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TiTaxiiCheckRequirements. +func (t *TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { + return &DataConnectorsCheckRequirements{ + Kind: t.Kind, + } +} + +// TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII data connector required properties. +type TiTaxiiCheckRequirementsProperties struct { + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// TiTaxiiDataConnector - Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server +type TiTaxiiDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Threat intelligence TAXII data connector properties. + Properties *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetDataConnector implements the DataConnectorClassification interface for type TiTaxiiDataConnector. +func (t *TiTaxiiDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Kind: t.Kind, + Etag: t.Etag, + ID: t.ID, + Name: t.Name, + Type: t.Type, + SystemData: t.SystemData, + } +} + +// TiTaxiiDataConnectorDataTypes - The available data types for Threat Intelligence TAXII data connector. +type TiTaxiiDataConnectorDataTypes struct { + // REQUIRED; Data type for TAXII connector. + TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` +} + +// TiTaxiiDataConnectorDataTypesTaxiiClient - Data type for TAXII connector. +type TiTaxiiDataConnectorDataTypesTaxiiClient struct { + // REQUIRED; Describe whether this data type connection is enabled or not. + State *DataTypeState `json:"state,omitempty"` +} + +// TiTaxiiDataConnectorProperties - Threat Intelligence TAXII data connector properties. +type TiTaxiiDataConnectorProperties struct { + // REQUIRED; The available data types for Threat Intelligence TAXII data connector. + DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` + + // REQUIRED; The polling frequency for the TAXII server. + PollingFrequency *PollingFrequency `json:"pollingFrequency,omitempty"` + + // REQUIRED; The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + + // The collection id of the TAXII server. + CollectionID *string `json:"collectionId,omitempty"` + + // The friendly name for the TAXII server. + FriendlyName *string `json:"friendlyName,omitempty"` + + // The password for the TAXII server. + Password *string `json:"password,omitempty"` + + // The lookback period for the TAXII server. + TaxiiLookbackPeriod *time.Time `json:"taxiiLookbackPeriod,omitempty"` + + // The API root for the TAXII server. + TaxiiServer *string `json:"taxiiServer,omitempty"` + + // The userName for the TAXII server. + UserName *string `json:"userName,omitempty"` + + // The workspace id. + WorkspaceID *string `json:"workspaceId,omitempty"` +} + +// TimelineAggregation - timeline aggregation information per kind +type TimelineAggregation struct { + // REQUIRED; the total items found for a kind + Count *int32 `json:"count,omitempty"` + + // REQUIRED; the query kind + Kind *EntityTimelineKind `json:"kind,omitempty"` +} + +// TimelineError - Timeline Query Errors. +type TimelineError struct { + // REQUIRED; the error message + ErrorMessage *string `json:"errorMessage,omitempty"` + + // REQUIRED; the query kind + Kind *EntityTimelineKind `json:"kind,omitempty"` + + // the query id + QueryID *string `json:"queryId,omitempty"` +} + +// TimelineResultsMetadata - Expansion result metadata. +type TimelineResultsMetadata struct { + // REQUIRED; timeline aggregation per kind + Aggregations []*TimelineAggregation `json:"aggregations,omitempty"` + + // REQUIRED; the total items found for the timeline request + TotalCount *int32 `json:"totalCount,omitempty"` + + // information about the failure queries + Errors []*TimelineError `json:"errors,omitempty"` } // URLEntity - Represents a url entity. type URLEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKindEnum `json:"kind,omitempty"` + Kind *EntityKind `json:"kind,omitempty"` // Url entity properties Properties *URLEntityProperties `json:"properties,omitempty"` @@ -4073,6 +8418,48 @@ type URLEntityProperties struct { URL *string `json:"url,omitempty" azure:"ro"` } +// Ueba - Settings with single toggle. +type Ueba struct { + // REQUIRED; The kind of the setting + Kind *SettingKind `json:"kind,omitempty"` + + // Etag of the azure resource + Etag *string `json:"etag,omitempty"` + + // Ueba properties + Properties *UebaProperties `json:"properties,omitempty"` + + // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + ID *string `json:"id,omitempty" azure:"ro"` + + // READ-ONLY; The name of the resource + Name *string `json:"name,omitempty" azure:"ro"` + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string `json:"type,omitempty" azure:"ro"` +} + +// GetSettings implements the SettingsClassification interface for type Ueba. +func (u *Ueba) GetSettings() *Settings { + return &Settings{ + Kind: u.Kind, + Etag: u.Etag, + ID: u.ID, + Name: u.Name, + Type: u.Type, + SystemData: u.SystemData, + } +} + +// UebaProperties - Ueba property bag. +type UebaProperties struct { + // The relevant data sources that enriched by ueba + DataSources []*UebaDataSources `json:"dataSources,omitempty"` +} + // UserInfo - User information that made some action type UserInfo struct { // The object id of the user. @@ -4106,7 +8493,7 @@ type Watchlist struct { Type *string `json:"type,omitempty" azure:"ro"` } -// WatchlistItem - Represents a Watchlist Item in Azure Security Insights. +// WatchlistItem - Represents a Watchlist item in Azure Security Insights. type WatchlistItem struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` @@ -4132,14 +8519,14 @@ type WatchlistItemList struct { // REQUIRED; Array of watchlist items. Value []*WatchlistItem `json:"value,omitempty"` - // READ-ONLY; URL to fetch the next set of watchlist items. + // READ-ONLY; URL to fetch the next set of watchlist item. NextLink *string `json:"nextLink,omitempty" azure:"ro"` } // WatchlistItemProperties - Describes watchlist item properties type WatchlistItemProperties struct { // REQUIRED; key-value pairs for a watchlist item - ItemsKeyValue interface{} `json:"itemsKeyValue,omitempty"` + ItemsKeyValue map[string]interface{} `json:"itemsKeyValue,omitempty"` // The time the watchlist item was created Created *time.Time `json:"created,omitempty"` @@ -4148,7 +8535,7 @@ type WatchlistItemProperties struct { CreatedBy *UserInfo `json:"createdBy,omitempty"` // key-value pairs for a watchlist item entity mapping - EntityMapping interface{} `json:"entityMapping,omitempty"` + EntityMapping map[string]interface{} `json:"entityMapping,omitempty"` // A flag that indicates if the watchlist item is deleted or not IsDeleted *bool `json:"isDeleted,omitempty"` @@ -4215,10 +8602,7 @@ type WatchlistProperties struct { // REQUIRED; The provider of the watchlist Provider *string `json:"provider,omitempty"` - // REQUIRED; The source of the watchlist - Source *Source `json:"source,omitempty"` - - // The content type of the raw content. For now, only text/csv is valid + // The content type of the raw content. Example : text/csv or text/tsv ContentType *string `json:"contentType,omitempty"` // The time the watchlist was created @@ -4239,12 +8623,19 @@ type WatchlistProperties struct { // List of labels relevant to this watchlist Labels []*string `json:"labels,omitempty"` - // The number of lines in a csv content to skip before the header + // The number of lines in a csv/tsv content to skip before the header NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"` - // The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2 + // The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the + // file that will parsed by the endpoint RawContent *string `json:"rawContent,omitempty"` + // The filename of the watchlist, called 'source' + Source *string `json:"source,omitempty"` + + // The sourceType of the watchlist + SourceType *SourceType `json:"sourceType,omitempty"` + // The tenantId where the watchlist belongs to TenantID *string `json:"tenantId,omitempty"` @@ -4254,8 +8645,8 @@ type WatchlistProperties struct { // Describes a user that updated the watchlist UpdatedBy *UserInfo `json:"updatedBy,omitempty"` - // The status of the Watchlist upload : New, InProgress or Complete. Note : When a Watchlist upload status is InProgress, - // the Watchlist cannot be deleted + // The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to + // InProgress, the Watchlist cannot be deleted UploadStatus *string `json:"uploadStatus,omitempty"` // The alias of the watchlist @@ -4290,3 +8681,18 @@ type WatchlistsClientListOptions struct { // specifies a starting point to use for subsequent calls. Optional. SkipToken *string } + +// Webhook - Detail about the webhook object. +type Webhook struct { + // A flag to instruct the backend service to rotate webhook secret. + RotateWebhookSecret *bool `json:"rotateWebhookSecret,omitempty"` + + // Unique identifier for the webhook. + WebhookID *string `json:"webhookId,omitempty"` + + // Time when the webhook secret was updated. + WebhookSecretUpdateTime *string `json:"webhookSecretUpdateTime,omitempty"` + + // URL that gets invoked by the webhook. + WebhookURL *string `json:"webhookUrl,omitempty"` +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models_serde.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models_serde.go index e5efea9eb76a..1ff395cfcc16 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models_serde.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_models_serde.go @@ -15,6 +15,37 @@ import ( "reflect" ) +// MarshalJSON implements the json.Marshaller interface for type AADCheckRequirements. +func (a AADCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindAzureActiveDirectory + populate(objectMap, "properties", a.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirements. +func (a *AADCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type AADDataConnector. func (a AADDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -66,6 +97,37 @@ func (a *AADDataConnector) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirements. +func (a AATPCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindAzureAdvancedThreatProtection + populate(objectMap, "properties", a.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirements. +func (a *AATPCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type AATPDataConnector. func (a AATPDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -117,6 +179,37 @@ func (a *AATPDataConnector) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirements. +func (a ASCCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindAzureSecurityCenter + populate(objectMap, "properties", a.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirements. +func (a *ASCCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type ASCDataConnector. func (a ASCDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -172,7 +265,7 @@ func (a *ASCDataConnector) UnmarshalJSON(data []byte) error { func (a AccountEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityKindEnumAccount + objectMap["kind"] = EntityKindAccount populate(objectMap, "name", a.Name) populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) @@ -235,16 +328,21 @@ func (a AccountEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource. -func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ActivityCustomEntityQuery. +func (a ActivityCustomEntityQuery) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "connectorId", a.ConnectorID) - populate(objectMap, "dataTypes", a.DataTypes) + populate(objectMap, "etag", a.Etag) + populate(objectMap, "id", a.ID) + objectMap["kind"] = CustomEntityQueryKindActivity + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList. -func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityCustomEntityQuery. +func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -252,11 +350,26 @@ func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &a.NextLink) + case "etag": + err = unpopulate(val, "Etag", &a.Etag) delete(rawMsg, key) - case "value": - a.Value, err = unmarshalAlertRuleTemplateClassificationArray(val) + case "id": + err = unpopulate(val, "ID", &a.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &a.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -266,8 +379,25 @@ func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { return nil } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList. -func (a *AlertRulesList) UnmarshalJSON(data []byte) error { +// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesProperties. +func (a ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "content", a.Content) + populateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) + populate(objectMap, "description", a.Description) + populate(objectMap, "enabled", a.Enabled) + populate(objectMap, "entitiesFilter", a.EntitiesFilter) + populate(objectMap, "inputEntityType", a.InputEntityType) + populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) + populate(objectMap, "queryDefinitions", a.QueryDefinitions) + populate(objectMap, "requiredInputFieldsSets", a.RequiredInputFieldsSets) + populate(objectMap, "templateName", a.TemplateName) + populate(objectMap, "title", a.Title) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesProperties. +func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -275,11 +405,38 @@ func (a *AlertRulesList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &a.NextLink) + case "content": + err = unpopulate(val, "Content", &a.Content) delete(rawMsg, key) - case "value": - a.Value, err = unmarshalAlertRuleClassificationArray(val) + case "createdTimeUtc": + err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &a.Description) + delete(rawMsg, key) + case "enabled": + err = unpopulate(val, "Enabled", &a.Enabled) + delete(rawMsg, key) + case "entitiesFilter": + err = unpopulate(val, "EntitiesFilter", &a.EntitiesFilter) + delete(rawMsg, key) + case "inputEntityType": + err = unpopulate(val, "InputEntityType", &a.InputEntityType) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) + delete(rawMsg, key) + case "queryDefinitions": + err = unpopulate(val, "QueryDefinitions", &a.QueryDefinitions) + delete(rawMsg, key) + case "requiredInputFieldsSets": + err = unpopulate(val, "RequiredInputFieldsSets", &a.RequiredInputFieldsSets) + delete(rawMsg, key) + case "templateName": + err = unpopulate(val, "TemplateName", &a.TemplateName) + delete(rawMsg, key) + case "title": + err = unpopulate(val, "Title", &a.Title) delete(rawMsg, key) } if err != nil { @@ -289,17 +446,21 @@ func (a *AlertRulesList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction. -func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQuery. +func (a ActivityEntityQuery) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "actionConfiguration", a.ActionConfiguration) - objectMap["actionType"] = ActionTypeModifyProperties - populate(objectMap, "order", a.Order) + populate(objectMap, "etag", a.Etag) + populate(objectMap, "id", a.ID) + objectMap["kind"] = EntityQueryKindActivity + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction. -func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQuery. +func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -307,14 +468,26 @@ func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error for key, val := range rawMsg { var err error switch key { - case "actionConfiguration": - err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) + case "etag": + err = unpopulate(val, "Etag", &a.Etag) delete(rawMsg, key) - case "actionType": - err = unpopulate(val, "ActionType", &a.ActionType) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &a.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -324,22 +497,20 @@ func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties. -func (a AutomationRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplate. +func (a ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "actions", a.Actions) - populate(objectMap, "createdBy", a.CreatedBy) - populateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) - populate(objectMap, "displayName", a.DisplayName) - populate(objectMap, "lastModifiedBy", a.LastModifiedBy) - populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) - populate(objectMap, "order", a.Order) - populate(objectMap, "triggeringLogic", a.TriggeringLogic) + populate(objectMap, "id", a.ID) + objectMap["kind"] = EntityQueryTemplateKindActivity + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties. -func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplate. +func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -347,29 +518,23 @@ func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "actions": - a.Actions, err = unmarshalAutomationRuleActionClassificationArray(val) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &a.CreatedBy) - delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &a.DisplayName) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) - case "lastModifiedBy": - err = unpopulate(val, "LastModifiedBy", &a.LastModifiedBy) + case "name": + err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) - case "triggeringLogic": - err = unpopulate(val, "TriggeringLogic", &a.TriggeringLogic) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -379,26 +544,22 @@ func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition. -func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "operator", a.Operator) - populate(objectMap, "propertyName", a.PropertyName) - populate(objectMap, "propertyValues", a.PropertyValues) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction. -func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplateProperties. +func (a ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "actionConfiguration", a.ActionConfiguration) - objectMap["actionType"] = ActionTypeRunPlaybook - populate(objectMap, "order", a.Order) + populate(objectMap, "content", a.Content) + populate(objectMap, "dataTypes", a.DataTypes) + populate(objectMap, "description", a.Description) + populate(objectMap, "entitiesFilter", a.EntitiesFilter) + populate(objectMap, "inputEntityType", a.InputEntityType) + populate(objectMap, "queryDefinitions", a.QueryDefinitions) + populate(objectMap, "requiredInputFieldsSets", a.RequiredInputFieldsSets) + populate(objectMap, "title", a.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction. -func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityTimelineItem. +func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -406,36 +567,61 @@ func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "actionConfiguration": - err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) + case "bucketEndTimeUTC": + err = unpopulateTimeRFC3339(val, "BucketEndTimeUTC", &a.BucketEndTimeUTC) delete(rawMsg, key) - case "actionType": - err = unpopulate(val, "ActionType", &a.ActionType) + case "bucketStartTimeUTC": + err = unpopulateTimeRFC3339(val, "BucketStartTimeUTC", &a.BucketStartTimeUTC) delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) + case "content": + err = unpopulate(val, "Content", &a.Content) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } + case "firstActivityTimeUTC": + err = unpopulateTimeRFC3339(val, "FirstActivityTimeUTC", &a.FirstActivityTimeUTC) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "lastActivityTimeUTC": + err = unpopulateTimeRFC3339(val, "LastActivityTimeUTC", &a.LastActivityTimeUTC) + delete(rawMsg, key) + case "queryId": + err = unpopulate(val, "QueryID", &a.QueryID) + delete(rawMsg, key) + case "title": + err = unpopulate(val, "Title", &a.Title) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic. -func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource. +func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "conditions", a.Conditions) - populateTimeRFC3339(objectMap, "expirationTimeUtc", a.ExpirationTimeUTC) - populate(objectMap, "isEnabled", a.IsEnabled) - populate(objectMap, "triggersOn", a.TriggersOn) - populate(objectMap, "triggersWhen", a.TriggersWhen) + populate(objectMap, "connectorId", a.ConnectorID) + populate(objectMap, "dataTypes", a.DataTypes) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic. -func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatePropertiesBase. +func (a AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRulesCreatedByTemplateCount", a.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", a.CreatedDateUTC) + populate(objectMap, "description", a.Description) + populate(objectMap, "displayName", a.DisplayName) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", a.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", a.RequiredDataConnectors) + populate(objectMap, "status", a.Status) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatePropertiesBase. +func (a *AlertRuleTemplatePropertiesBase) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -443,20 +629,26 @@ func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "conditions": - a.Conditions, err = unmarshalAutomationRuleConditionClassificationArray(val) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &a.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "expirationTimeUtc": - err = unpopulateTimeRFC3339(val, "ExpirationTimeUTC", &a.ExpirationTimeUTC) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &a.CreatedDateUTC) delete(rawMsg, key) - case "isEnabled": - err = unpopulate(val, "IsEnabled", &a.IsEnabled) + case "description": + err = unpopulate(val, "Description", &a.Description) delete(rawMsg, key) - case "triggersOn": - err = unpopulate(val, "TriggersOn", &a.TriggersOn) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) delete(rawMsg, key) - case "triggersWhen": - err = unpopulate(val, "TriggersWhen", &a.TriggersWhen) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &a.LastUpdatedDateUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &a.RequiredDataConnectors) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &a.Status) delete(rawMsg, key) } if err != nil { @@ -466,12 +658,117 @@ func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector. -func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateWithMitreProperties. +func (a AlertRuleTemplateWithMitreProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRulesCreatedByTemplateCount", a.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", a.CreatedDateUTC) + populate(objectMap, "description", a.Description) + populate(objectMap, "displayName", a.DisplayName) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", a.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", a.RequiredDataConnectors) + populate(objectMap, "status", a.Status) + populate(objectMap, "tactics", a.Tactics) + populate(objectMap, "techniques", a.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplateWithMitreProperties. +func (a *AlertRuleTemplateWithMitreProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &a.AlertRulesCreatedByTemplateCount) + delete(rawMsg, key) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &a.CreatedDateUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &a.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) + delete(rawMsg, key) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &a.LastUpdatedDateUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &a.RequiredDataConnectors) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &a.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &a.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &a.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList. +func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &a.NextLink) + delete(rawMsg, key) + case "value": + a.Value, err = unmarshalAlertRuleTemplateClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList. +func (a *AlertRulesList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &a.NextLink) + delete(rawMsg, key) + case "value": + a.Value, err = unmarshalAlertRuleClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type Anomalies. +func (a Anomalies) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "etag", a.Etag) populate(objectMap, "id", a.ID) - objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail + objectMap["kind"] = SettingKindAnomalies populate(objectMap, "name", a.Name) populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) @@ -479,8 +776,8 @@ func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector. -func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Anomalies. +func (a *Anomalies) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -517,11 +814,12 @@ func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity. -func (a AzureResourceEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettings. +func (a AnomalySecurityMLAnalyticsSettings) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) + populate(objectMap, "etag", a.Etag) populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityKindEnumAzureResource + objectMap["kind"] = SecurityMLAnalyticsSettingsKindAnomaly populate(objectMap, "name", a.Name) populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) @@ -529,8 +827,8 @@ func (a AzureResourceEntity) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity. -func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettings. +func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -538,6 +836,9 @@ func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &a.Etag) + delete(rawMsg, key) case "id": err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) @@ -564,1083 +865,3995 @@ func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties. -func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", a.AdditionalData) - populate(objectMap, "friendlyName", a.FriendlyName) - populate(objectMap, "resourceId", a.ResourceID) - populate(objectMap, "subscriptionId", a.SubscriptionID) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type BookmarkProperties. -func (b BookmarkProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. +func (a AnomalySecurityMLAnalyticsSettingsProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populateTimeRFC3339(objectMap, "created", b.Created) - populate(objectMap, "createdBy", b.CreatedBy) - populate(objectMap, "displayName", b.DisplayName) - populateTimeRFC3339(objectMap, "eventTime", b.EventTime) - populate(objectMap, "incidentInfo", b.IncidentInfo) - populate(objectMap, "labels", b.Labels) - populate(objectMap, "notes", b.Notes) - populate(objectMap, "query", b.Query) - populateTimeRFC3339(objectMap, "queryEndTime", b.QueryEndTime) - populate(objectMap, "queryResult", b.QueryResult) - populateTimeRFC3339(objectMap, "queryStartTime", b.QueryStartTime) - populateTimeRFC3339(objectMap, "updated", b.Updated) - populate(objectMap, "updatedBy", b.UpdatedBy) + populate(objectMap, "anomalySettingsVersion", a.AnomalySettingsVersion) + populate(objectMap, "anomalyVersion", a.AnomalyVersion) + populate(objectMap, "customizableObservations", &a.CustomizableObservations) + populate(objectMap, "description", a.Description) + populate(objectMap, "displayName", a.DisplayName) + populate(objectMap, "enabled", a.Enabled) + populate(objectMap, "frequency", a.Frequency) + populate(objectMap, "isDefaultSettings", a.IsDefaultSettings) + populateTimeRFC3339(objectMap, "lastModifiedUtc", a.LastModifiedUTC) + populate(objectMap, "requiredDataConnectors", a.RequiredDataConnectors) + populate(objectMap, "settingsDefinitionId", a.SettingsDefinitionID) + populate(objectMap, "settingsStatus", a.SettingsStatus) + populate(objectMap, "tactics", a.Tactics) + populate(objectMap, "techniques", a.Techniques) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties. -func (b *BookmarkProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. +func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "created": - err = unpopulateTimeRFC3339(val, "Created", &b.Created) + case "anomalySettingsVersion": + err = unpopulate(val, "AnomalySettingsVersion", &a.AnomalySettingsVersion) delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &b.CreatedBy) + case "anomalyVersion": + err = unpopulate(val, "AnomalyVersion", &a.AnomalyVersion) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &b.DisplayName) + case "customizableObservations": + err = unpopulate(val, "CustomizableObservations", &a.CustomizableObservations) delete(rawMsg, key) - case "eventTime": - err = unpopulateTimeRFC3339(val, "EventTime", &b.EventTime) + case "description": + err = unpopulate(val, "Description", &a.Description) delete(rawMsg, key) - case "incidentInfo": - err = unpopulate(val, "IncidentInfo", &b.IncidentInfo) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &b.Labels) + case "enabled": + err = unpopulate(val, "Enabled", &a.Enabled) delete(rawMsg, key) - case "notes": - err = unpopulate(val, "Notes", &b.Notes) + case "frequency": + err = unpopulate(val, "Frequency", &a.Frequency) delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &b.Query) + case "isDefaultSettings": + err = unpopulate(val, "IsDefaultSettings", &a.IsDefaultSettings) delete(rawMsg, key) - case "queryEndTime": - err = unpopulateTimeRFC3339(val, "QueryEndTime", &b.QueryEndTime) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &a.LastModifiedUTC) delete(rawMsg, key) - case "queryResult": - err = unpopulate(val, "QueryResult", &b.QueryResult) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &a.RequiredDataConnectors) delete(rawMsg, key) - case "queryStartTime": - err = unpopulateTimeRFC3339(val, "QueryStartTime", &b.QueryStartTime) + case "settingsDefinitionId": + err = unpopulate(val, "SettingsDefinitionID", &a.SettingsDefinitionID) delete(rawMsg, key) - case "updated": - err = unpopulateTimeRFC3339(val, "Updated", &b.Updated) + case "settingsStatus": + err = unpopulate(val, "SettingsStatus", &a.SettingsStatus) delete(rawMsg, key) - case "updatedBy": - err = unpopulate(val, "UpdatedBy", &b.UpdatedBy) + case "tactics": + err = unpopulate(val, "Tactics", &a.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &a.Techniques) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity. -func (c CloudApplicationEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "id", c.ID) - objectMap["kind"] = EntityKindEnumCloudApplication - populate(objectMap, "name", c.Name) - populate(objectMap, "properties", c.Properties) - populate(objectMap, "systemData", c.SystemData) - populate(objectMap, "type", c.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity. -func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalyTimelineItem. +func (a *AnomalyTimelineItem) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &c.ID) + case "azureResourceId": + err = unpopulate(val, "AzureResourceID", &a.AzureResourceID) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &a.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) + delete(rawMsg, key) + case "endTimeUtc": + err = unpopulateTimeRFC3339(val, "EndTimeUTC", &a.EndTimeUTC) + delete(rawMsg, key) + case "intent": + err = unpopulate(val, "Intent", &a.Intent) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &c.Kind) + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &c.Name) + case "productName": + err = unpopulate(val, "ProductName", &a.ProductName) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &c.Properties) + case "reasons": + err = unpopulate(val, "Reasons", &a.Reasons) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &c.SystemData) + case "startTimeUtc": + err = unpopulateTimeRFC3339(val, "StartTimeUTC", &a.StartTimeUTC) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &c.Type) + case "techniques": + err = unpopulate(val, "Techniques", &a.Techniques) + delete(rawMsg, key) + case "timeGenerated": + err = unpopulateTimeRFC3339(val, "TimeGenerated", &a.TimeGenerated) + delete(rawMsg, key) + case "vendor": + err = unpopulate(val, "Vendor", &a.Vendor) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties. -func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", c.AdditionalData) - populate(objectMap, "appId", c.AppID) - populate(objectMap, "appName", c.AppName) - populate(objectMap, "friendlyName", c.FriendlyName) - populate(objectMap, "instanceName", c.InstanceName) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type DNSEntity. -func (d DNSEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction. +func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", d.ID) - objectMap["kind"] = EntityKindEnumDNSResolution - populate(objectMap, "name", d.Name) - populate(objectMap, "properties", d.Properties) - populate(objectMap, "systemData", d.SystemData) - populate(objectMap, "type", d.Type) + populate(objectMap, "actionConfiguration", a.ActionConfiguration) + objectMap["actionType"] = ActionTypeModifyProperties + populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity. -func (d *DNSEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction. +func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &d.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &d.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &d.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &d.Properties) + case "actionConfiguration": + err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &d.SystemData) + case "actionType": + err = unpopulate(val, "ActionType", &a.ActionType) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &d.Type) + case "order": + err = unpopulate(val, "Order", &a.Order) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties. -func (d DNSEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties. +func (a AutomationRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", d.AdditionalData) - populate(objectMap, "dnsServerIpEntityId", d.DNSServerIPEntityID) - populate(objectMap, "domainName", d.DomainName) - populate(objectMap, "friendlyName", d.FriendlyName) - populate(objectMap, "hostIpAddressEntityId", d.HostIPAddressEntityID) - populate(objectMap, "ipAddressEntityIds", d.IPAddressEntityIDs) + populate(objectMap, "actions", a.Actions) + populate(objectMap, "createdBy", a.CreatedBy) + populateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) + populate(objectMap, "displayName", a.DisplayName) + populate(objectMap, "lastModifiedBy", a.LastModifiedBy) + populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) + populate(objectMap, "order", a.Order) + populate(objectMap, "triggeringLogic", a.TriggeringLogic) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList. -func (d *DataConnectorList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties. +func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &d.NextLink) + case "actions": + a.Actions, err = unmarshalAutomationRuleActionClassificationArray(val) delete(rawMsg, key) - case "value": - d.Value, err = unmarshalDataConnectorClassificationArray(val) + case "createdBy": + err = unpopulate(val, "CreatedBy", &a.CreatedBy) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) + delete(rawMsg, key) + case "lastModifiedBy": + err = unpopulate(val, "LastModifiedBy", &a.LastModifiedBy) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) + delete(rawMsg, key) + case "order": + err = unpopulate(val, "Order", &a.Order) + delete(rawMsg, key) + case "triggeringLogic": + err = unpopulate(val, "TriggeringLogic", &a.TriggeringLogic) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityCommonProperties. -func (e EntityCommonProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesChangedCondition. +func (a AutomationRulePropertyValuesChangedCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", e.AdditionalData) - populate(objectMap, "friendlyName", e.FriendlyName) + populate(objectMap, "changeType", a.ChangeType) + populate(objectMap, "operator", a.Operator) + populate(objectMap, "propertyName", a.PropertyName) + populate(objectMap, "propertyValues", a.PropertyValues) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type EntityMapping. -func (e EntityMapping) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition. +func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "entityType", e.EntityType) - populate(objectMap, "fieldMappings", e.FieldMappings) + populate(objectMap, "operator", a.Operator) + populate(objectMap, "propertyName", a.PropertyName) + populate(objectMap, "propertyValues", a.PropertyValues) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type FileEntity. -func (f FileEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction. +func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", f.ID) - objectMap["kind"] = EntityKindEnumFile - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "actionConfiguration", a.ActionConfiguration) + objectMap["actionType"] = ActionTypeRunPlaybook + populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity. -func (f *FileEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction. +func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &f.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "actionConfiguration": + err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "actionType": + err = unpopulate(val, "ActionType", &a.ActionType) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "order": + err = unpopulate(val, "Order", &a.Order) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileEntityProperties. -func (f FileEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", f.AdditionalData) - populate(objectMap, "directory", f.Directory) - populate(objectMap, "fileHashEntityIds", f.FileHashEntityIDs) - populate(objectMap, "fileName", f.FileName) - populate(objectMap, "friendlyName", f.FriendlyName) - populate(objectMap, "hostEntityId", f.HostEntityID) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type FileHashEntity. -func (f FileHashEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic. +func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", f.ID) - objectMap["kind"] = EntityKindEnumFileHash - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "conditions", a.Conditions) + populateTimeRFC3339(objectMap, "expirationTimeUtc", a.ExpirationTimeUTC) + populate(objectMap, "isEnabled", a.IsEnabled) + populate(objectMap, "triggersOn", a.TriggersOn) + populate(objectMap, "triggersWhen", a.TriggersWhen) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity. -func (f *FileHashEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic. +func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &f.Kind) + case "conditions": + a.Conditions, err = unmarshalAutomationRuleConditionClassificationArray(val) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) + case "expirationTimeUtc": + err = unpopulateTimeRFC3339(val, "ExpirationTimeUTC", &a.ExpirationTimeUTC) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "isEnabled": + err = unpopulate(val, "IsEnabled", &a.IsEnabled) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "triggersOn": + err = unpopulate(val, "TriggersOn", &a.TriggersOn) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "triggersWhen": + err = unpopulate(val, "TriggersWhen", &a.TriggersWhen) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties. -func (f FileHashEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", f.AdditionalData) - populate(objectMap, "algorithm", f.Algorithm) - populate(objectMap, "friendlyName", f.FriendlyName) - populate(objectMap, "hashValue", f.HashValue) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRule. -func (f FusionAlertRule) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailCheckRequirements. +func (a AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "etag", f.Etag) - populate(objectMap, "id", f.ID) - objectMap["kind"] = AlertRuleKindFusion - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule. -func (f *FusionAlertRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailCheckRequirements. +func (a *AwsCloudTrailCheckRequirements) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &f.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &f.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties. -func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector. +func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "alertRuleTemplateName", f.AlertRuleTemplateName) - populate(objectMap, "description", f.Description) - populate(objectMap, "displayName", f.DisplayName) - populate(objectMap, "enabled", f.Enabled) - populateTimeRFC3339(objectMap, "lastModifiedUtc", f.LastModifiedUTC) - populate(objectMap, "severity", f.Severity) - populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "etag", a.Etag) + populate(objectMap, "id", a.ID) + objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties. -func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector. +func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &f.AlertRuleTemplateName) + case "etag": + err = unpopulate(val, "Etag", &a.Etag) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &f.Description) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &f.DisplayName) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &f.Enabled) + case "name": + err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &f.LastModifiedUTC) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &f.Severity) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &f.Tactics) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate. -func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsS3CheckRequirements. +func (a AwsS3CheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", f.ID) - objectMap["kind"] = AlertRuleKindFusion - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + objectMap["kind"] = DataConnectorKindAmazonWebServicesS3 return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate. -func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3CheckRequirements. +func (a *AwsS3CheckRequirements) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &f.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties. -func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnector. +func (a AwsS3DataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "alertRulesCreatedByTemplateCount", f.AlertRulesCreatedByTemplateCount) - populateTimeRFC3339(objectMap, "createdDateUTC", f.CreatedDateUTC) - populate(objectMap, "description", f.Description) - populate(objectMap, "displayName", f.DisplayName) - populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", f.LastUpdatedDateUTC) - populate(objectMap, "requiredDataConnectors", f.RequiredDataConnectors) - populate(objectMap, "severity", f.Severity) - populate(objectMap, "status", f.Status) - populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "etag", a.Etag) + populate(objectMap, "id", a.ID) + objectMap["kind"] = DataConnectorKindAmazonWebServicesS3 + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties. -func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnector. +func (a *AwsS3DataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &f.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &f.CreatedDateUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &f.Description) + case "etag": + err = unpopulate(val, "Etag", &a.Etag) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &f.DisplayName) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &f.LastUpdatedDateUTC) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &f.RequiredDataConnectors) + case "name": + err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &f.Severity) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &f.Status) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &f.Tactics) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration. -func (g GroupingConfiguration) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorProperties. +func (a AwsS3DataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "enabled", g.Enabled) - populate(objectMap, "groupByAlertDetails", g.GroupByAlertDetails) - populate(objectMap, "groupByCustomDetails", g.GroupByCustomDetails) - populate(objectMap, "groupByEntities", g.GroupByEntities) - populate(objectMap, "lookbackDuration", g.LookbackDuration) - populate(objectMap, "matchingMethod", g.MatchingMethod) - populate(objectMap, "reopenClosedIncident", g.ReopenClosedIncident) + populate(objectMap, "dataTypes", a.DataTypes) + populate(objectMap, "destinationTable", a.DestinationTable) + populate(objectMap, "roleArn", a.RoleArn) + populate(objectMap, "sqsUrls", a.SqsUrls) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type HostEntity. -func (h HostEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity. +func (a AzureResourceEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", h.ID) - objectMap["kind"] = EntityKindEnumHost - populate(objectMap, "name", h.Name) - populate(objectMap, "properties", h.Properties) - populate(objectMap, "systemData", h.SystemData) - populate(objectMap, "type", h.Type) + populate(objectMap, "id", a.ID) + objectMap["kind"] = EntityKindAzureResource + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity. -func (h *HostEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity. +func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } for key, val := range rawMsg { var err error switch key { case "id": - err = unpopulate(val, "ID", &h.ID) + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &h.Kind) + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &h.Name) + err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &h.Properties) + err = unpopulate(val, "Properties", &a.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &h.SystemData) + err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &h.Type) + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", a, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HostEntityProperties. -func (h HostEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties. +func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", h.AdditionalData) - populate(objectMap, "azureID", h.AzureID) - populate(objectMap, "dnsDomain", h.DNSDomain) - populate(objectMap, "friendlyName", h.FriendlyName) - populate(objectMap, "hostName", h.HostName) - populate(objectMap, "isDomainJoined", h.IsDomainJoined) - populate(objectMap, "netBiosName", h.NetBiosName) - populate(objectMap, "ntDomain", h.NtDomain) - populate(objectMap, "osFamily", h.OSFamily) - populate(objectMap, "osVersion", h.OSVersion) - populate(objectMap, "omsAgentID", h.OmsAgentID) + populate(objectMap, "additionalData", a.AdditionalData) + populate(objectMap, "friendlyName", a.FriendlyName) + populate(objectMap, "resourceId", a.ResourceID) + populate(objectMap, "subscriptionId", a.SubscriptionID) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type HuntingBookmark. -func (h HuntingBookmark) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type BookmarkEntityMappings. +func (b BookmarkEntityMappings) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", h.ID) - objectMap["kind"] = EntityKindEnumBookmark - populate(objectMap, "name", h.Name) - populate(objectMap, "properties", h.Properties) - populate(objectMap, "systemData", h.SystemData) - populate(objectMap, "type", h.Type) + populate(objectMap, "entityType", b.EntityType) + populate(objectMap, "fieldMappings", b.FieldMappings) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark. -func (h *HuntingBookmark) UnmarshalJSON(data []byte) error { +// MarshalJSON implements the json.Marshaller interface for type BookmarkExpandParameters. +func (b BookmarkExpandParameters) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateTimeRFC3339(objectMap, "endTime", b.EndTime) + populate(objectMap, "expansionId", b.ExpansionID) + populateTimeRFC3339(objectMap, "startTime", b.StartTime) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandParameters. +func (b *BookmarkExpandParameters) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &h.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &h.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &h.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &h.Properties) + case "endTime": + err = unpopulateTimeRFC3339(val, "EndTime", &b.EndTime) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &h.SystemData) + case "expansionId": + err = unpopulate(val, "ExpansionID", &b.ExpansionID) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &h.Type) + case "startTime": + err = unpopulateTimeRFC3339(val, "StartTime", &b.StartTime) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties. -func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", h.AdditionalData) - populateTimeRFC3339(objectMap, "created", h.Created) - populate(objectMap, "createdBy", h.CreatedBy) - populate(objectMap, "displayName", h.DisplayName) - populateTimeRFC3339(objectMap, "eventTime", h.EventTime) - populate(objectMap, "friendlyName", h.FriendlyName) - populate(objectMap, "incidentInfo", h.IncidentInfo) - populate(objectMap, "labels", h.Labels) - populate(objectMap, "notes", h.Notes) - populate(objectMap, "query", h.Query) - populate(objectMap, "queryResult", h.QueryResult) - populateTimeRFC3339(objectMap, "updated", h.Updated) - populate(objectMap, "updatedBy", h.UpdatedBy) +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponseValue. +func (b *BookmarkExpandResponseValue) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", b, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "edges": + err = unpopulate(val, "Edges", &b.Edges) + delete(rawMsg, key) + case "entities": + b.Entities, err = unmarshalEntityClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", b, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type BookmarkProperties. +func (b BookmarkProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateTimeRFC3339(objectMap, "created", b.Created) + populate(objectMap, "createdBy", b.CreatedBy) + populate(objectMap, "displayName", b.DisplayName) + populate(objectMap, "entityMappings", b.EntityMappings) + populateTimeRFC3339(objectMap, "eventTime", b.EventTime) + populate(objectMap, "incidentInfo", b.IncidentInfo) + populate(objectMap, "labels", b.Labels) + populate(objectMap, "notes", b.Notes) + populate(objectMap, "query", b.Query) + populateTimeRFC3339(objectMap, "queryEndTime", b.QueryEndTime) + populate(objectMap, "queryResult", b.QueryResult) + populateTimeRFC3339(objectMap, "queryStartTime", b.QueryStartTime) + populate(objectMap, "tactics", b.Tactics) + populate(objectMap, "techniques", b.Techniques) + populateTimeRFC3339(objectMap, "updated", b.Updated) + populate(objectMap, "updatedBy", b.UpdatedBy) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties. -func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties. +func (b *BookmarkProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &h.AdditionalData) - delete(rawMsg, key) case "created": - err = unpopulateTimeRFC3339(val, "Created", &h.Created) + err = unpopulateTimeRFC3339(val, "Created", &b.Created) delete(rawMsg, key) case "createdBy": - err = unpopulate(val, "CreatedBy", &h.CreatedBy) + err = unpopulate(val, "CreatedBy", &b.CreatedBy) delete(rawMsg, key) case "displayName": - err = unpopulate(val, "DisplayName", &h.DisplayName) + err = unpopulate(val, "DisplayName", &b.DisplayName) delete(rawMsg, key) - case "eventTime": - err = unpopulateTimeRFC3339(val, "EventTime", &h.EventTime) + case "entityMappings": + err = unpopulate(val, "EntityMappings", &b.EntityMappings) delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &h.FriendlyName) + case "eventTime": + err = unpopulateTimeRFC3339(val, "EventTime", &b.EventTime) delete(rawMsg, key) case "incidentInfo": - err = unpopulate(val, "IncidentInfo", &h.IncidentInfo) + err = unpopulate(val, "IncidentInfo", &b.IncidentInfo) delete(rawMsg, key) case "labels": - err = unpopulate(val, "Labels", &h.Labels) + err = unpopulate(val, "Labels", &b.Labels) delete(rawMsg, key) case "notes": - err = unpopulate(val, "Notes", &h.Notes) + err = unpopulate(val, "Notes", &b.Notes) delete(rawMsg, key) case "query": - err = unpopulate(val, "Query", &h.Query) + err = unpopulate(val, "Query", &b.Query) + delete(rawMsg, key) + case "queryEndTime": + err = unpopulateTimeRFC3339(val, "QueryEndTime", &b.QueryEndTime) delete(rawMsg, key) case "queryResult": - err = unpopulate(val, "QueryResult", &h.QueryResult) + err = unpopulate(val, "QueryResult", &b.QueryResult) + delete(rawMsg, key) + case "queryStartTime": + err = unpopulateTimeRFC3339(val, "QueryStartTime", &b.QueryStartTime) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &b.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &b.Techniques) delete(rawMsg, key) case "updated": - err = unpopulateTimeRFC3339(val, "Updated", &h.Updated) + err = unpopulateTimeRFC3339(val, "Updated", &b.Updated) delete(rawMsg, key) case "updatedBy": - err = unpopulate(val, "UpdatedBy", &h.UpdatedBy) + err = unpopulate(val, "UpdatedBy", &b.UpdatedBy) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IPEntity. -func (i IPEntity) MarshalJSON() ([]byte, error) { +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkTimelineItem. +func (b *BookmarkTimelineItem) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", b, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "azureResourceId": + err = unpopulate(val, "AzureResourceID", &b.AzureResourceID) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &b.CreatedBy) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &b.DisplayName) + delete(rawMsg, key) + case "endTimeUtc": + err = unpopulateTimeRFC3339(val, "EndTimeUTC", &b.EndTimeUTC) + delete(rawMsg, key) + case "eventTime": + err = unpopulateTimeRFC3339(val, "EventTime", &b.EventTime) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &b.Kind) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &b.Labels) + delete(rawMsg, key) + case "notes": + err = unpopulate(val, "Notes", &b.Notes) + delete(rawMsg, key) + case "startTimeUtc": + err = unpopulateTimeRFC3339(val, "StartTimeUTC", &b.StartTimeUTC) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", b, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity. +func (c CloudApplicationEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", i.ID) - objectMap["kind"] = EntityKindEnumIP - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "id", c.ID) + objectMap["kind"] = EntityKindCloudApplication + populate(objectMap, "name", c.Name) + populate(objectMap, "properties", c.Properties) + populate(objectMap, "systemData", c.SystemData) + populate(objectMap, "type", c.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity. -func (i *IPEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity. +func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { case "id": - err = unpopulate(val, "ID", &i.ID) + err = unpopulate(val, "ID", &c.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &i.Kind) + err = unpopulate(val, "Kind", &c.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &i.Name) + err = unpopulate(val, "Name", &c.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &i.Properties) + err = unpopulate(val, "Properties", &c.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) + err = unpopulate(val, "SystemData", &c.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &i.Type) + err = unpopulate(val, "Type", &c.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IPEntityProperties. -func (i IPEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "address", i.Address) - populate(objectMap, "friendlyName", i.FriendlyName) - populate(objectMap, "location", i.Location) - populate(objectMap, "threatIntelligence", i.ThreatIntelligence) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData. -func (i IncidentAdditionalData) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties. +func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "alertProductNames", i.AlertProductNames) - populate(objectMap, "alertsCount", i.AlertsCount) - populate(objectMap, "bookmarksCount", i.BookmarksCount) - populate(objectMap, "commentsCount", i.CommentsCount) - populate(objectMap, "tactics", i.Tactics) + populate(objectMap, "additionalData", c.AdditionalData) + populate(objectMap, "appId", c.AppID) + populate(objectMap, "appName", c.AppName) + populate(objectMap, "friendlyName", c.FriendlyName) + populate(objectMap, "instanceName", c.InstanceName) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties. -func (i IncidentCommentProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CodelessAPIPollingDataConnector. +func (c CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "author", i.Author) - populateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) - populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) - populate(objectMap, "message", i.Message) + populate(objectMap, "etag", c.Etag) + populate(objectMap, "id", c.ID) + objectMap["kind"] = DataConnectorKindAPIPolling + populate(objectMap, "name", c.Name) + populate(objectMap, "properties", c.Properties) + populate(objectMap, "systemData", c.SystemData) + populate(objectMap, "type", c.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties. -func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessAPIPollingDataConnector. +func (c *CodelessAPIPollingDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "author": - err = unpopulate(val, "Author", &i.Author) + case "etag": + err = unpopulate(val, "Etag", &c.Etag) delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + case "id": + err = unpopulate(val, "ID", &c.ID) delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + case "kind": + err = unpopulate(val, "Kind", &c.Kind) delete(rawMsg, key) - case "message": - err = unpopulate(val, "Message", &i.Message) + case "name": + err = unpopulate(val, "Name", &c.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &c.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &c.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &c.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse. -func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error { +// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingResponseProperties. +func (c CodelessConnectorPollingResponseProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "eventsJsonPaths", c.EventsJSONPaths) + populate(objectMap, "isGzipCompressed", c.IsGzipCompressed) + populate(objectMap, "successStatusJsonPath", c.SuccessStatusJSONPath) + populate(objectMap, "successStatusValue", c.SuccessStatusValue) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigProperties. +func (c CodelessUIConnectorConfigProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "availability", c.Availability) + populate(objectMap, "connectivityCriteria", c.ConnectivityCriteria) + populate(objectMap, "customImage", c.CustomImage) + populate(objectMap, "dataTypes", c.DataTypes) + populate(objectMap, "descriptionMarkdown", c.DescriptionMarkdown) + populate(objectMap, "graphQueries", c.GraphQueries) + populate(objectMap, "graphQueriesTableName", c.GraphQueriesTableName) + populate(objectMap, "instructionSteps", c.InstructionSteps) + populate(objectMap, "permissions", c.Permissions) + populate(objectMap, "publisher", c.Publisher) + populate(objectMap, "sampleQueries", c.SampleQueries) + populate(objectMap, "title", c.Title) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem. +func (c CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "type", c.Type) + populate(objectMap, "value", c.Value) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem. +func (c CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "description", c.Description) + populate(objectMap, "instructions", c.Instructions) + populate(objectMap, "title", c.Title) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type CodelessUIDataConnector. +func (c CodelessUIDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", c.Etag) + populate(objectMap, "id", c.ID) + objectMap["kind"] = DataConnectorKindGenericUI + populate(objectMap, "name", c.Name) + populate(objectMap, "properties", c.Properties) + populate(objectMap, "systemData", c.SystemData) + populate(objectMap, "type", c.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIDataConnector. +func (c *CodelessUIDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "entities": - i.Entities, err = unmarshalEntityClassificationArray(val) + case "etag": + err = unpopulate(val, "Etag", &c.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &c.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &c.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &c.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &c.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &c.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &c.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", c, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type ConnectivityCriteria. +func (c ConnectivityCriteria) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "type", c.Type) + populate(objectMap, "value", c.Value) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type DNSEntity. +func (d DNSEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", d.ID) + objectMap["kind"] = EntityKindDNSResolution + populate(objectMap, "name", d.Name) + populate(objectMap, "properties", d.Properties) + populate(objectMap, "systemData", d.SystemData) + populate(objectMap, "type", d.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity. +func (d *DNSEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &d.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &d.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &d.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &d.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &d.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &d.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties. +func (d DNSEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", d.AdditionalData) + populate(objectMap, "dnsServerIpEntityId", d.DNSServerIPEntityID) + populate(objectMap, "domainName", d.DomainName) + populate(objectMap, "friendlyName", d.FriendlyName) + populate(objectMap, "hostIpAddressEntityId", d.HostIPAddressEntityID) + populate(objectMap, "ipAddressEntityIds", d.IPAddressEntityIDs) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type DataConnectorConnectBody. +func (d DataConnectorConnectBody) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "apiKey", d.APIKey) + populate(objectMap, "authorizationCode", d.AuthorizationCode) + populate(objectMap, "clientId", d.ClientID) + populate(objectMap, "clientSecret", d.ClientSecret) + populate(objectMap, "kind", d.Kind) + populate(objectMap, "password", d.Password) + populate(objectMap, "requestConfigUserInputValues", d.RequestConfigUserInputValues) + populate(objectMap, "userName", d.UserName) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList. +func (d *DataConnectorList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &d.NextLink) + delete(rawMsg, key) + case "value": + d.Value, err = unmarshalDataConnectorClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type Deployment. +func (d Deployment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "deploymentId", d.DeploymentID) + populate(objectMap, "deploymentLogsUrl", d.DeploymentLogsURL) + populate(objectMap, "deploymentResult", d.DeploymentResult) + populate(objectMap, "deploymentState", d.DeploymentState) + populateTimeRFC3339(objectMap, "deploymentTime", d.DeploymentTime) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type Deployment. +func (d *Deployment) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "deploymentId": + err = unpopulate(val, "DeploymentID", &d.DeploymentID) + delete(rawMsg, key) + case "deploymentLogsUrl": + err = unpopulate(val, "DeploymentLogsURL", &d.DeploymentLogsURL) + delete(rawMsg, key) + case "deploymentResult": + err = unpopulate(val, "DeploymentResult", &d.DeploymentResult) + delete(rawMsg, key) + case "deploymentState": + err = unpopulate(val, "DeploymentState", &d.DeploymentState) + delete(rawMsg, key) + case "deploymentTime": + err = unpopulateTimeRFC3339(val, "DeploymentTime", &d.DeploymentTime) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirements. +func (d Dynamics365CheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindDynamics365 + populate(objectMap, "properties", d.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirements. +func (d *Dynamics365CheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &d.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &d.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnector. +func (d Dynamics365DataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", d.Etag) + populate(objectMap, "id", d.ID) + objectMap["kind"] = DataConnectorKindDynamics365 + populate(objectMap, "name", d.Name) + populate(objectMap, "properties", d.Properties) + populate(objectMap, "systemData", d.SystemData) + populate(objectMap, "type", d.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnector. +func (d *Dynamics365DataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &d.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &d.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &d.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &d.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &d.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &d.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &d.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhois. +func (e *EnrichmentDomainWhois) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "created": + err = unpopulateTimeRFC3339(val, "Created", &e.Created) + delete(rawMsg, key) + case "domain": + err = unpopulate(val, "Domain", &e.Domain) + delete(rawMsg, key) + case "expires": + err = unpopulateTimeRFC3339(val, "Expires", &e.Expires) + delete(rawMsg, key) + case "parsedWhois": + err = unpopulate(val, "ParsedWhois", &e.ParsedWhois) + delete(rawMsg, key) + case "server": + err = unpopulate(val, "Server", &e.Server) + delete(rawMsg, key) + case "updated": + err = unpopulateTimeRFC3339(val, "Updated", &e.Updated) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EntityAnalytics. +func (e EntityAnalytics) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", e.Etag) + populate(objectMap, "id", e.ID) + objectMap["kind"] = SettingKindEntityAnalytics + populate(objectMap, "name", e.Name) + populate(objectMap, "properties", e.Properties) + populate(objectMap, "systemData", e.SystemData) + populate(objectMap, "type", e.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalytics. +func (e *EntityAnalytics) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &e.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &e.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &e.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &e.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &e.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &e.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &e.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EntityAnalyticsProperties. +func (e EntityAnalyticsProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "entityProviders", e.EntityProviders) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type EntityCommonProperties. +func (e EntityCommonProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", e.AdditionalData) + populate(objectMap, "friendlyName", e.FriendlyName) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type EntityExpandParameters. +func (e EntityExpandParameters) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateTimeRFC3339(objectMap, "endTime", e.EndTime) + populate(objectMap, "expansionId", e.ExpansionID) + populateTimeRFC3339(objectMap, "startTime", e.StartTime) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandParameters. +func (e *EntityExpandParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "endTime": + err = unpopulateTimeRFC3339(val, "EndTime", &e.EndTime) + delete(rawMsg, key) + case "expansionId": + err = unpopulate(val, "ExpansionID", &e.ExpansionID) + delete(rawMsg, key) + case "startTime": + err = unpopulateTimeRFC3339(val, "StartTime", &e.StartTime) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponseValue. +func (e *EntityExpandResponseValue) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "edges": + err = unpopulate(val, "Edges", &e.Edges) + delete(rawMsg, key) + case "entities": + e.Entities, err = unmarshalEntityClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsParameters. +func (e EntityGetInsightsParameters) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "addDefaultExtendedTimeRange", e.AddDefaultExtendedTimeRange) + populateTimeRFC3339(objectMap, "endTime", e.EndTime) + populate(objectMap, "insightQueryIds", e.InsightQueryIDs) + populateTimeRFC3339(objectMap, "startTime", e.StartTime) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsParameters. +func (e *EntityGetInsightsParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "addDefaultExtendedTimeRange": + err = unpopulate(val, "AddDefaultExtendedTimeRange", &e.AddDefaultExtendedTimeRange) + delete(rawMsg, key) + case "endTime": + err = unpopulateTimeRFC3339(val, "EndTime", &e.EndTime) + delete(rawMsg, key) + case "insightQueryIds": + err = unpopulate(val, "InsightQueryIDs", &e.InsightQueryIDs) + delete(rawMsg, key) + case "startTime": + err = unpopulateTimeRFC3339(val, "StartTime", &e.StartTime) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItemQueryTimeInterval. +func (e *EntityInsightItemQueryTimeInterval) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "endTime": + err = unpopulateTimeRFC3339(val, "EndTime", &e.EndTime) + delete(rawMsg, key) + case "startTime": + err = unpopulateTimeRFC3339(val, "StartTime", &e.StartTime) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityList. +func (e *EntityList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &e.NextLink) + delete(rawMsg, key) + case "value": + e.Value, err = unmarshalEntityClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EntityMapping. +func (e EntityMapping) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "entityType", e.EntityType) + populate(objectMap, "fieldMappings", e.FieldMappings) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryList. +func (e *EntityQueryList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &e.NextLink) + delete(rawMsg, key) + case "value": + e.Value, err = unmarshalEntityQueryClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplateList. +func (e *EntityQueryTemplateList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &e.NextLink) + delete(rawMsg, key) + case "value": + e.Value, err = unmarshalEntityQueryTemplateClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EntityTimelineParameters. +func (e EntityTimelineParameters) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateTimeRFC3339(objectMap, "endTime", e.EndTime) + populate(objectMap, "kinds", e.Kinds) + populate(objectMap, "numberOfBucket", e.NumberOfBucket) + populateTimeRFC3339(objectMap, "startTime", e.StartTime) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineParameters. +func (e *EntityTimelineParameters) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "endTime": + err = unpopulateTimeRFC3339(val, "EndTime", &e.EndTime) + delete(rawMsg, key) + case "kinds": + err = unpopulate(val, "Kinds", &e.Kinds) + delete(rawMsg, key) + case "numberOfBucket": + err = unpopulate(val, "NumberOfBucket", &e.NumberOfBucket) + delete(rawMsg, key) + case "startTime": + err = unpopulateTimeRFC3339(val, "StartTime", &e.StartTime) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineResponse. +func (e *EntityTimelineResponse) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "metaData": + err = unpopulate(val, "MetaData", &e.MetaData) + delete(rawMsg, key) + case "value": + e.Value, err = unmarshalEntityTimelineItemClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQueriesProperties. +func (e ExpansionEntityQueriesProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "dataSources", e.DataSources) + populate(objectMap, "displayName", e.DisplayName) + populate(objectMap, "inputEntityType", e.InputEntityType) + populate(objectMap, "inputFields", e.InputFields) + populate(objectMap, "outputEntityTypes", e.OutputEntityTypes) + populate(objectMap, "queryTemplate", e.QueryTemplate) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQuery. +func (e ExpansionEntityQuery) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", e.Etag) + populate(objectMap, "id", e.ID) + objectMap["kind"] = EntityQueryKindExpansion + populate(objectMap, "name", e.Name) + populate(objectMap, "properties", e.Properties) + populate(objectMap, "systemData", e.SystemData) + populate(objectMap, "type", e.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQuery. +func (e *ExpansionEntityQuery) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &e.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &e.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &e.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &e.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &e.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &e.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &e.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type EyesOn. +func (e EyesOn) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", e.Etag) + populate(objectMap, "id", e.ID) + objectMap["kind"] = SettingKindEyesOn + populate(objectMap, "name", e.Name) + populate(objectMap, "properties", e.Properties) + populate(objectMap, "systemData", e.SystemData) + populate(objectMap, "type", e.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EyesOn. +func (e *EyesOn) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &e.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &e.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &e.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &e.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &e.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &e.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &e.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", e, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FileEntity. +func (f FileEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", f.ID) + objectMap["kind"] = EntityKindFile + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity. +func (f *FileEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &f.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &f.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FileEntityProperties. +func (f FileEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", f.AdditionalData) + populate(objectMap, "directory", f.Directory) + populate(objectMap, "fileHashEntityIds", f.FileHashEntityIDs) + populate(objectMap, "fileName", f.FileName) + populate(objectMap, "friendlyName", f.FriendlyName) + populate(objectMap, "hostEntityId", f.HostEntityID) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type FileHashEntity. +func (f FileHashEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", f.ID) + objectMap["kind"] = EntityKindFileHash + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity. +func (f *FileHashEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &f.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &f.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties. +func (f FileHashEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", f.AdditionalData) + populate(objectMap, "algorithm", f.Algorithm) + populate(objectMap, "friendlyName", f.FriendlyName) + populate(objectMap, "hashValue", f.HashValue) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRule. +func (f FusionAlertRule) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", f.Etag) + populate(objectMap, "id", f.ID) + objectMap["kind"] = AlertRuleKindFusion + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule. +func (f *FusionAlertRule) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &f.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &f.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &f.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties. +func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRuleTemplateName", f.AlertRuleTemplateName) + populate(objectMap, "description", f.Description) + populate(objectMap, "displayName", f.DisplayName) + populate(objectMap, "enabled", f.Enabled) + populateTimeRFC3339(objectMap, "lastModifiedUtc", f.LastModifiedUTC) + populate(objectMap, "scenarioExclusionPatterns", f.ScenarioExclusionPatterns) + populate(objectMap, "severity", f.Severity) + populate(objectMap, "sourceSettings", f.SourceSettings) + populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "techniques", f.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties. +func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &f.AlertRuleTemplateName) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &f.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &f.DisplayName) + delete(rawMsg, key) + case "enabled": + err = unpopulate(val, "Enabled", &f.Enabled) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &f.LastModifiedUTC) + delete(rawMsg, key) + case "scenarioExclusionPatterns": + err = unpopulate(val, "ScenarioExclusionPatterns", &f.ScenarioExclusionPatterns) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &f.Severity) + delete(rawMsg, key) + case "sourceSettings": + err = unpopulate(val, "SourceSettings", &f.SourceSettings) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &f.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &f.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate. +func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", f.ID) + objectMap["kind"] = AlertRuleKindFusion + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate. +func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &f.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &f.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties. +func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRulesCreatedByTemplateCount", f.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", f.CreatedDateUTC) + populate(objectMap, "description", f.Description) + populate(objectMap, "displayName", f.DisplayName) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", f.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", f.RequiredDataConnectors) + populate(objectMap, "severity", f.Severity) + populate(objectMap, "sourceSettings", f.SourceSettings) + populate(objectMap, "status", f.Status) + populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "techniques", f.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties. +func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &f.AlertRulesCreatedByTemplateCount) + delete(rawMsg, key) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &f.CreatedDateUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &f.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &f.DisplayName) + delete(rawMsg, key) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &f.LastUpdatedDateUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &f.RequiredDataConnectors) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &f.Severity) + delete(rawMsg, key) + case "sourceSettings": + err = unpopulate(val, "SourceSettings", &f.SourceSettings) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &f.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &f.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &f.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", f, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type FusionSourceSettings. +func (f FusionSourceSettings) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "enabled", f.Enabled) + populate(objectMap, "sourceName", f.SourceName) + populate(objectMap, "sourceSubTypes", f.SourceSubTypes) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type FusionSubTypeSeverityFilter. +func (f FusionSubTypeSeverityFilter) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "filters", f.Filters) + populate(objectMap, "isSupported", f.IsSupported) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type FusionTemplateSourceSetting. +func (f FusionTemplateSourceSetting) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "sourceName", f.SourceName) + populate(objectMap, "sourceSubTypes", f.SourceSubTypes) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type FusionTemplateSubTypeSeverityFilter. +func (f FusionTemplateSubTypeSeverityFilter) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "isSupported", f.IsSupported) + populate(objectMap, "severityFilters", f.SeverityFilters) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type GetQueriesResponse. +func (g *GetQueriesResponse) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", g, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "value": + g.Value, err = unmarshalEntityQueryItemClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", g, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration. +func (g GroupingConfiguration) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "enabled", g.Enabled) + populate(objectMap, "groupByAlertDetails", g.GroupByAlertDetails) + populate(objectMap, "groupByCustomDetails", g.GroupByCustomDetails) + populate(objectMap, "groupByEntities", g.GroupByEntities) + populate(objectMap, "lookbackDuration", g.LookbackDuration) + populate(objectMap, "matchingMethod", g.MatchingMethod) + populate(objectMap, "reopenClosedIncident", g.ReopenClosedIncident) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type HostEntity. +func (h HostEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", h.ID) + objectMap["kind"] = EntityKindHost + populate(objectMap, "name", h.Name) + populate(objectMap, "properties", h.Properties) + populate(objectMap, "systemData", h.SystemData) + populate(objectMap, "type", h.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity. +func (h *HostEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &h.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &h.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &h.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &h.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &h.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &h.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type HostEntityProperties. +func (h HostEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", h.AdditionalData) + populate(objectMap, "azureID", h.AzureID) + populate(objectMap, "dnsDomain", h.DNSDomain) + populate(objectMap, "friendlyName", h.FriendlyName) + populate(objectMap, "hostName", h.HostName) + populate(objectMap, "isDomainJoined", h.IsDomainJoined) + populate(objectMap, "netBiosName", h.NetBiosName) + populate(objectMap, "ntDomain", h.NtDomain) + populate(objectMap, "osFamily", h.OSFamily) + populate(objectMap, "osVersion", h.OSVersion) + populate(objectMap, "omsAgentID", h.OmsAgentID) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type HuntingBookmark. +func (h HuntingBookmark) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", h.ID) + objectMap["kind"] = EntityKindBookmark + populate(objectMap, "name", h.Name) + populate(objectMap, "properties", h.Properties) + populate(objectMap, "systemData", h.SystemData) + populate(objectMap, "type", h.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark. +func (h *HuntingBookmark) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &h.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &h.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &h.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &h.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &h.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &h.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties. +func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", h.AdditionalData) + populateTimeRFC3339(objectMap, "created", h.Created) + populate(objectMap, "createdBy", h.CreatedBy) + populate(objectMap, "displayName", h.DisplayName) + populateTimeRFC3339(objectMap, "eventTime", h.EventTime) + populate(objectMap, "friendlyName", h.FriendlyName) + populate(objectMap, "incidentInfo", h.IncidentInfo) + populate(objectMap, "labels", h.Labels) + populate(objectMap, "notes", h.Notes) + populate(objectMap, "query", h.Query) + populate(objectMap, "queryResult", h.QueryResult) + populateTimeRFC3339(objectMap, "updated", h.Updated) + populate(objectMap, "updatedBy", h.UpdatedBy) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties. +func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "additionalData": + err = unpopulate(val, "AdditionalData", &h.AdditionalData) + delete(rawMsg, key) + case "created": + err = unpopulateTimeRFC3339(val, "Created", &h.Created) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &h.CreatedBy) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &h.DisplayName) + delete(rawMsg, key) + case "eventTime": + err = unpopulateTimeRFC3339(val, "EventTime", &h.EventTime) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &h.FriendlyName) + delete(rawMsg, key) + case "incidentInfo": + err = unpopulate(val, "IncidentInfo", &h.IncidentInfo) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &h.Labels) + delete(rawMsg, key) + case "notes": + err = unpopulate(val, "Notes", &h.Notes) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &h.Query) + delete(rawMsg, key) + case "queryResult": + err = unpopulate(val, "QueryResult", &h.QueryResult) + delete(rawMsg, key) + case "updated": + err = unpopulateTimeRFC3339(val, "Updated", &h.Updated) + delete(rawMsg, key) + case "updatedBy": + err = unpopulate(val, "UpdatedBy", &h.UpdatedBy) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", h, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IPEntity. +func (i IPEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", i.ID) + objectMap["kind"] = EntityKindIP + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity. +func (i *IPEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IPEntityProperties. +func (i IPEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "address", i.Address) + populate(objectMap, "friendlyName", i.FriendlyName) + populate(objectMap, "location", i.Location) + populate(objectMap, "threatIntelligence", i.ThreatIntelligence) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData. +func (i IncidentAdditionalData) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertProductNames", i.AlertProductNames) + populate(objectMap, "alertsCount", i.AlertsCount) + populate(objectMap, "bookmarksCount", i.BookmarksCount) + populate(objectMap, "commentsCount", i.CommentsCount) + populate(objectMap, "providerIncidentUrl", i.ProviderIncidentURL) + populate(objectMap, "tactics", i.Tactics) + populate(objectMap, "techniques", i.Techniques) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties. +func (i IncidentCommentProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "author", i.Author) + populateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) + populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) + populate(objectMap, "message", i.Message) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties. +func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "author": + err = unpopulate(val, "Author", &i.Author) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + delete(rawMsg, key) + case "message": + err = unpopulate(val, "Message", &i.Message) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse. +func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "entities": + i.Entities, err = unmarshalEntityClassificationArray(val) + delete(rawMsg, key) + case "metaData": + err = unpopulate(val, "MetaData", &i.MetaData) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IncidentProperties. +func (i IncidentProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "classification", i.Classification) + populate(objectMap, "classificationComment", i.ClassificationComment) + populate(objectMap, "classificationReason", i.ClassificationReason) + populateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) + populate(objectMap, "description", i.Description) + populateTimeRFC3339(objectMap, "firstActivityTimeUtc", i.FirstActivityTimeUTC) + populate(objectMap, "incidentNumber", i.IncidentNumber) + populate(objectMap, "incidentUrl", i.IncidentURL) + populate(objectMap, "labels", i.Labels) + populateTimeRFC3339(objectMap, "lastActivityTimeUtc", i.LastActivityTimeUTC) + populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) + populate(objectMap, "owner", i.Owner) + populate(objectMap, "providerIncidentId", i.ProviderIncidentID) + populate(objectMap, "providerName", i.ProviderName) + populate(objectMap, "relatedAnalyticRuleIds", i.RelatedAnalyticRuleIDs) + populate(objectMap, "severity", i.Severity) + populate(objectMap, "status", i.Status) + populate(objectMap, "teamInformation", i.TeamInformation) + populate(objectMap, "title", i.Title) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties. +func (i *IncidentProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "additionalData": + err = unpopulate(val, "AdditionalData", &i.AdditionalData) + delete(rawMsg, key) + case "classification": + err = unpopulate(val, "Classification", &i.Classification) + delete(rawMsg, key) + case "classificationComment": + err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + delete(rawMsg, key) + case "classificationReason": + err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &i.Description) + delete(rawMsg, key) + case "firstActivityTimeUtc": + err = unpopulateTimeRFC3339(val, "FirstActivityTimeUTC", &i.FirstActivityTimeUTC) + delete(rawMsg, key) + case "incidentNumber": + err = unpopulate(val, "IncidentNumber", &i.IncidentNumber) + delete(rawMsg, key) + case "incidentUrl": + err = unpopulate(val, "IncidentURL", &i.IncidentURL) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &i.Labels) + delete(rawMsg, key) + case "lastActivityTimeUtc": + err = unpopulateTimeRFC3339(val, "LastActivityTimeUTC", &i.LastActivityTimeUTC) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + delete(rawMsg, key) + case "owner": + err = unpopulate(val, "Owner", &i.Owner) + delete(rawMsg, key) + case "providerIncidentId": + err = unpopulate(val, "ProviderIncidentID", &i.ProviderIncidentID) + delete(rawMsg, key) + case "providerName": + err = unpopulate(val, "ProviderName", &i.ProviderName) + delete(rawMsg, key) + case "relatedAnalyticRuleIds": + err = unpopulate(val, "RelatedAnalyticRuleIDs", &i.RelatedAnalyticRuleIDs) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &i.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &i.Status) + delete(rawMsg, key) + case "teamInformation": + err = unpopulate(val, "TeamInformation", &i.TeamInformation) + delete(rawMsg, key) + case "title": + err = unpopulate(val, "Title", &i.Title) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction. +func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "classification", i.Classification) + populate(objectMap, "classificationComment", i.ClassificationComment) + populate(objectMap, "classificationReason", i.ClassificationReason) + populate(objectMap, "labels", i.Labels) + populate(objectMap, "owner", i.Owner) + populate(objectMap, "severity", i.Severity) + populate(objectMap, "status", i.Status) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItem. +func (i *InsightQueryItem) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type InstructionSteps. +func (i InstructionSteps) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "description", i.Description) + populate(objectMap, "instructions", i.Instructions) + populate(objectMap, "title", i.Title) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type IoTCheckRequirements. +func (i IoTCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindIOT + populate(objectMap, "properties", i.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IoTCheckRequirements. +func (i *IoTCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &i.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IoTDataConnector. +func (i IoTDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", i.Etag) + populate(objectMap, "id", i.ID) + objectMap["kind"] = DataConnectorKindIOT + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDataConnector. +func (i *IoTDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &i.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity. +func (i IoTDeviceEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", i.ID) + objectMap["kind"] = EntityKindIoTDevice + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity. +func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties. +func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "deviceId", i.DeviceID) + populate(objectMap, "deviceName", i.DeviceName) + populate(objectMap, "deviceType", i.DeviceType) + populate(objectMap, "edgeId", i.EdgeID) + populate(objectMap, "firmwareVersion", i.FirmwareVersion) + populate(objectMap, "friendlyName", i.FriendlyName) + populate(objectMap, "hostEntityId", i.HostEntityID) + populate(objectMap, "ipAddressEntityId", i.IPAddressEntityID) + populate(objectMap, "iotHubEntityId", i.IotHubEntityID) + populate(objectMap, "iotSecurityAgentId", i.IotSecurityAgentID) + populate(objectMap, "macAddress", i.MacAddress) + populate(objectMap, "model", i.Model) + populate(objectMap, "operatingSystem", i.OperatingSystem) + populate(objectMap, "protocols", i.Protocols) + populate(objectMap, "serialNumber", i.SerialNumber) + populate(objectMap, "source", i.Source) + populate(objectMap, "threatIntelligence", i.ThreatIntelligence) + populate(objectMap, "vendor", i.Vendor) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirements. +func (m MCASCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity + populate(objectMap, "properties", m.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirements. +func (m *MCASCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MCASDataConnector. +func (m MCASDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector. +func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirements. +func (m MDATPCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + populate(objectMap, "properties", m.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirements. +func (m *MDATPCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector. +func (m MDATPDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector. +func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRule. +func (m MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = AlertRuleKindMLBehaviorAnalytics + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRule. +func (m *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleProperties. +func (m MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "enabled", m.Enabled) + populateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) + populate(objectMap, "severity", m.Severity) + populate(objectMap, "tactics", m.Tactics) + populate(objectMap, "techniques", m.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleProperties. +func (m *MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &m.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) + delete(rawMsg, key) + case "enabled": + err = unpopulate(val, "Enabled", &m.Enabled) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &m.Severity) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &m.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &m.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate. +func (m MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", m.ID) + objectMap["kind"] = AlertRuleKindMLBehaviorAnalytics + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate. +func (m *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties. +func (m MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) + populate(objectMap, "severity", m.Severity) + populate(objectMap, "status", m.Status) + populate(objectMap, "tactics", m.Tactics) + populate(objectMap, "techniques", m.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties. +func (m *MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) + delete(rawMsg, key) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &m.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) + delete(rawMsg, key) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &m.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &m.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &m.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &m.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirements. +func (m MSTICheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindMicrosoftThreatIntelligence + populate(objectMap, "properties", m.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirements. +func (m *MSTICheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector. +func (m MSTIDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftThreatIntelligence + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector. +func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MTPDataConnector. +func (m MTPDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftThreatProtection + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnector. +func (m *MTPDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MailClusterEntity. +func (m MailClusterEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindMailCluster + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity. +func (m *MailClusterEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties. +func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "clusterGroup", m.ClusterGroup) + populateTimeRFC3339(objectMap, "clusterQueryEndTime", m.ClusterQueryEndTime) + populateTimeRFC3339(objectMap, "clusterQueryStartTime", m.ClusterQueryStartTime) + populate(objectMap, "clusterSourceIdentifier", m.ClusterSourceIdentifier) + populate(objectMap, "clusterSourceType", m.ClusterSourceType) + populate(objectMap, "countByDeliveryStatus", &m.CountByDeliveryStatus) + populate(objectMap, "countByProtectionStatus", &m.CountByProtectionStatus) + populate(objectMap, "countByThreatType", &m.CountByThreatType) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "isVolumeAnomaly", m.IsVolumeAnomaly) + populate(objectMap, "mailCount", m.MailCount) + populate(objectMap, "networkMessageIds", m.NetworkMessageIDs) + populate(objectMap, "query", m.Query) + populateTimeRFC3339(objectMap, "queryTime", m.QueryTime) + populate(objectMap, "source", m.Source) + populate(objectMap, "threats", m.Threats) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties. +func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) + delete(rawMsg, key) + case "clusterGroup": + err = unpopulate(val, "ClusterGroup", &m.ClusterGroup) + delete(rawMsg, key) + case "clusterQueryEndTime": + err = unpopulateTimeRFC3339(val, "ClusterQueryEndTime", &m.ClusterQueryEndTime) + delete(rawMsg, key) + case "clusterQueryStartTime": + err = unpopulateTimeRFC3339(val, "ClusterQueryStartTime", &m.ClusterQueryStartTime) + delete(rawMsg, key) + case "clusterSourceIdentifier": + err = unpopulate(val, "ClusterSourceIdentifier", &m.ClusterSourceIdentifier) + delete(rawMsg, key) + case "clusterSourceType": + err = unpopulate(val, "ClusterSourceType", &m.ClusterSourceType) + delete(rawMsg, key) + case "countByDeliveryStatus": + err = unpopulate(val, "CountByDeliveryStatus", &m.CountByDeliveryStatus) + delete(rawMsg, key) + case "countByProtectionStatus": + err = unpopulate(val, "CountByProtectionStatus", &m.CountByProtectionStatus) + delete(rawMsg, key) + case "countByThreatType": + err = unpopulate(val, "CountByThreatType", &m.CountByThreatType) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) + delete(rawMsg, key) + case "isVolumeAnomaly": + err = unpopulate(val, "IsVolumeAnomaly", &m.IsVolumeAnomaly) + delete(rawMsg, key) + case "mailCount": + err = unpopulate(val, "MailCount", &m.MailCount) + delete(rawMsg, key) + case "networkMessageIds": + err = unpopulate(val, "NetworkMessageIDs", &m.NetworkMessageIDs) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &m.Query) + delete(rawMsg, key) + case "queryTime": + err = unpopulateTimeRFC3339(val, "QueryTime", &m.QueryTime) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &m.Source) + delete(rawMsg, key) + case "threats": + err = unpopulate(val, "Threats", &m.Threats) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MailMessageEntity. +func (m MailMessageEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindMailMessage + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity. +func (m *MailMessageEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties. +func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "antispamDirection", m.AntispamDirection) + populate(objectMap, "bodyFingerprintBin1", m.BodyFingerprintBin1) + populate(objectMap, "bodyFingerprintBin2", m.BodyFingerprintBin2) + populate(objectMap, "bodyFingerprintBin3", m.BodyFingerprintBin3) + populate(objectMap, "bodyFingerprintBin4", m.BodyFingerprintBin4) + populate(objectMap, "bodyFingerprintBin5", m.BodyFingerprintBin5) + populate(objectMap, "deliveryAction", m.DeliveryAction) + populate(objectMap, "deliveryLocation", m.DeliveryLocation) + populate(objectMap, "fileEntityIds", m.FileEntityIDs) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "internetMessageId", m.InternetMessageID) + populate(objectMap, "language", m.Language) + populate(objectMap, "networkMessageId", m.NetworkMessageID) + populate(objectMap, "p1Sender", m.P1Sender) + populate(objectMap, "p1SenderDisplayName", m.P1SenderDisplayName) + populate(objectMap, "p1SenderDomain", m.P1SenderDomain) + populate(objectMap, "p2Sender", m.P2Sender) + populate(objectMap, "p2SenderDisplayName", m.P2SenderDisplayName) + populate(objectMap, "p2SenderDomain", m.P2SenderDomain) + populateTimeRFC3339(objectMap, "receiveDate", m.ReceiveDate) + populate(objectMap, "recipient", m.Recipient) + populate(objectMap, "senderIP", m.SenderIP) + populate(objectMap, "subject", m.Subject) + populate(objectMap, "threatDetectionMethods", m.ThreatDetectionMethods) + populate(objectMap, "threats", m.Threats) + populate(objectMap, "urls", m.Urls) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties. +func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) + delete(rawMsg, key) + case "antispamDirection": + err = unpopulate(val, "AntispamDirection", &m.AntispamDirection) + delete(rawMsg, key) + case "bodyFingerprintBin1": + err = unpopulate(val, "BodyFingerprintBin1", &m.BodyFingerprintBin1) + delete(rawMsg, key) + case "bodyFingerprintBin2": + err = unpopulate(val, "BodyFingerprintBin2", &m.BodyFingerprintBin2) + delete(rawMsg, key) + case "bodyFingerprintBin3": + err = unpopulate(val, "BodyFingerprintBin3", &m.BodyFingerprintBin3) + delete(rawMsg, key) + case "bodyFingerprintBin4": + err = unpopulate(val, "BodyFingerprintBin4", &m.BodyFingerprintBin4) + delete(rawMsg, key) + case "bodyFingerprintBin5": + err = unpopulate(val, "BodyFingerprintBin5", &m.BodyFingerprintBin5) delete(rawMsg, key) - case "metaData": - err = unpopulate(val, "MetaData", &i.MetaData) + case "deliveryAction": + err = unpopulate(val, "DeliveryAction", &m.DeliveryAction) + delete(rawMsg, key) + case "deliveryLocation": + err = unpopulate(val, "DeliveryLocation", &m.DeliveryLocation) + delete(rawMsg, key) + case "fileEntityIds": + err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) + delete(rawMsg, key) + case "internetMessageId": + err = unpopulate(val, "InternetMessageID", &m.InternetMessageID) + delete(rawMsg, key) + case "language": + err = unpopulate(val, "Language", &m.Language) + delete(rawMsg, key) + case "networkMessageId": + err = unpopulate(val, "NetworkMessageID", &m.NetworkMessageID) + delete(rawMsg, key) + case "p1Sender": + err = unpopulate(val, "P1Sender", &m.P1Sender) + delete(rawMsg, key) + case "p1SenderDisplayName": + err = unpopulate(val, "P1SenderDisplayName", &m.P1SenderDisplayName) + delete(rawMsg, key) + case "p1SenderDomain": + err = unpopulate(val, "P1SenderDomain", &m.P1SenderDomain) + delete(rawMsg, key) + case "p2Sender": + err = unpopulate(val, "P2Sender", &m.P2Sender) + delete(rawMsg, key) + case "p2SenderDisplayName": + err = unpopulate(val, "P2SenderDisplayName", &m.P2SenderDisplayName) + delete(rawMsg, key) + case "p2SenderDomain": + err = unpopulate(val, "P2SenderDomain", &m.P2SenderDomain) + delete(rawMsg, key) + case "receiveDate": + err = unpopulateTimeRFC3339(val, "ReceiveDate", &m.ReceiveDate) + delete(rawMsg, key) + case "recipient": + err = unpopulate(val, "Recipient", &m.Recipient) + delete(rawMsg, key) + case "senderIP": + err = unpopulate(val, "SenderIP", &m.SenderIP) + delete(rawMsg, key) + case "subject": + err = unpopulate(val, "Subject", &m.Subject) + delete(rawMsg, key) + case "threatDetectionMethods": + err = unpopulate(val, "ThreatDetectionMethods", &m.ThreatDetectionMethods) + delete(rawMsg, key) + case "threats": + err = unpopulate(val, "Threats", &m.Threats) + delete(rawMsg, key) + case "urls": + err = unpopulate(val, "Urls", &m.Urls) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentProperties. -func (i IncidentProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailboxEntity. +func (m MailboxEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "classification", i.Classification) - populate(objectMap, "classificationComment", i.ClassificationComment) - populate(objectMap, "classificationReason", i.ClassificationReason) - populateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) - populate(objectMap, "description", i.Description) - populateTimeRFC3339(objectMap, "firstActivityTimeUtc", i.FirstActivityTimeUTC) - populate(objectMap, "incidentNumber", i.IncidentNumber) - populate(objectMap, "incidentUrl", i.IncidentURL) - populate(objectMap, "labels", i.Labels) - populateTimeRFC3339(objectMap, "lastActivityTimeUtc", i.LastActivityTimeUTC) - populateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) - populate(objectMap, "owner", i.Owner) - populate(objectMap, "relatedAnalyticRuleIds", i.RelatedAnalyticRuleIDs) - populate(objectMap, "severity", i.Severity) - populate(objectMap, "status", i.Status) - populate(objectMap, "title", i.Title) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindMailbox + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity. +func (m *MailboxEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties. +func (m MailboxEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "externalDirectoryObjectId", m.ExternalDirectoryObjectID) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "mailboxPrimaryAddress", m.MailboxPrimaryAddress) + populate(objectMap, "upn", m.Upn) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MalwareEntity. +func (m MalwareEntity) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindMalware + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity. +func (m *MalwareEntity) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties. +func (m MalwareEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "category", m.Category) + populate(objectMap, "fileEntityIds", m.FileEntityIDs) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "malwareName", m.MalwareName) + populate(objectMap, "processEntityIds", m.ProcessEntityIDs) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MetadataCategories. +func (m MetadataCategories) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "domains", m.Domains) + populate(objectMap, "verticals", m.Verticals) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MetadataDependencies. +func (m MetadataDependencies) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "criteria", m.Criteria) + populate(objectMap, "kind", m.Kind) + populate(objectMap, "name", m.Name) + populate(objectMap, "operator", m.Operator) + populate(objectMap, "version", m.Version) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MetadataPatch. +func (m MetadataPatch) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type MetadataProperties. +func (m MetadataProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "author", m.Author) + populate(objectMap, "categories", m.Categories) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) + populate(objectMap, "customVersion", m.CustomVersion) + populate(objectMap, "dependencies", m.Dependencies) + populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) + populate(objectMap, "icon", m.Icon) + populate(objectMap, "kind", m.Kind) + populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) + populate(objectMap, "parentId", m.ParentID) + populate(objectMap, "previewImages", m.PreviewImages) + populate(objectMap, "previewImagesDark", m.PreviewImagesDark) + populate(objectMap, "providers", m.Providers) + populate(objectMap, "source", m.Source) + populate(objectMap, "support", m.Support) + populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) + populate(objectMap, "version", m.Version) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties. +func (m *MetadataProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "author": + err = unpopulate(val, "Author", &m.Author) + delete(rawMsg, key) + case "categories": + err = unpopulate(val, "Categories", &m.Categories) + delete(rawMsg, key) + case "contentId": + err = unpopulate(val, "ContentID", &m.ContentID) + delete(rawMsg, key) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) + delete(rawMsg, key) + case "customVersion": + err = unpopulate(val, "CustomVersion", &m.CustomVersion) + delete(rawMsg, key) + case "dependencies": + err = unpopulate(val, "Dependencies", &m.Dependencies) + delete(rawMsg, key) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) + delete(rawMsg, key) + case "icon": + err = unpopulate(val, "Icon", &m.Icon) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) + delete(rawMsg, key) + case "parentId": + err = unpopulate(val, "ParentID", &m.ParentID) + delete(rawMsg, key) + case "previewImages": + err = unpopulate(val, "PreviewImages", &m.PreviewImages) + delete(rawMsg, key) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &m.Providers) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &m.Source) + delete(rawMsg, key) + case "support": + err = unpopulate(val, "Support", &m.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &m.Version) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch. +func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "author", m.Author) + populate(objectMap, "categories", m.Categories) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) + populate(objectMap, "customVersion", m.CustomVersion) + populate(objectMap, "dependencies", m.Dependencies) + populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) + populate(objectMap, "icon", m.Icon) + populate(objectMap, "kind", m.Kind) + populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) + populate(objectMap, "parentId", m.ParentID) + populate(objectMap, "previewImages", m.PreviewImages) + populate(objectMap, "previewImagesDark", m.PreviewImagesDark) + populate(objectMap, "providers", m.Providers) + populate(objectMap, "source", m.Source) + populate(objectMap, "support", m.Support) + populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) + populate(objectMap, "version", m.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties. -func (i *IncidentProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch. +func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &i.AdditionalData) + case "author": + err = unpopulate(val, "Author", &m.Author) delete(rawMsg, key) - case "classification": - err = unpopulate(val, "Classification", &i.Classification) + case "categories": + err = unpopulate(val, "Categories", &m.Categories) delete(rawMsg, key) - case "classificationComment": - err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + case "contentId": + err = unpopulate(val, "ContentID", &m.ContentID) delete(rawMsg, key) - case "classificationReason": - err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + case "customVersion": + err = unpopulate(val, "CustomVersion", &m.CustomVersion) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &i.Description) + case "dependencies": + err = unpopulate(val, "Dependencies", &m.Dependencies) delete(rawMsg, key) - case "firstActivityTimeUtc": - err = unpopulateTimeRFC3339(val, "FirstActivityTimeUTC", &i.FirstActivityTimeUTC) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) delete(rawMsg, key) - case "incidentNumber": - err = unpopulate(val, "IncidentNumber", &i.IncidentNumber) + case "icon": + err = unpopulate(val, "Icon", &m.Icon) delete(rawMsg, key) - case "incidentUrl": - err = unpopulate(val, "IncidentURL", &i.IncidentURL) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &i.Labels) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) delete(rawMsg, key) - case "lastActivityTimeUtc": - err = unpopulateTimeRFC3339(val, "LastActivityTimeUTC", &i.LastActivityTimeUTC) + case "parentId": + err = unpopulate(val, "ParentID", &m.ParentID) delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + case "previewImages": + err = unpopulate(val, "PreviewImages", &m.PreviewImages) delete(rawMsg, key) - case "owner": - err = unpopulate(val, "Owner", &i.Owner) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) delete(rawMsg, key) - case "relatedAnalyticRuleIds": - err = unpopulate(val, "RelatedAnalyticRuleIDs", &i.RelatedAnalyticRuleIDs) + case "providers": + err = unpopulate(val, "Providers", &m.Providers) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &i.Severity) + case "source": + err = unpopulate(val, "Source", &m.Source) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &i.Status) + case "support": + err = unpopulate(val, "Support", &m.Support) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &i.Title) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &m.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction. -func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "classification", i.Classification) - populate(objectMap, "classificationComment", i.ClassificationComment) - populate(objectMap, "classificationReason", i.ClassificationReason) - populate(objectMap, "labels", i.Labels) - populate(objectMap, "owner", i.Owner) - populate(objectMap, "severity", i.Severity) - populate(objectMap, "status", i.Status) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity. -func (i IoTDeviceEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. +func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", i.ID) - objectMap["kind"] = EntityKindEnumIoTDevice - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity. -func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. +func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &i.ID) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &i.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &i.Name) + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &i.Properties) + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &i.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties. -func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties. +func (m MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "deviceId", i.DeviceID) - populate(objectMap, "deviceName", i.DeviceName) - populate(objectMap, "deviceType", i.DeviceType) - populate(objectMap, "edgeId", i.EdgeID) - populate(objectMap, "firmwareVersion", i.FirmwareVersion) - populate(objectMap, "friendlyName", i.FriendlyName) - populate(objectMap, "hostEntityId", i.HostEntityID) - populate(objectMap, "ipAddressEntityId", i.IPAddressEntityID) - populate(objectMap, "iotHubEntityId", i.IotHubEntityID) - populate(objectMap, "iotSecurityAgentId", i.IotSecurityAgentID) - populate(objectMap, "macAddress", i.MacAddress) - populate(objectMap, "model", i.Model) - populate(objectMap, "operatingSystem", i.OperatingSystem) - populate(objectMap, "protocols", i.Protocols) - populate(objectMap, "serialNumber", i.SerialNumber) - populate(objectMap, "source", i.Source) - populate(objectMap, "threatIntelligence", i.ThreatIntelligence) - populate(objectMap, "vendor", i.Vendor) + populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) + populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) + populate(objectMap, "productFilter", m.ProductFilter) + populate(objectMap, "severitiesFilter", m.SeveritiesFilter) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type MCASDataConnector. -func (m MCASDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. +func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) + populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) + populate(objectMap, "enabled", m.Enabled) + populateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) + populate(objectMap, "productFilter", m.ProductFilter) + populate(objectMap, "severitiesFilter", m.SeveritiesFilter) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. +func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &m.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) + delete(rawMsg, key) + case "displayNamesExcludeFilter": + err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) + delete(rawMsg, key) + case "displayNamesFilter": + err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) + delete(rawMsg, key) + case "enabled": + err = unpopulate(val, "Enabled", &m.Enabled) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) + delete(rawMsg, key) + case "productFilter": + err = unpopulate(val, "ProductFilter", &m.ProductFilter) + delete(rawMsg, key) + case "severitiesFilter": + err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "etag", m.Etag) populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity + objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation populate(objectMap, "name", m.Name) populate(objectMap, "properties", m.Properties) populate(objectMap, "systemData", m.SystemData) @@ -1648,8 +4861,60 @@ func (m MCASDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector. -func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", m, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. +func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) + populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) + populate(objectMap, "productFilter", m.ProductFilter) + populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) + populate(objectMap, "severitiesFilter", m.SeveritiesFilter) + populate(objectMap, "status", m.Status) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. +func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", m, err) @@ -1657,26 +4922,38 @@ func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) + case "description": + err = unpopulate(val, "Description", &m.Description) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) + case "displayNamesExcludeFilter": + err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + case "displayNamesFilter": + err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) + delete(rawMsg, key) + case "productFilter": + err = unpopulate(val, "ProductFilter", &m.ProductFilter) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) + delete(rawMsg, key) + case "severitiesFilter": + err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &m.Status) delete(rawMsg, key) } if err != nil { @@ -1686,21 +4963,16 @@ func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector. -func (m MDATPDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MtpCheckRequirements. +func (m MtpCheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection - populate(objectMap, "name", m.Name) + objectMap["kind"] = DataConnectorKindMicrosoftThreatProtection populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector. -func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MtpCheckRequirements. +func (m *MtpCheckRequirements) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", m, err) @@ -1708,27 +4980,12 @@ func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) case "kind": err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) case "properties": err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) } if err != nil { return fmt.Errorf("unmarshalling type %T: %v", m, err) @@ -1737,680 +4994,608 @@ func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type MailClusterEntity. -func (m MailClusterEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type NrtAlertRule. +func (n NrtAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindEnumMailCluster - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + populate(objectMap, "etag", n.Etag) + populate(objectMap, "id", n.ID) + objectMap["kind"] = AlertRuleKindNRT + populate(objectMap, "name", n.Name) + populate(objectMap, "properties", n.Properties) + populate(objectMap, "systemData", n.SystemData) + populate(objectMap, "type", n.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity. -func (m *MailClusterEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRule. +func (n *NrtAlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &n.Etag) + delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &m.ID) + err = unpopulate(val, "ID", &n.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) + err = unpopulate(val, "Kind", &n.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Name", &n.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) + err = unpopulate(val, "Properties", &n.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + err = unpopulate(val, "SystemData", &n.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Type", &n.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties. -func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleProperties. +func (n NrtAlertRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "clusterGroup", m.ClusterGroup) - populateTimeRFC3339(objectMap, "clusterQueryEndTime", m.ClusterQueryEndTime) - populateTimeRFC3339(objectMap, "clusterQueryStartTime", m.ClusterQueryStartTime) - populate(objectMap, "clusterSourceIdentifier", m.ClusterSourceIdentifier) - populate(objectMap, "clusterSourceType", m.ClusterSourceType) - populate(objectMap, "countByDeliveryStatus", &m.CountByDeliveryStatus) - populate(objectMap, "countByProtectionStatus", &m.CountByProtectionStatus) - populate(objectMap, "countByThreatType", &m.CountByThreatType) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "isVolumeAnomaly", m.IsVolumeAnomaly) - populate(objectMap, "mailCount", m.MailCount) - populate(objectMap, "networkMessageIds", m.NetworkMessageIDs) - populate(objectMap, "query", m.Query) - populateTimeRFC3339(objectMap, "queryTime", m.QueryTime) - populate(objectMap, "source", m.Source) - populate(objectMap, "threats", m.Threats) + populate(objectMap, "alertDetailsOverride", n.AlertDetailsOverride) + populate(objectMap, "alertRuleTemplateName", n.AlertRuleTemplateName) + populate(objectMap, "customDetails", n.CustomDetails) + populate(objectMap, "description", n.Description) + populate(objectMap, "displayName", n.DisplayName) + populate(objectMap, "enabled", n.Enabled) + populate(objectMap, "entityMappings", n.EntityMappings) + populate(objectMap, "incidentConfiguration", n.IncidentConfiguration) + populateTimeRFC3339(objectMap, "lastModifiedUtc", n.LastModifiedUTC) + populate(objectMap, "query", n.Query) + populate(objectMap, "severity", n.Severity) + populate(objectMap, "suppressionDuration", n.SuppressionDuration) + populate(objectMap, "suppressionEnabled", n.SuppressionEnabled) + populate(objectMap, "tactics", n.Tactics) + populate(objectMap, "techniques", n.Techniques) + populate(objectMap, "templateVersion", n.TemplateVersion) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties. -func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleProperties. +func (n *NrtAlertRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "clusterGroup": - err = unpopulate(val, "ClusterGroup", &m.ClusterGroup) + case "alertDetailsOverride": + err = unpopulate(val, "AlertDetailsOverride", &n.AlertDetailsOverride) delete(rawMsg, key) - case "clusterQueryEndTime": - err = unpopulateTimeRFC3339(val, "ClusterQueryEndTime", &m.ClusterQueryEndTime) + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &n.AlertRuleTemplateName) delete(rawMsg, key) - case "clusterQueryStartTime": - err = unpopulateTimeRFC3339(val, "ClusterQueryStartTime", &m.ClusterQueryStartTime) + case "customDetails": + err = unpopulate(val, "CustomDetails", &n.CustomDetails) delete(rawMsg, key) - case "clusterSourceIdentifier": - err = unpopulate(val, "ClusterSourceIdentifier", &m.ClusterSourceIdentifier) + case "description": + err = unpopulate(val, "Description", &n.Description) delete(rawMsg, key) - case "clusterSourceType": - err = unpopulate(val, "ClusterSourceType", &m.ClusterSourceType) + case "displayName": + err = unpopulate(val, "DisplayName", &n.DisplayName) delete(rawMsg, key) - case "countByDeliveryStatus": - err = unpopulate(val, "CountByDeliveryStatus", &m.CountByDeliveryStatus) + case "enabled": + err = unpopulate(val, "Enabled", &n.Enabled) delete(rawMsg, key) - case "countByProtectionStatus": - err = unpopulate(val, "CountByProtectionStatus", &m.CountByProtectionStatus) + case "entityMappings": + err = unpopulate(val, "EntityMappings", &n.EntityMappings) delete(rawMsg, key) - case "countByThreatType": - err = unpopulate(val, "CountByThreatType", &m.CountByThreatType) + case "incidentConfiguration": + err = unpopulate(val, "IncidentConfiguration", &n.IncidentConfiguration) delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &n.LastModifiedUTC) delete(rawMsg, key) - case "isVolumeAnomaly": - err = unpopulate(val, "IsVolumeAnomaly", &m.IsVolumeAnomaly) + case "query": + err = unpopulate(val, "Query", &n.Query) delete(rawMsg, key) - case "mailCount": - err = unpopulate(val, "MailCount", &m.MailCount) + case "severity": + err = unpopulate(val, "Severity", &n.Severity) delete(rawMsg, key) - case "networkMessageIds": - err = unpopulate(val, "NetworkMessageIDs", &m.NetworkMessageIDs) + case "suppressionDuration": + err = unpopulate(val, "SuppressionDuration", &n.SuppressionDuration) delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &m.Query) + case "suppressionEnabled": + err = unpopulate(val, "SuppressionEnabled", &n.SuppressionEnabled) delete(rawMsg, key) - case "queryTime": - err = unpopulateTimeRFC3339(val, "QueryTime", &m.QueryTime) + case "tactics": + err = unpopulate(val, "Tactics", &n.Tactics) delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &m.Source) + case "techniques": + err = unpopulate(val, "Techniques", &n.Techniques) delete(rawMsg, key) - case "threats": - err = unpopulate(val, "Threats", &m.Threats) + case "templateVersion": + err = unpopulate(val, "TemplateVersion", &n.TemplateVersion) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MailMessageEntity. -func (m MailMessageEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplate. +func (n NrtAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindEnumMailMessage - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + populate(objectMap, "id", n.ID) + objectMap["kind"] = AlertRuleKindNRT + populate(objectMap, "name", n.Name) + populate(objectMap, "properties", n.Properties) + populate(objectMap, "systemData", n.SystemData) + populate(objectMap, "type", n.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity. -func (m *MailMessageEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplate. +func (n *NrtAlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } for key, val := range rawMsg { var err error switch key { case "id": - err = unpopulate(val, "ID", &m.ID) + err = unpopulate(val, "ID", &n.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) + err = unpopulate(val, "Kind", &n.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Name", &n.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) + err = unpopulate(val, "Properties", &n.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + err = unpopulate(val, "SystemData", &n.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Type", &n.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties. -func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplateProperties. +func (n NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "antispamDirection", m.AntispamDirection) - populate(objectMap, "bodyFingerprintBin1", m.BodyFingerprintBin1) - populate(objectMap, "bodyFingerprintBin2", m.BodyFingerprintBin2) - populate(objectMap, "bodyFingerprintBin3", m.BodyFingerprintBin3) - populate(objectMap, "bodyFingerprintBin4", m.BodyFingerprintBin4) - populate(objectMap, "bodyFingerprintBin5", m.BodyFingerprintBin5) - populate(objectMap, "deliveryAction", m.DeliveryAction) - populate(objectMap, "deliveryLocation", m.DeliveryLocation) - populate(objectMap, "fileEntityIds", m.FileEntityIDs) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "internetMessageId", m.InternetMessageID) - populate(objectMap, "language", m.Language) - populate(objectMap, "networkMessageId", m.NetworkMessageID) - populate(objectMap, "p1Sender", m.P1Sender) - populate(objectMap, "p1SenderDisplayName", m.P1SenderDisplayName) - populate(objectMap, "p1SenderDomain", m.P1SenderDomain) - populate(objectMap, "p2Sender", m.P2Sender) - populate(objectMap, "p2SenderDisplayName", m.P2SenderDisplayName) - populate(objectMap, "p2SenderDomain", m.P2SenderDomain) - populateTimeRFC3339(objectMap, "receiveDate", m.ReceiveDate) - populate(objectMap, "recipient", m.Recipient) - populate(objectMap, "senderIP", m.SenderIP) - populate(objectMap, "subject", m.Subject) - populate(objectMap, "threatDetectionMethods", m.ThreatDetectionMethods) - populate(objectMap, "threats", m.Threats) - populate(objectMap, "urls", m.Urls) + populate(objectMap, "alertDetailsOverride", n.AlertDetailsOverride) + populate(objectMap, "alertRulesCreatedByTemplateCount", n.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", n.CreatedDateUTC) + populate(objectMap, "customDetails", n.CustomDetails) + populate(objectMap, "description", n.Description) + populate(objectMap, "displayName", n.DisplayName) + populate(objectMap, "entityMappings", n.EntityMappings) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", n.LastUpdatedDateUTC) + populate(objectMap, "query", n.Query) + populate(objectMap, "requiredDataConnectors", n.RequiredDataConnectors) + populate(objectMap, "severity", n.Severity) + populate(objectMap, "status", n.Status) + populate(objectMap, "tactics", n.Tactics) + populate(objectMap, "techniques", n.Techniques) + populate(objectMap, "version", n.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties. -func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplateProperties. +func (n *NrtAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "antispamDirection": - err = unpopulate(val, "AntispamDirection", &m.AntispamDirection) - delete(rawMsg, key) - case "bodyFingerprintBin1": - err = unpopulate(val, "BodyFingerprintBin1", &m.BodyFingerprintBin1) - delete(rawMsg, key) - case "bodyFingerprintBin2": - err = unpopulate(val, "BodyFingerprintBin2", &m.BodyFingerprintBin2) - delete(rawMsg, key) - case "bodyFingerprintBin3": - err = unpopulate(val, "BodyFingerprintBin3", &m.BodyFingerprintBin3) - delete(rawMsg, key) - case "bodyFingerprintBin4": - err = unpopulate(val, "BodyFingerprintBin4", &m.BodyFingerprintBin4) - delete(rawMsg, key) - case "bodyFingerprintBin5": - err = unpopulate(val, "BodyFingerprintBin5", &m.BodyFingerprintBin5) - delete(rawMsg, key) - case "deliveryAction": - err = unpopulate(val, "DeliveryAction", &m.DeliveryAction) - delete(rawMsg, key) - case "deliveryLocation": - err = unpopulate(val, "DeliveryLocation", &m.DeliveryLocation) - delete(rawMsg, key) - case "fileEntityIds": - err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) - delete(rawMsg, key) - case "internetMessageId": - err = unpopulate(val, "InternetMessageID", &m.InternetMessageID) - delete(rawMsg, key) - case "language": - err = unpopulate(val, "Language", &m.Language) + case "alertDetailsOverride": + err = unpopulate(val, "AlertDetailsOverride", &n.AlertDetailsOverride) delete(rawMsg, key) - case "networkMessageId": - err = unpopulate(val, "NetworkMessageID", &m.NetworkMessageID) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &n.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "p1Sender": - err = unpopulate(val, "P1Sender", &m.P1Sender) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &n.CreatedDateUTC) delete(rawMsg, key) - case "p1SenderDisplayName": - err = unpopulate(val, "P1SenderDisplayName", &m.P1SenderDisplayName) + case "customDetails": + err = unpopulate(val, "CustomDetails", &n.CustomDetails) delete(rawMsg, key) - case "p1SenderDomain": - err = unpopulate(val, "P1SenderDomain", &m.P1SenderDomain) + case "description": + err = unpopulate(val, "Description", &n.Description) delete(rawMsg, key) - case "p2Sender": - err = unpopulate(val, "P2Sender", &m.P2Sender) + case "displayName": + err = unpopulate(val, "DisplayName", &n.DisplayName) delete(rawMsg, key) - case "p2SenderDisplayName": - err = unpopulate(val, "P2SenderDisplayName", &m.P2SenderDisplayName) + case "entityMappings": + err = unpopulate(val, "EntityMappings", &n.EntityMappings) delete(rawMsg, key) - case "p2SenderDomain": - err = unpopulate(val, "P2SenderDomain", &m.P2SenderDomain) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &n.LastUpdatedDateUTC) delete(rawMsg, key) - case "receiveDate": - err = unpopulateTimeRFC3339(val, "ReceiveDate", &m.ReceiveDate) + case "query": + err = unpopulate(val, "Query", &n.Query) delete(rawMsg, key) - case "recipient": - err = unpopulate(val, "Recipient", &m.Recipient) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &n.RequiredDataConnectors) delete(rawMsg, key) - case "senderIP": - err = unpopulate(val, "SenderIP", &m.SenderIP) + case "severity": + err = unpopulate(val, "Severity", &n.Severity) delete(rawMsg, key) - case "subject": - err = unpopulate(val, "Subject", &m.Subject) + case "status": + err = unpopulate(val, "Status", &n.Status) delete(rawMsg, key) - case "threatDetectionMethods": - err = unpopulate(val, "ThreatDetectionMethods", &m.ThreatDetectionMethods) + case "tactics": + err = unpopulate(val, "Tactics", &n.Tactics) delete(rawMsg, key) - case "threats": - err = unpopulate(val, "Threats", &m.Threats) + case "techniques": + err = unpopulate(val, "Techniques", &n.Techniques) delete(rawMsg, key) - case "urls": - err = unpopulate(val, "Urls", &m.Urls) + case "version": + err = unpopulate(val, "Version", &n.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MailboxEntity. -func (m MailboxEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Office365ProjectCheckRequirements. +func (o Office365ProjectCheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindEnumMailbox - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + objectMap["kind"] = DataConnectorKindOffice365Project + populate(objectMap, "properties", o.Properties) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity. -func (m *MailboxEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectCheckRequirements. +func (o *Office365ProjectCheckRequirements) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties. -func (m MailboxEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "externalDirectoryObjectId", m.ExternalDirectoryObjectID) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "mailboxPrimaryAddress", m.MailboxPrimaryAddress) - populate(objectMap, "upn", m.Upn) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type MalwareEntity. -func (m MalwareEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Office365ProjectDataConnector. +func (o Office365ProjectDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindEnumMalware - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + populate(objectMap, "etag", o.Etag) + populate(objectMap, "id", o.ID) + objectMap["kind"] = DataConnectorKindOffice365Project + populate(objectMap, "name", o.Name) + populate(objectMap, "properties", o.Properties) + populate(objectMap, "systemData", o.SystemData) + populate(objectMap, "type", o.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity. -func (m *MalwareEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectDataConnector. +func (o *Office365ProjectDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &o.Etag) + delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &m.ID) + err = unpopulate(val, "ID", &o.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Name", &o.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + err = unpopulate(val, "SystemData", &o.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties. -func (m MalwareEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirements. +func (o OfficeATPCheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "category", m.Category) - populate(objectMap, "fileEntityIds", m.FileEntityIDs) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "malwareName", m.MalwareName) - populate(objectMap, "processEntityIds", m.ProcessEntityIDs) + objectMap["kind"] = DataConnectorKindOfficeATP + populate(objectMap, "properties", o.Properties) return json.Marshal(objectMap) } -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. -func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirements. +func (o *OfficeATPCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", o, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &o.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &o.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", o, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnector. +func (o OfficeATPDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + populate(objectMap, "etag", o.Etag) + populate(objectMap, "id", o.ID) + objectMap["kind"] = DataConnectorKindOfficeATP + populate(objectMap, "name", o.Name) + populate(objectMap, "properties", o.Properties) + populate(objectMap, "systemData", o.SystemData) + populate(objectMap, "type", o.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. -func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnector. +func (o *OfficeATPDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &m.Etag) + err = unpopulate(val, "Etag", &o.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &m.ID) + err = unpopulate(val, "ID", &o.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Name", &o.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + err = unpopulate(val, "SystemData", &o.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties. -func (m MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]interface{}) - populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) - populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) - populate(objectMap, "productFilter", m.ProductFilter) - populate(objectMap, "severitiesFilter", m.SeveritiesFilter) - return json.Marshal(objectMap) -} - -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. -func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector. +func (o OfficeDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) - populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) - populate(objectMap, "enabled", m.Enabled) - populateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) - populate(objectMap, "productFilter", m.ProductFilter) - populate(objectMap, "severitiesFilter", m.SeveritiesFilter) + populate(objectMap, "etag", o.Etag) + populate(objectMap, "id", o.ID) + objectMap["kind"] = DataConnectorKindOffice365 + populate(objectMap, "name", o.Name) + populate(objectMap, "properties", o.Properties) + populate(objectMap, "systemData", o.SystemData) + populate(objectMap, "type", o.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. -func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector. +func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) + case "etag": + err = unpopulate(val, "Etag", &o.Etag) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) + case "id": + err = unpopulate(val, "ID", &o.ID) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) + case "kind": + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) - case "displayNamesExcludeFilter": - err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) + case "name": + err = unpopulate(val, "Name", &o.Name) delete(rawMsg, key) - case "displayNamesFilter": - err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) + case "properties": + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &m.Enabled) + case "systemData": + err = unpopulate(val, "SystemData", &o.SystemData) delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) + case "type": + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) - case "productFilter": - err = unpopulate(val, "ProductFilter", &m.ProductFilter) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", o, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirements. +func (o OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindOfficeIRM + populate(objectMap, "properties", o.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirements. +func (o *OfficeIRMCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", o, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) - case "severitiesFilter": - err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) + case "properties": + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. -func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnector. +func (o OfficeIRMDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) + populate(objectMap, "etag", o.Etag) + populate(objectMap, "id", o.ID) + objectMap["kind"] = DataConnectorKindOfficeIRM + populate(objectMap, "name", o.Name) + populate(objectMap, "properties", o.Properties) + populate(objectMap, "systemData", o.SystemData) + populate(objectMap, "type", o.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. -func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnector. +func (o *OfficeIRMDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &o.Etag) + delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &m.ID) + err = unpopulate(val, "ID", &o.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &m.Kind) + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &m.Name) + err = unpopulate(val, "Name", &o.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &m.Properties) + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) + err = unpopulate(val, "SystemData", &o.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &m.Type) + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. -func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficePowerBICheckRequirements. +func (o OfficePowerBICheckRequirements) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) - populateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) - populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) - populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) - populate(objectMap, "productFilter", m.ProductFilter) - populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) - populate(objectMap, "severitiesFilter", m.SeveritiesFilter) - populate(objectMap, "status", m.Status) + objectMap["kind"] = DataConnectorKindOfficePowerBI + populate(objectMap, "properties", o.Properties) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. -func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBICheckRequirements. +func (o *OfficePowerBICheckRequirements) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "displayNamesExcludeFilter": - err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) - delete(rawMsg, key) - case "displayNamesFilter": - err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) - delete(rawMsg, key) - case "productFilter": - err = unpopulate(val, "ProductFilter", &m.ProductFilter) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) - delete(rawMsg, key) - case "severitiesFilter": - err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) + case "kind": + err = unpopulate(val, "Kind", &o.Kind) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &m.Status) + case "properties": + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector. -func (o OfficeDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficePowerBIDataConnector. +func (o OfficePowerBIDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "etag", o.Etag) populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOffice365 + objectMap["kind"] = DataConnectorKindOfficePowerBI populate(objectMap, "name", o.Name) populate(objectMap, "properties", o.Properties) populate(objectMap, "systemData", o.SystemData) @@ -2418,8 +5603,8 @@ func (o OfficeDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector. -func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIDataConnector. +func (o *OfficePowerBIDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", o, err) @@ -2456,11 +5641,19 @@ func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type Permissions. +func (p Permissions) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "customs", p.Customs) + populate(objectMap, "resourceProvider", p.ResourceProvider) + return json.Marshal(objectMap) +} + // MarshalJSON implements the json.Marshaller interface for type ProcessEntity. func (p ProcessEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", p.ID) - objectMap["kind"] = EntityKindEnumProcess + objectMap["kind"] = EntityKindProcess populate(objectMap, "name", p.Name) populate(objectMap, "properties", p.Properties) populate(objectMap, "systemData", p.SystemData) @@ -2570,6 +5763,68 @@ func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type PropertyArrayChangedConditionProperties. +func (p PropertyArrayChangedConditionProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypePropertyArrayChanged + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayChangedConditionProperties. +func (p *PropertyArrayChangedConditionProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", p, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) + delete(rawMsg, key) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", p, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type PropertyChangedConditionProperties. +func (p PropertyChangedConditionProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypePropertyChanged + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyChangedConditionProperties. +func (p *PropertyChangedConditionProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", p, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) + delete(rawMsg, key) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", p, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type PropertyConditionProperties. func (p PropertyConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -2601,11 +5856,23 @@ func (p *PropertyConditionProperties) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type QueryBasedAlertRuleTemplateProperties. +func (q QueryBasedAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "alertDetailsOverride", q.AlertDetailsOverride) + populate(objectMap, "customDetails", q.CustomDetails) + populate(objectMap, "entityMappings", q.EntityMappings) + populate(objectMap, "query", q.Query) + populate(objectMap, "severity", q.Severity) + populate(objectMap, "version", q.Version) + return json.Marshal(objectMap) +} + // MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity. func (r RegistryKeyEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", r.ID) - objectMap["kind"] = EntityKindEnumRegistryKey + objectMap["kind"] = EntityKindRegistryKey populate(objectMap, "name", r.Name) populate(objectMap, "properties", r.Properties) populate(objectMap, "systemData", r.SystemData) @@ -2662,7 +5929,7 @@ func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { func (r RegistryValueEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", r.ID) - objectMap["kind"] = EntityKindEnumRegistryValue + objectMap["kind"] = EntityKindRegistryValue populate(objectMap, "name", r.Name) populate(objectMap, "properties", r.Properties) populate(objectMap, "systemData", r.SystemData) @@ -2717,6 +5984,17 @@ func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// MarshalJSON implements the json.Marshaller interface for type Repository. +func (r Repository) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "branch", r.Branch) + populate(objectMap, "deploymentLogsUrl", r.DeploymentLogsURL) + populate(objectMap, "displayUrl", r.DisplayURL) + populate(objectMap, "pathMapping", r.PathMapping) + populate(objectMap, "url", r.URL) + return json.Marshal(objectMap) +} + // MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule. func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) @@ -2804,6 +6082,7 @@ func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { populate(objectMap, "suppressionDuration", s.SuppressionDuration) populate(objectMap, "suppressionEnabled", s.SuppressionEnabled) populate(objectMap, "tactics", s.Tactics) + populate(objectMap, "techniques", s.Techniques) populate(objectMap, "templateVersion", s.TemplateVersion) populate(objectMap, "triggerOperator", s.TriggerOperator) populate(objectMap, "triggerThreshold", s.TriggerThreshold) @@ -2870,6 +6149,9 @@ func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error { case "tactics": err = unpopulate(val, "Tactics", &s.Tactics) delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &s.Techniques) + delete(rawMsg, key) case "templateVersion": err = unpopulate(val, "TemplateVersion", &s.TemplateVersion) delete(rawMsg, key) @@ -2953,6 +6235,7 @@ func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { populate(objectMap, "severity", s.Severity) populate(objectMap, "status", s.Status) populate(objectMap, "tactics", s.Tactics) + populate(objectMap, "techniques", s.Techniques) populate(objectMap, "triggerOperator", s.TriggerOperator) populate(objectMap, "triggerThreshold", s.TriggerThreshold) populate(objectMap, "version", s.Version) @@ -3016,6 +6299,9 @@ func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error case "tactics": err = unpopulate(val, "Tactics", &s.Tactics) delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &s.Techniques) + delete(rawMsg, key) case "triggerOperator": err = unpopulate(val, "TriggerOperator", &s.TriggerOperator) delete(rawMsg, key) @@ -3037,7 +6323,7 @@ func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error func (s SecurityAlert) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindEnumSecurityAlert + objectMap["kind"] = EntityKindSecurityAlert populate(objectMap, "name", s.Name) populate(objectMap, "properties", s.Properties) populate(objectMap, "systemData", s.SystemData) @@ -3211,11 +6497,58 @@ func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error { return nil } +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertTimelineItem. +func (s *SecurityAlertTimelineItem) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "alertType": + err = unpopulate(val, "AlertType", &s.AlertType) + delete(rawMsg, key) + case "azureResourceId": + err = unpopulate(val, "AzureResourceID", &s.AzureResourceID) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &s.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &s.DisplayName) + delete(rawMsg, key) + case "endTimeUtc": + err = unpopulateTimeRFC3339(val, "EndTimeUTC", &s.EndTimeUTC) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &s.Kind) + delete(rawMsg, key) + case "productName": + err = unpopulate(val, "ProductName", &s.ProductName) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &s.Severity) + delete(rawMsg, key) + case "startTimeUtc": + err = unpopulateTimeRFC3339(val, "StartTimeUTC", &s.StartTimeUTC) + delete(rawMsg, key) + case "timeGenerated": + err = unpopulateTimeRFC3339(val, "TimeGenerated", &s.TimeGenerated) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity. func (s SecurityGroupEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindEnumSecurityGroup + objectMap["kind"] = EntityKindSecurityGroup populate(objectMap, "name", s.Name) populate(objectMap, "properties", s.Properties) populate(objectMap, "systemData", s.SystemData) @@ -3258,14 +6591,80 @@ func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties. -func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties. +func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "additionalData", s.AdditionalData) + populate(objectMap, "distinguishedName", s.DistinguishedName) + populate(objectMap, "friendlyName", s.FriendlyName) + populate(objectMap, "objectGuid", s.ObjectGUID) + populate(objectMap, "sid", s.Sid) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsDataSource. +func (s SecurityMLAnalyticsSettingsDataSource) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "connectorId", s.ConnectorID) + populate(objectMap, "dataTypes", s.DataTypes) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsList. +func (s *SecurityMLAnalyticsSettingsList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &s.NextLink) + delete(rawMsg, key) + case "value": + s.Value, err = unmarshalSecurityMLAnalyticsSettingClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type SettingList. +func (s *SettingList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "value": + s.Value, err = unmarshalSettingsClassificationArray(val) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type SourceControlProperties. +func (s SourceControlProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "additionalData", s.AdditionalData) - populate(objectMap, "distinguishedName", s.DistinguishedName) - populate(objectMap, "friendlyName", s.FriendlyName) - populate(objectMap, "objectGuid", s.ObjectGUID) - populate(objectMap, "sid", s.Sid) + populate(objectMap, "contentTypes", s.ContentTypes) + populate(objectMap, "description", s.Description) + populate(objectMap, "displayName", s.DisplayName) + populate(objectMap, "id", s.ID) + populate(objectMap, "lastDeploymentInfo", s.LastDeploymentInfo) + populate(objectMap, "repoType", s.RepoType) + populate(objectMap, "repository", s.Repository) + populate(objectMap, "repositoryResourceInfo", s.RepositoryResourceInfo) + populate(objectMap, "version", s.Version) return json.Marshal(objectMap) } @@ -3273,7 +6672,7 @@ func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { func (s SubmissionMailEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindEnumSubmissionMail + objectMap["kind"] = EntityKindSubmissionMail populate(objectMap, "name", s.Name) populate(objectMap, "properties", s.Properties) populate(objectMap, "systemData", s.SystemData) @@ -3367,79 +6766,354 @@ func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error { case "subject": err = unpopulate(val, "Subject", &s.Subject) delete(rawMsg, key) - case "submissionDate": - err = unpopulateTimeRFC3339(val, "SubmissionDate", &s.SubmissionDate) + case "submissionDate": + err = unpopulateTimeRFC3339(val, "SubmissionDate", &s.SubmissionDate) + delete(rawMsg, key) + case "submissionId": + err = unpopulate(val, "SubmissionID", &s.SubmissionID) + delete(rawMsg, key) + case "submitter": + err = unpopulate(val, "Submitter", &s.Submitter) + delete(rawMsg, key) + case "timestamp": + err = unpopulateTimeRFC3339(val, "Timestamp", &s.Timestamp) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type SystemData. +func (s SystemData) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populateTimeRFC3339(objectMap, "createdAt", s.CreatedAt) + populate(objectMap, "createdBy", s.CreatedBy) + populate(objectMap, "createdByType", s.CreatedByType) + populateTimeRFC3339(objectMap, "lastModifiedAt", s.LastModifiedAt) + populate(objectMap, "lastModifiedBy", s.LastModifiedBy) + populate(objectMap, "lastModifiedByType", s.LastModifiedByType) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type SystemData. +func (s *SystemData) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "createdAt": + err = unpopulateTimeRFC3339(val, "CreatedAt", &s.CreatedAt) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &s.CreatedBy) + delete(rawMsg, key) + case "createdByType": + err = unpopulate(val, "CreatedByType", &s.CreatedByType) + delete(rawMsg, key) + case "lastModifiedAt": + err = unpopulateTimeRFC3339(val, "LastModifiedAt", &s.LastModifiedAt) + delete(rawMsg, key) + case "lastModifiedBy": + err = unpopulate(val, "LastModifiedBy", &s.LastModifiedBy) + delete(rawMsg, key) + case "lastModifiedByType": + err = unpopulate(val, "LastModifiedByType", &s.LastModifiedByType) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", s, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TICheckRequirements. +func (t TICheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindThreatIntelligence + populate(objectMap, "properties", t.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirements. +func (t *TICheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TIDataConnector. +func (t TIDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", t.Etag) + populate(objectMap, "id", t.ID) + objectMap["kind"] = DataConnectorKindThreatIntelligence + populate(objectMap, "name", t.Name) + populate(objectMap, "properties", t.Properties) + populate(objectMap, "systemData", t.SystemData) + populate(objectMap, "type", t.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector. +func (t *TIDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &t.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &t.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &t.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &t.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &t.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties. +func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "dataTypes", t.DataTypes) + populate(objectMap, "tenantId", t.TenantID) + populateTimeRFC3339(objectMap, "tipLookbackPeriod", t.TipLookbackPeriod) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties. +func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "dataTypes": + err = unpopulate(val, "DataTypes", &t.DataTypes) + delete(rawMsg, key) + case "tenantId": + err = unpopulate(val, "TenantID", &t.TenantID) + delete(rawMsg, key) + case "tipLookbackPeriod": + err = unpopulateTimeRFC3339(val, "TipLookbackPeriod", &t.TipLookbackPeriod) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TeamInformation. +func (t TeamInformation) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "description", t.Description) + populate(objectMap, "name", t.Name) + populate(objectMap, "primaryChannelUrl", t.PrimaryChannelURL) + populateTimeRFC3339(objectMap, "teamCreationTimeUtc", t.TeamCreationTimeUTC) + populate(objectMap, "teamId", t.TeamID) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TeamInformation. +func (t *TeamInformation) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "description": + err = unpopulate(val, "Description", &t.Description) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &t.Name) + delete(rawMsg, key) + case "primaryChannelUrl": + err = unpopulate(val, "PrimaryChannelURL", &t.PrimaryChannelURL) + delete(rawMsg, key) + case "teamCreationTimeUtc": + err = unpopulateTimeRFC3339(val, "TeamCreationTimeUTC", &t.TeamCreationTimeUTC) + delete(rawMsg, key) + case "teamId": + err = unpopulate(val, "TeamID", &t.TeamID) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TeamProperties. +func (t TeamProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "groupIds", t.GroupIDs) + populate(objectMap, "memberIds", t.MemberIDs) + populate(objectMap, "teamDescription", t.TeamDescription) + populate(objectMap, "teamName", t.TeamName) + return json.Marshal(objectMap) +} + +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRule. +func (t ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", t.Etag) + populate(objectMap, "id", t.ID) + objectMap["kind"] = AlertRuleKindThreatIntelligence + populate(objectMap, "name", t.Name) + populate(objectMap, "properties", t.Properties) + populate(objectMap, "systemData", t.SystemData) + populate(objectMap, "type", t.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRule. +func (t *ThreatIntelligenceAlertRule) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &t.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &t.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &t.Kind) delete(rawMsg, key) - case "submissionId": - err = unpopulate(val, "SubmissionID", &s.SubmissionID) + case "name": + err = unpopulate(val, "Name", &t.Name) delete(rawMsg, key) - case "submitter": - err = unpopulate(val, "Submitter", &s.Submitter) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) delete(rawMsg, key) - case "timestamp": - err = unpopulateTimeRFC3339(val, "Timestamp", &s.Timestamp) + case "systemData": + err = unpopulate(val, "SystemData", &t.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &t.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", t, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SystemData. -func (s SystemData) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleProperties. +func (t ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populateTimeRFC3339(objectMap, "createdAt", s.CreatedAt) - populate(objectMap, "createdBy", s.CreatedBy) - populate(objectMap, "createdByType", s.CreatedByType) - populateTimeRFC3339(objectMap, "lastModifiedAt", s.LastModifiedAt) - populate(objectMap, "lastModifiedBy", s.LastModifiedBy) - populate(objectMap, "lastModifiedByType", s.LastModifiedByType) + populate(objectMap, "alertRuleTemplateName", t.AlertRuleTemplateName) + populate(objectMap, "description", t.Description) + populate(objectMap, "displayName", t.DisplayName) + populate(objectMap, "enabled", t.Enabled) + populateTimeRFC3339(objectMap, "lastModifiedUtc", t.LastModifiedUTC) + populate(objectMap, "severity", t.Severity) + populate(objectMap, "tactics", t.Tactics) + populate(objectMap, "techniques", t.Techniques) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SystemData. -func (s *SystemData) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleProperties. +func (t *ThreatIntelligenceAlertRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", t, err) } for key, val := range rawMsg { var err error switch key { - case "createdAt": - err = unpopulateTimeRFC3339(val, "CreatedAt", &s.CreatedAt) + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &t.AlertRuleTemplateName) delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &s.CreatedBy) + case "description": + err = unpopulate(val, "Description", &t.Description) delete(rawMsg, key) - case "createdByType": - err = unpopulate(val, "CreatedByType", &s.CreatedByType) + case "displayName": + err = unpopulate(val, "DisplayName", &t.DisplayName) delete(rawMsg, key) - case "lastModifiedAt": - err = unpopulateTimeRFC3339(val, "LastModifiedAt", &s.LastModifiedAt) + case "enabled": + err = unpopulate(val, "Enabled", &t.Enabled) delete(rawMsg, key) - case "lastModifiedBy": - err = unpopulate(val, "LastModifiedBy", &s.LastModifiedBy) + case "lastModifiedUtc": + err = unpopulateTimeRFC3339(val, "LastModifiedUTC", &t.LastModifiedUTC) delete(rawMsg, key) - case "lastModifiedByType": - err = unpopulate(val, "LastModifiedByType", &s.LastModifiedByType) + case "severity": + err = unpopulate(val, "Severity", &t.Severity) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &t.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &t.Techniques) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", t, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TIDataConnector. -func (t TIDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplate. +func (t ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "etag", t.Etag) populate(objectMap, "id", t.ID) - objectMap["kind"] = DataConnectorKindThreatIntelligence + objectMap["kind"] = AlertRuleKindThreatIntelligence populate(objectMap, "name", t.Name) populate(objectMap, "properties", t.Properties) populate(objectMap, "systemData", t.SystemData) @@ -3447,8 +7121,8 @@ func (t TIDataConnector) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector. -func (t *TIDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplate. +func (t *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -3456,9 +7130,6 @@ func (t *TIDataConnector) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &t.Etag) - delete(rawMsg, key) case "id": err = unpopulate(val, "ID", &t.ID) delete(rawMsg, key) @@ -3485,17 +7156,24 @@ func (t *TIDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties. -func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties. +func (t ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) - populate(objectMap, "dataTypes", t.DataTypes) - populate(objectMap, "tenantId", t.TenantID) - populateTimeRFC3339(objectMap, "tipLookbackPeriod", t.TipLookbackPeriod) + populate(objectMap, "alertRulesCreatedByTemplateCount", t.AlertRulesCreatedByTemplateCount) + populateTimeRFC3339(objectMap, "createdDateUTC", t.CreatedDateUTC) + populate(objectMap, "description", t.Description) + populate(objectMap, "displayName", t.DisplayName) + populateTimeRFC3339(objectMap, "lastUpdatedDateUTC", t.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", t.RequiredDataConnectors) + populate(objectMap, "severity", t.Severity) + populate(objectMap, "status", t.Status) + populate(objectMap, "tactics", t.Tactics) + populate(objectMap, "techniques", t.Techniques) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties. -func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties. +func (t *ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -3503,14 +7181,35 @@ func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &t.DataTypes) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &t.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &t.TenantID) + case "createdDateUTC": + err = unpopulateTimeRFC3339(val, "CreatedDateUTC", &t.CreatedDateUTC) delete(rawMsg, key) - case "tipLookbackPeriod": - err = unpopulateTimeRFC3339(val, "TipLookbackPeriod", &t.TipLookbackPeriod) + case "description": + err = unpopulate(val, "Description", &t.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &t.DisplayName) + delete(rawMsg, key) + case "lastUpdatedDateUTC": + err = unpopulateTimeRFC3339(val, "LastUpdatedDateUTC", &t.LastUpdatedDateUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &t.RequiredDataConnectors) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &t.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &t.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &t.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &t.Techniques) delete(rawMsg, key) } if err != nil { @@ -3571,7 +7270,7 @@ func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "etag", t.Etag) populate(objectMap, "id", t.ID) - objectMap["kind"] = ThreatIntelligenceResourceInnerKindIndicator + objectMap["kind"] = ThreatIntelligenceResourceKindEnumIndicator populate(objectMap, "name", t.Name) populate(objectMap, "properties", t.Properties) populate(objectMap, "systemData", t.SystemData) @@ -3684,11 +7383,156 @@ func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirements. +func (t TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + objectMap["kind"] = DataConnectorKindThreatIntelligenceTaxii + populate(objectMap, "properties", t.Properties) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirements. +func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnector. +func (t TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", t.Etag) + populate(objectMap, "id", t.ID) + objectMap["kind"] = DataConnectorKindThreatIntelligenceTaxii + populate(objectMap, "name", t.Name) + populate(objectMap, "properties", t.Properties) + populate(objectMap, "systemData", t.SystemData) + populate(objectMap, "type", t.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnector. +func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &t.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &t.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &t.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &t.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &t.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorProperties. +func (t TiTaxiiDataConnectorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "collectionId", t.CollectionID) + populate(objectMap, "dataTypes", t.DataTypes) + populate(objectMap, "friendlyName", t.FriendlyName) + populate(objectMap, "password", t.Password) + populate(objectMap, "pollingFrequency", t.PollingFrequency) + populateTimeRFC3339(objectMap, "taxiiLookbackPeriod", t.TaxiiLookbackPeriod) + populate(objectMap, "taxiiServer", t.TaxiiServer) + populate(objectMap, "tenantId", t.TenantID) + populate(objectMap, "userName", t.UserName) + populate(objectMap, "workspaceId", t.WorkspaceID) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorProperties. +func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "collectionId": + err = unpopulate(val, "CollectionID", &t.CollectionID) + delete(rawMsg, key) + case "dataTypes": + err = unpopulate(val, "DataTypes", &t.DataTypes) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &t.FriendlyName) + delete(rawMsg, key) + case "password": + err = unpopulate(val, "Password", &t.Password) + delete(rawMsg, key) + case "pollingFrequency": + err = unpopulate(val, "PollingFrequency", &t.PollingFrequency) + delete(rawMsg, key) + case "taxiiLookbackPeriod": + err = unpopulateTimeRFC3339(val, "TaxiiLookbackPeriod", &t.TaxiiLookbackPeriod) + delete(rawMsg, key) + case "taxiiServer": + err = unpopulate(val, "TaxiiServer", &t.TaxiiServer) + delete(rawMsg, key) + case "tenantId": + err = unpopulate(val, "TenantID", &t.TenantID) + delete(rawMsg, key) + case "userName": + err = unpopulate(val, "UserName", &t.UserName) + delete(rawMsg, key) + case "workspaceId": + err = unpopulate(val, "WorkspaceID", &t.WorkspaceID) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type URLEntity. func (u URLEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populate(objectMap, "id", u.ID) - objectMap["kind"] = EntityKindEnumURL + objectMap["kind"] = EntityKindURL populate(objectMap, "name", u.Name) populate(objectMap, "properties", u.Properties) populate(objectMap, "systemData", u.SystemData) @@ -3740,14 +7584,72 @@ func (u URLEntityProperties) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } +// MarshalJSON implements the json.Marshaller interface for type Ueba. +func (u Ueba) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "etag", u.Etag) + populate(objectMap, "id", u.ID) + objectMap["kind"] = SettingKindUeba + populate(objectMap, "name", u.Name) + populate(objectMap, "properties", u.Properties) + populate(objectMap, "systemData", u.SystemData) + populate(objectMap, "type", u.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type Ueba. +func (u *Ueba) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", u, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &u.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &u.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &u.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &u.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &u.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &u.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &u.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", u, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type UebaProperties. +func (u UebaProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + populate(objectMap, "dataSources", u.DataSources) + return json.Marshal(objectMap) +} + // MarshalJSON implements the json.Marshaller interface for type WatchlistItemProperties. func (w WatchlistItemProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]interface{}) populateTimeRFC3339(objectMap, "created", w.Created) populate(objectMap, "createdBy", w.CreatedBy) - populate(objectMap, "entityMapping", &w.EntityMapping) + populate(objectMap, "entityMapping", w.EntityMapping) populate(objectMap, "isDeleted", w.IsDeleted) - populate(objectMap, "itemsKeyValue", &w.ItemsKeyValue) + populate(objectMap, "itemsKeyValue", w.ItemsKeyValue) populate(objectMap, "tenantId", w.TenantID) populateTimeRFC3339(objectMap, "updated", w.Updated) populate(objectMap, "updatedBy", w.UpdatedBy) @@ -3819,6 +7721,7 @@ func (w WatchlistProperties) MarshalJSON() ([]byte, error) { populate(objectMap, "provider", w.Provider) populate(objectMap, "rawContent", w.RawContent) populate(objectMap, "source", w.Source) + populate(objectMap, "sourceType", w.SourceType) populate(objectMap, "tenantId", w.TenantID) populateTimeRFC3339(objectMap, "updated", w.Updated) populate(objectMap, "updatedBy", w.UpdatedBy) @@ -3877,6 +7780,9 @@ func (w *WatchlistProperties) UnmarshalJSON(data []byte) error { case "source": err = unpopulate(val, "Source", &w.Source) delete(rawMsg, key) + case "sourceType": + err = unpopulate(val, "SourceType", &w.SourceType) + delete(rawMsg, key) case "tenantId": err = unpopulate(val, "TenantID", &w.TenantID) delete(rawMsg, key) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_officeconsents_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_officeconsents_client.go new file mode 100644 index 000000000000..1d5b25e9fb2e --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_officeconsents_client.go @@ -0,0 +1,237 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// OfficeConsentsClient contains the methods for the OfficeConsents group. +// Don't use this type directly, use NewOfficeConsentsClient() instead. +type OfficeConsentsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewOfficeConsentsClient creates a new instance of OfficeConsentsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewOfficeConsentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*OfficeConsentsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &OfficeConsentsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Delete - Delete the office365 consent. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// consentID - consent ID +// options - OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method. +func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (OfficeConsentsClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, consentID, options) + if err != nil { + return OfficeConsentsClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return OfficeConsentsClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return OfficeConsentsClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return OfficeConsentsClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *OfficeConsentsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if consentID == "" { + return nil, errors.New("parameter consentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{consentId}", url.PathEscape(consentID)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets an office365 consent. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// consentID - consent ID +// options - OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method. +func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (OfficeConsentsClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, consentID, options) + if err != nil { + return OfficeConsentsClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return OfficeConsentsClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return OfficeConsentsClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *OfficeConsentsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if consentID == "" { + return nil, errors.New("parameter consentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{consentId}", url.PathEscape(consentID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *OfficeConsentsClient) getHandleResponse(resp *http.Response) (OfficeConsentsClientGetResponse, error) { + result := OfficeConsentsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.OfficeConsent); err != nil { + return OfficeConsentsClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all office365 consents. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method. +func (client *OfficeConsentsClient) NewListPager(resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) *runtime.Pager[OfficeConsentsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[OfficeConsentsClientListResponse]{ + More: func(page OfficeConsentsClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *OfficeConsentsClientListResponse) (OfficeConsentsClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return OfficeConsentsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return OfficeConsentsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return OfficeConsentsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *OfficeConsentsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *OfficeConsentsClient) listHandleResponse(resp *http.Response) (OfficeConsentsClientListResponse, error) { + result := OfficeConsentsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.OfficeConsentList); err != nil { + return OfficeConsentsClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_operations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_operations_client.go index e3facbe50e3f..dd47a1d25fa3 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_operations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_operations_client.go @@ -50,7 +50,7 @@ func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientO // NewListPager - Lists all operations available Azure Security Insights Resource Provider. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // options - OperationsClientListOptions contains the optional parameters for the OperationsClient.List method. func (client *OperationsClient) NewListPager(options *OperationsClientListOptions) *runtime.Pager[OperationsClientListResponse] { return runtime.NewPager(runtime.PagingHandler[OperationsClientListResponse]{ @@ -88,7 +88,7 @@ func (client *OperationsClient) listCreateRequest(ctx context.Context, options * return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_polymorphic_helpers.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_polymorphic_helpers.go index 7fd07c046aea..39781f1084de 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_polymorphic_helpers.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_polymorphic_helpers.go @@ -22,10 +22,16 @@ func unmarshalAlertRuleClassification(rawMsg json.RawMessage) (AlertRuleClassifi switch m["kind"] { case string(AlertRuleKindFusion): b = &FusionAlertRule{} + case string(AlertRuleKindMLBehaviorAnalytics): + b = &MLBehaviorAnalyticsAlertRule{} case string(AlertRuleKindMicrosoftSecurityIncidentCreation): b = &MicrosoftSecurityIncidentCreationAlertRule{} + case string(AlertRuleKindNRT): + b = &NrtAlertRule{} case string(AlertRuleKindScheduled): b = &ScheduledAlertRule{} + case string(AlertRuleKindThreatIntelligence): + b = &ThreatIntelligenceAlertRule{} default: b = &AlertRule{} } @@ -63,10 +69,16 @@ func unmarshalAlertRuleTemplateClassification(rawMsg json.RawMessage) (AlertRule switch m["kind"] { case string(AlertRuleKindFusion): b = &FusionAlertRuleTemplate{} + case string(AlertRuleKindMLBehaviorAnalytics): + b = &MLBehaviorAnalyticsAlertRuleTemplate{} case string(AlertRuleKindMicrosoftSecurityIncidentCreation): b = &MicrosoftSecurityIncidentCreationAlertRuleTemplate{} + case string(AlertRuleKindNRT): + b = &NrtAlertRuleTemplate{} case string(AlertRuleKindScheduled): b = &ScheduledAlertRuleTemplate{} + case string(AlertRuleKindThreatIntelligence): + b = &ThreatIntelligenceAlertRuleTemplate{} default: b = &AlertRuleTemplate{} } @@ -143,6 +155,10 @@ func unmarshalAutomationRuleConditionClassification(rawMsg json.RawMessage) (Aut switch m["conditionType"] { case string(ConditionTypeProperty): b = &PropertyConditionProperties{} + case string(ConditionTypePropertyArrayChanged): + b = &PropertyArrayChangedConditionProperties{} + case string(ConditionTypePropertyChanged): + b = &PropertyChangedConditionProperties{} default: b = &AutomationRuleCondition{} } @@ -178,22 +194,46 @@ func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (DataConnector } var b DataConnectorClassification switch m["kind"] { + case string(DataConnectorKindAPIPolling): + b = &CodelessAPIPollingDataConnector{} case string(DataConnectorKindAmazonWebServicesCloudTrail): b = &AwsCloudTrailDataConnector{} + case string(DataConnectorKindAmazonWebServicesS3): + b = &AwsS3DataConnector{} case string(DataConnectorKindAzureActiveDirectory): b = &AADDataConnector{} case string(DataConnectorKindAzureAdvancedThreatProtection): b = &AATPDataConnector{} case string(DataConnectorKindAzureSecurityCenter): b = &ASCDataConnector{} + case string(DataConnectorKindDynamics365): + b = &Dynamics365DataConnector{} + case string(DataConnectorKindGenericUI): + b = &CodelessUIDataConnector{} + case string(DataConnectorKindIOT): + b = &IoTDataConnector{} case string(DataConnectorKindMicrosoftCloudAppSecurity): b = &MCASDataConnector{} case string(DataConnectorKindMicrosoftDefenderAdvancedThreatProtection): b = &MDATPDataConnector{} + case string(DataConnectorKindMicrosoftThreatIntelligence): + b = &MSTIDataConnector{} + case string(DataConnectorKindMicrosoftThreatProtection): + b = &MTPDataConnector{} case string(DataConnectorKindOffice365): b = &OfficeDataConnector{} + case string(DataConnectorKindOffice365Project): + b = &Office365ProjectDataConnector{} + case string(DataConnectorKindOfficeATP): + b = &OfficeATPDataConnector{} + case string(DataConnectorKindOfficeIRM): + b = &OfficeIRMDataConnector{} + case string(DataConnectorKindOfficePowerBI): + b = &OfficePowerBIDataConnector{} case string(DataConnectorKindThreatIntelligence): b = &TIDataConnector{} + case string(DataConnectorKindThreatIntelligenceTaxii): + b = &TiTaxiiDataConnector{} default: b = &DataConnector{} } @@ -229,47 +269,47 @@ func unmarshalEntityClassification(rawMsg json.RawMessage) (EntityClassification } var b EntityClassification switch m["kind"] { - case string(EntityKindEnumAccount): + case string(EntityKindAccount): b = &AccountEntity{} - case string(EntityKindEnumAzureResource): + case string(EntityKindAzureResource): b = &AzureResourceEntity{} - case string(EntityKindEnumBookmark): + case string(EntityKindBookmark): b = &HuntingBookmark{} - case string(EntityKindEnumCloudApplication): + case string(EntityKindCloudApplication): b = &CloudApplicationEntity{} - case string(EntityKindEnumDNSResolution): + case string(EntityKindDNSResolution): b = &DNSEntity{} - case string(EntityKindEnumFile): + case string(EntityKindFile): b = &FileEntity{} - case string(EntityKindEnumFileHash): + case string(EntityKindFileHash): b = &FileHashEntity{} - case string(EntityKindEnumHost): + case string(EntityKindHost): b = &HostEntity{} - case string(EntityKindEnumIoTDevice): + case string(EntityKindIoTDevice): b = &IoTDeviceEntity{} - case string(EntityKindEnumIP): + case string(EntityKindIP): b = &IPEntity{} - case string(EntityKindEnumMailCluster): + case string(EntityKindMailCluster): b = &MailClusterEntity{} - case string(EntityKindEnumMailMessage): + case string(EntityKindMailMessage): b = &MailMessageEntity{} - case string(EntityKindEnumMailbox): + case string(EntityKindMailbox): b = &MailboxEntity{} - case string(EntityKindEnumMalware): + case string(EntityKindMalware): b = &MalwareEntity{} - case string(EntityKindEnumProcess): + case string(EntityKindProcess): b = &ProcessEntity{} - case string(EntityKindEnumRegistryKey): + case string(EntityKindRegistryKey): b = &RegistryKeyEntity{} - case string(EntityKindEnumRegistryValue): + case string(EntityKindRegistryValue): b = &RegistryValueEntity{} - case string(EntityKindEnumSecurityAlert): + case string(EntityKindSecurityAlert): b = &SecurityAlert{} - case string(EntityKindEnumSecurityGroup): + case string(EntityKindSecurityGroup): b = &SecurityGroupEntity{} - case string(EntityKindEnumSubmissionMail): + case string(EntityKindSubmissionMail): b = &SubmissionMailEntity{} - case string(EntityKindEnumURL): + case string(EntityKindURL): b = &URLEntity{} default: b = &Entity{} @@ -296,6 +336,242 @@ func unmarshalEntityClassificationArray(rawMsg json.RawMessage) ([]EntityClassif return fArray, nil } +func unmarshalEntityQueryClassification(rawMsg json.RawMessage) (EntityQueryClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b EntityQueryClassification + switch m["kind"] { + case string(EntityQueryKindActivity): + b = &ActivityEntityQuery{} + case string(EntityQueryKindExpansion): + b = &ExpansionEntityQuery{} + default: + b = &EntityQuery{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalEntityQueryClassificationArray(rawMsg json.RawMessage) ([]EntityQueryClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]EntityQueryClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalEntityQueryClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + +func unmarshalEntityQueryItemClassification(rawMsg json.RawMessage) (EntityQueryItemClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b EntityQueryItemClassification + switch m["kind"] { + case string(EntityQueryKindInsight): + b = &InsightQueryItem{} + default: + b = &EntityQueryItem{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalEntityQueryItemClassificationArray(rawMsg json.RawMessage) ([]EntityQueryItemClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]EntityQueryItemClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalEntityQueryItemClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + +func unmarshalEntityQueryTemplateClassification(rawMsg json.RawMessage) (EntityQueryTemplateClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b EntityQueryTemplateClassification + switch m["kind"] { + case string(EntityQueryTemplateKindActivity): + b = &ActivityEntityQueryTemplate{} + default: + b = &EntityQueryTemplate{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalEntityQueryTemplateClassificationArray(rawMsg json.RawMessage) ([]EntityQueryTemplateClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]EntityQueryTemplateClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalEntityQueryTemplateClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + +func unmarshalEntityTimelineItemClassification(rawMsg json.RawMessage) (EntityTimelineItemClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b EntityTimelineItemClassification + switch m["kind"] { + case string(EntityTimelineKindActivity): + b = &ActivityTimelineItem{} + case string(EntityTimelineKindAnomaly): + b = &AnomalyTimelineItem{} + case string(EntityTimelineKindBookmark): + b = &BookmarkTimelineItem{} + case string(EntityTimelineKindSecurityAlert): + b = &SecurityAlertTimelineItem{} + default: + b = &EntityTimelineItem{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalEntityTimelineItemClassificationArray(rawMsg json.RawMessage) ([]EntityTimelineItemClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]EntityTimelineItemClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalEntityTimelineItemClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + +func unmarshalSecurityMLAnalyticsSettingClassification(rawMsg json.RawMessage) (SecurityMLAnalyticsSettingClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b SecurityMLAnalyticsSettingClassification + switch m["kind"] { + case string(SecurityMLAnalyticsSettingsKindAnomaly): + b = &AnomalySecurityMLAnalyticsSettings{} + default: + b = &SecurityMLAnalyticsSetting{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalSecurityMLAnalyticsSettingClassificationArray(rawMsg json.RawMessage) ([]SecurityMLAnalyticsSettingClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]SecurityMLAnalyticsSettingClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalSecurityMLAnalyticsSettingClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + +func unmarshalSettingsClassification(rawMsg json.RawMessage) (SettingsClassification, error) { + if rawMsg == nil { + return nil, nil + } + var m map[string]interface{} + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b SettingsClassification + switch m["kind"] { + case string(SettingKindAnomalies): + b = &Anomalies{} + case string(SettingKindEntityAnalytics): + b = &EntityAnalytics{} + case string(SettingKindEyesOn): + b = &EyesOn{} + case string(SettingKindUeba): + b = &Ueba{} + default: + b = &Settings{} + } + return b, json.Unmarshal(rawMsg, b) +} + +func unmarshalSettingsClassificationArray(rawMsg json.RawMessage) ([]SettingsClassification, error) { + if rawMsg == nil { + return nil, nil + } + var rawMessages []json.RawMessage + if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { + return nil, err + } + fArray := make([]SettingsClassification, len(rawMessages)) + for index, rawMessage := range rawMessages { + f, err := unmarshalSettingsClassification(rawMessage) + if err != nil { + return nil, err + } + fArray[index] = f + } + return fArray, nil +} + func unmarshalThreatIntelligenceInformationClassification(rawMsg json.RawMessage) (ThreatIntelligenceInformationClassification, error) { if rawMsg == nil { return nil, nil @@ -306,7 +582,7 @@ func unmarshalThreatIntelligenceInformationClassification(rawMsg json.RawMessage } var b ThreatIntelligenceInformationClassification switch m["kind"] { - case string(ThreatIntelligenceResourceInnerKindIndicator): + case string(ThreatIntelligenceResourceKindEnumIndicator): b = &ThreatIntelligenceIndicatorModel{} default: b = &ThreatIntelligenceInformation{} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_productsettings_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_productsettings_client.go new file mode 100644 index 000000000000..c84f02a16951 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_productsettings_client.go @@ -0,0 +1,286 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// ProductSettingsClient contains the methods for the ProductSettings group. +// Don't use this type directly, use NewProductSettingsClient() instead. +type ProductSettingsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewProductSettingsClient creates a new instance of ProductSettingsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewProductSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductSettingsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &ProductSettingsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Delete - Delete setting of the product. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba +// options - ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method. +func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (ProductSettingsClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, options) + if err != nil { + return ProductSettingsClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return ProductSettingsClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return ProductSettingsClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return ProductSettingsClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *ProductSettingsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsName == "" { + return nil, errors.New("parameter settingsName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets a setting. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba +// options - ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method. +func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (ProductSettingsClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, options) + if err != nil { + return ProductSettingsClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return ProductSettingsClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return ProductSettingsClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *ProductSettingsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsName == "" { + return nil, errors.New("parameter settingsName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *ProductSettingsClient) getHandleResponse(resp *http.Response) (ProductSettingsClientGetResponse, error) { + result := ProductSettingsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return ProductSettingsClientGetResponse{}, err + } + return result, nil +} + +// List - List of all the settings +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method. +func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (ProductSettingsClientListResponse, error) { + req, err := client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + if err != nil { + return ProductSettingsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return ProductSettingsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return ProductSettingsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) +} + +// listCreateRequest creates the List request. +func (client *ProductSettingsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *ProductSettingsClient) listHandleResponse(resp *http.Response) (ProductSettingsClientListResponse, error) { + result := ProductSettingsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SettingList); err != nil { + return ProductSettingsClientListResponse{}, err + } + return result, nil +} + +// Update - Updates setting. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba +// settings - The setting +// options - ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method. +func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (ProductSettingsClientUpdateResponse, error) { + req, err := client.updateCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, settings, options) + if err != nil { + return ProductSettingsClientUpdateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return ProductSettingsClientUpdateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return ProductSettingsClientUpdateResponse{}, runtime.NewResponseError(resp) + } + return client.updateHandleResponse(resp) +} + +// updateCreateRequest creates the Update request. +func (client *ProductSettingsClient) updateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsName == "" { + return nil, errors.New("parameter settingsName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, settings) +} + +// updateHandleResponse handles the Update response. +func (client *ProductSettingsClient) updateHandleResponse(resp *http.Response) (ProductSettingsClientUpdateResponse, error) { + result := ProductSettingsClientUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return ProductSettingsClientUpdateResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_response_types.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_response_types.go index 33dd820192b6..879da0f7f931 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_response_types.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_response_types.go @@ -109,6 +109,31 @@ type AutomationRulesClientListResponse struct { AutomationRulesList } +// BookmarkClientExpandResponse contains the response from method BookmarkClient.Expand. +type BookmarkClientExpandResponse struct { + BookmarkExpandResponse +} + +// BookmarkRelationsClientCreateOrUpdateResponse contains the response from method BookmarkRelationsClient.CreateOrUpdate. +type BookmarkRelationsClientCreateOrUpdateResponse struct { + Relation +} + +// BookmarkRelationsClientDeleteResponse contains the response from method BookmarkRelationsClient.Delete. +type BookmarkRelationsClientDeleteResponse struct { + // placeholder for future response values +} + +// BookmarkRelationsClientGetResponse contains the response from method BookmarkRelationsClient.Get. +type BookmarkRelationsClientGetResponse struct { + Relation +} + +// BookmarkRelationsClientListResponse contains the response from method BookmarkRelationsClient.List. +type BookmarkRelationsClientListResponse struct { + RelationList +} + // BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate. type BookmarksClientCreateOrUpdateResponse struct { Bookmark @@ -129,6 +154,16 @@ type BookmarksClientListResponse struct { BookmarkList } +// DataConnectorsCheckRequirementsClientPostResponse contains the response from method DataConnectorsCheckRequirementsClient.Post. +type DataConnectorsCheckRequirementsClientPostResponse struct { + DataConnectorRequirementsState +} + +// DataConnectorsClientConnectResponse contains the response from method DataConnectorsClient.Connect. +type DataConnectorsClientConnectResponse struct { + // placeholder for future response values +} + // DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate. type DataConnectorsClientCreateOrUpdateResponse struct { DataConnectorClassification @@ -149,6 +184,11 @@ type DataConnectorsClientDeleteResponse struct { // placeholder for future response values } +// DataConnectorsClientDisconnectResponse contains the response from method DataConnectorsClient.Disconnect. +type DataConnectorsClientDisconnectResponse struct { + // placeholder for future response values +} + // DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get. type DataConnectorsClientGetResponse struct { DataConnectorClassification @@ -169,6 +209,126 @@ type DataConnectorsClientListResponse struct { DataConnectorList } +// DomainWhoisClientGetResponse contains the response from method DomainWhoisClient.Get. +type DomainWhoisClientGetResponse struct { + EnrichmentDomainWhois +} + +// EntitiesClientExpandResponse contains the response from method EntitiesClient.Expand. +type EntitiesClientExpandResponse struct { + EntityExpandResponse +} + +// EntitiesClientGetInsightsResponse contains the response from method EntitiesClient.GetInsights. +type EntitiesClientGetInsightsResponse struct { + EntityGetInsightsResponse +} + +// EntitiesClientGetResponse contains the response from method EntitiesClient.Get. +type EntitiesClientGetResponse struct { + EntityClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntitiesClientGetResponse. +func (e *EntitiesClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalEntityClassification(data) + if err != nil { + return err + } + e.EntityClassification = res + return nil +} + +// EntitiesClientListResponse contains the response from method EntitiesClient.List. +type EntitiesClientListResponse struct { + EntityList +} + +// EntitiesClientQueriesResponse contains the response from method EntitiesClient.Queries. +type EntitiesClientQueriesResponse struct { + GetQueriesResponse +} + +// EntitiesGetTimelineClientListResponse contains the response from method EntitiesGetTimelineClient.List. +type EntitiesGetTimelineClientListResponse struct { + EntityTimelineResponse +} + +// EntitiesRelationsClientListResponse contains the response from method EntitiesRelationsClient.List. +type EntitiesRelationsClientListResponse struct { + RelationList +} + +// EntityQueriesClientCreateOrUpdateResponse contains the response from method EntityQueriesClient.CreateOrUpdate. +type EntityQueriesClientCreateOrUpdateResponse struct { + EntityQueryClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientCreateOrUpdateResponse. +func (e *EntityQueriesClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalEntityQueryClassification(data) + if err != nil { + return err + } + e.EntityQueryClassification = res + return nil +} + +// EntityQueriesClientDeleteResponse contains the response from method EntityQueriesClient.Delete. +type EntityQueriesClientDeleteResponse struct { + // placeholder for future response values +} + +// EntityQueriesClientGetResponse contains the response from method EntityQueriesClient.Get. +type EntityQueriesClientGetResponse struct { + EntityQueryClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientGetResponse. +func (e *EntityQueriesClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalEntityQueryClassification(data) + if err != nil { + return err + } + e.EntityQueryClassification = res + return nil +} + +// EntityQueriesClientListResponse contains the response from method EntityQueriesClient.List. +type EntityQueriesClientListResponse struct { + EntityQueryList +} + +// EntityQueryTemplatesClientGetResponse contains the response from method EntityQueryTemplatesClient.Get. +type EntityQueryTemplatesClientGetResponse struct { + EntityQueryTemplateClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplatesClientGetResponse. +func (e *EntityQueryTemplatesClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalEntityQueryTemplateClassification(data) + if err != nil { + return err + } + e.EntityQueryTemplateClassification = res + return nil +} + +// EntityQueryTemplatesClientListResponse contains the response from method EntityQueryTemplatesClient.List. +type EntityQueryTemplatesClientListResponse struct { + EntityQueryTemplateList +} + +// EntityRelationsClientGetRelationResponse contains the response from method EntityRelationsClient.GetRelation. +type EntityRelationsClientGetRelationResponse struct { + Relation +} + +// IPGeodataClientGetResponse contains the response from method IPGeodataClient.Get. +type IPGeodataClientGetResponse struct { + EnrichmentIPGeodata +} + // IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate. type IncidentCommentsClientCreateOrUpdateResponse struct { IncidentComment @@ -214,6 +374,11 @@ type IncidentsClientCreateOrUpdateResponse struct { Incident } +// IncidentsClientCreateTeamResponse contains the response from method IncidentsClient.CreateTeam. +type IncidentsClientCreateTeamResponse struct { + TeamInformation +} + // IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete. type IncidentsClientDeleteResponse struct { // placeholder for future response values @@ -244,11 +409,137 @@ type IncidentsClientListResponse struct { IncidentList } +// IncidentsClientRunPlaybookResponse contains the response from method IncidentsClient.RunPlaybook. +type IncidentsClientRunPlaybookResponse struct { + // Anything + Interface interface{} +} + +// MetadataClientCreateResponse contains the response from method MetadataClient.Create. +type MetadataClientCreateResponse struct { + MetadataModel +} + +// MetadataClientDeleteResponse contains the response from method MetadataClient.Delete. +type MetadataClientDeleteResponse struct { + // placeholder for future response values +} + +// MetadataClientGetResponse contains the response from method MetadataClient.Get. +type MetadataClientGetResponse struct { + MetadataModel +} + +// MetadataClientListResponse contains the response from method MetadataClient.List. +type MetadataClientListResponse struct { + MetadataList +} + +// MetadataClientUpdateResponse contains the response from method MetadataClient.Update. +type MetadataClientUpdateResponse struct { + MetadataModel +} + +// OfficeConsentsClientDeleteResponse contains the response from method OfficeConsentsClient.Delete. +type OfficeConsentsClientDeleteResponse struct { + // placeholder for future response values +} + +// OfficeConsentsClientGetResponse contains the response from method OfficeConsentsClient.Get. +type OfficeConsentsClientGetResponse struct { + OfficeConsent +} + +// OfficeConsentsClientListResponse contains the response from method OfficeConsentsClient.List. +type OfficeConsentsClientListResponse struct { + OfficeConsentList +} + // OperationsClientListResponse contains the response from method OperationsClient.List. type OperationsClientListResponse struct { OperationsList } +// ProductSettingsClientDeleteResponse contains the response from method ProductSettingsClient.Delete. +type ProductSettingsClientDeleteResponse struct { + // placeholder for future response values +} + +// ProductSettingsClientGetResponse contains the response from method ProductSettingsClient.Get. +type ProductSettingsClientGetResponse struct { + SettingsClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientGetResponse. +func (p *ProductSettingsClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalSettingsClassification(data) + if err != nil { + return err + } + p.SettingsClassification = res + return nil +} + +// ProductSettingsClientListResponse contains the response from method ProductSettingsClient.List. +type ProductSettingsClientListResponse struct { + SettingList +} + +// ProductSettingsClientUpdateResponse contains the response from method ProductSettingsClient.Update. +type ProductSettingsClientUpdateResponse struct { + SettingsClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientUpdateResponse. +func (p *ProductSettingsClientUpdateResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalSettingsClassification(data) + if err != nil { + return err + } + p.SettingsClassification = res + return nil +} + +// SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse contains the response from method SecurityMLAnalyticsSettingsClient.CreateOrUpdate. +type SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse struct { + SecurityMLAnalyticsSettingClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse. +func (s *SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalSecurityMLAnalyticsSettingClassification(data) + if err != nil { + return err + } + s.SecurityMLAnalyticsSettingClassification = res + return nil +} + +// SecurityMLAnalyticsSettingsClientDeleteResponse contains the response from method SecurityMLAnalyticsSettingsClient.Delete. +type SecurityMLAnalyticsSettingsClientDeleteResponse struct { + // placeholder for future response values +} + +// SecurityMLAnalyticsSettingsClientGetResponse contains the response from method SecurityMLAnalyticsSettingsClient.Get. +type SecurityMLAnalyticsSettingsClientGetResponse struct { + SecurityMLAnalyticsSettingClassification +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsClientGetResponse. +func (s *SecurityMLAnalyticsSettingsClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalSecurityMLAnalyticsSettingClassification(data) + if err != nil { + return err + } + s.SecurityMLAnalyticsSettingClassification = res + return nil +} + +// SecurityMLAnalyticsSettingsClientListResponse contains the response from method SecurityMLAnalyticsSettingsClient.List. +type SecurityMLAnalyticsSettingsClientListResponse struct { + SecurityMLAnalyticsSettingsList +} + // SentinelOnboardingStatesClientCreateResponse contains the response from method SentinelOnboardingStatesClient.Create. type SentinelOnboardingStatesClientCreateResponse struct { SentinelOnboardingState @@ -269,6 +560,31 @@ type SentinelOnboardingStatesClientListResponse struct { SentinelOnboardingStatesList } +// SourceControlClientListRepositoriesResponse contains the response from method SourceControlClient.ListRepositories. +type SourceControlClientListRepositoriesResponse struct { + RepoList +} + +// SourceControlsClientCreateResponse contains the response from method SourceControlsClient.Create. +type SourceControlsClientCreateResponse struct { + SourceControl +} + +// SourceControlsClientDeleteResponse contains the response from method SourceControlsClient.Delete. +type SourceControlsClientDeleteResponse struct { + // placeholder for future response values +} + +// SourceControlsClientGetResponse contains the response from method SourceControlsClient.Get. +type SourceControlsClientGetResponse struct { + SourceControl +} + +// SourceControlsClientListResponse contains the response from method SourceControlsClient.List. +type SourceControlsClientListResponse struct { + SourceControlList +} + // ThreatIntelligenceIndicatorClientAppendTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.AppendTags. type ThreatIntelligenceIndicatorClientAppendTagsResponse struct { // placeholder for future response values @@ -377,11 +693,14 @@ type WatchlistItemsClientListResponse struct { // WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate. type WatchlistsClientCreateOrUpdateResponse struct { Watchlist + // AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response. + AzureAsyncOperation *string } // WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete. type WatchlistsClientDeleteResponse struct { - // placeholder for future response values + // AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response. + AzureAsyncOperation *string } // WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get. diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_securitymlanalyticssettings_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_securitymlanalyticssettings_client.go new file mode 100644 index 000000000000..406c9e68fe67 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_securitymlanalyticssettings_client.go @@ -0,0 +1,303 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// SecurityMLAnalyticsSettingsClient contains the methods for the SecurityMLAnalyticsSettings group. +// Don't use this type directly, use NewSecurityMLAnalyticsSettingsClient() instead. +type SecurityMLAnalyticsSettingsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewSecurityMLAnalyticsSettingsClient creates a new instance of SecurityMLAnalyticsSettingsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewSecurityMLAnalyticsSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SecurityMLAnalyticsSettingsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &SecurityMLAnalyticsSettingsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// CreateOrUpdate - Creates or updates the Security ML Analytics Settings. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsResourceName - Security ML Analytics Settings resource name +// securityMLAnalyticsSetting - The security ML Analytics setting +// options - SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.CreateOrUpdate +// method. +func (client *SecurityMLAnalyticsSettingsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, securityMLAnalyticsSetting SecurityMLAnalyticsSettingClassification, options *SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions) (SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse, error) { + req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, settingsResourceName, securityMLAnalyticsSetting, options) + if err != nil { + return SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) { + return SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{}, runtime.NewResponseError(resp) + } + return client.createOrUpdateHandleResponse(resp) +} + +// createOrUpdateCreateRequest creates the CreateOrUpdate request. +func (client *SecurityMLAnalyticsSettingsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, securityMLAnalyticsSetting SecurityMLAnalyticsSettingClassification, options *SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsResourceName == "" { + return nil, errors.New("parameter settingsResourceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsResourceName}", url.PathEscape(settingsResourceName)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, securityMLAnalyticsSetting) +} + +// createOrUpdateHandleResponse handles the CreateOrUpdate response. +func (client *SecurityMLAnalyticsSettingsClient) createOrUpdateHandleResponse(resp *http.Response) (SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse, error) { + result := SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{}, err + } + return result, nil +} + +// Delete - Delete the Security ML Analytics Settings. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsResourceName - Security ML Analytics Settings resource name +// options - SecurityMLAnalyticsSettingsClientDeleteOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Delete +// method. +func (client *SecurityMLAnalyticsSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientDeleteOptions) (SecurityMLAnalyticsSettingsClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, settingsResourceName, options) + if err != nil { + return SecurityMLAnalyticsSettingsClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SecurityMLAnalyticsSettingsClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return SecurityMLAnalyticsSettingsClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return SecurityMLAnalyticsSettingsClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *SecurityMLAnalyticsSettingsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsResourceName == "" { + return nil, errors.New("parameter settingsResourceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsResourceName}", url.PathEscape(settingsResourceName)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets the Security ML Analytics Settings. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// settingsResourceName - Security ML Analytics Settings resource name +// options - SecurityMLAnalyticsSettingsClientGetOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Get +// method. +func (client *SecurityMLAnalyticsSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientGetOptions) (SecurityMLAnalyticsSettingsClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, settingsResourceName, options) + if err != nil { + return SecurityMLAnalyticsSettingsClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SecurityMLAnalyticsSettingsClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SecurityMLAnalyticsSettingsClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *SecurityMLAnalyticsSettingsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if settingsResourceName == "" { + return nil, errors.New("parameter settingsResourceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{settingsResourceName}", url.PathEscape(settingsResourceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *SecurityMLAnalyticsSettingsClient) getHandleResponse(resp *http.Response) (SecurityMLAnalyticsSettingsClientGetResponse, error) { + result := SecurityMLAnalyticsSettingsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return SecurityMLAnalyticsSettingsClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all Security ML Analytics Settings. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - SecurityMLAnalyticsSettingsClientListOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.List +// method. +func (client *SecurityMLAnalyticsSettingsClient) NewListPager(resourceGroupName string, workspaceName string, options *SecurityMLAnalyticsSettingsClientListOptions) *runtime.Pager[SecurityMLAnalyticsSettingsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[SecurityMLAnalyticsSettingsClientListResponse]{ + More: func(page SecurityMLAnalyticsSettingsClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *SecurityMLAnalyticsSettingsClientListResponse) (SecurityMLAnalyticsSettingsClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return SecurityMLAnalyticsSettingsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SecurityMLAnalyticsSettingsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SecurityMLAnalyticsSettingsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *SecurityMLAnalyticsSettingsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *SecurityMLAnalyticsSettingsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *SecurityMLAnalyticsSettingsClient) listHandleResponse(resp *http.Response) (SecurityMLAnalyticsSettingsClientListResponse, error) { + result := SecurityMLAnalyticsSettingsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SecurityMLAnalyticsSettingsList); err != nil { + return SecurityMLAnalyticsSettingsClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sentinelonboardingstates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sentinelonboardingstates_client.go index 52d1b7bdaca8..a9fb104e4e16 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sentinelonboardingstates_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sentinelonboardingstates_client.go @@ -56,7 +56,7 @@ func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore. // Create - Create Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -101,7 +101,7 @@ func (client *SentinelOnboardingStatesClient) createCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if options != nil && options.SentinelOnboardingStateParameter != nil { @@ -121,7 +121,7 @@ func (client *SentinelOnboardingStatesClient) createHandleResponse(resp *http.Re // Delete - Delete Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -166,7 +166,7 @@ func (client *SentinelOnboardingStatesClient) deleteCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -174,7 +174,7 @@ func (client *SentinelOnboardingStatesClient) deleteCreateRequest(ctx context.Co // Get - Get Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -219,7 +219,7 @@ func (client *SentinelOnboardingStatesClient) getCreateRequest(ctx context.Conte return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -236,7 +236,7 @@ func (client *SentinelOnboardingStatesClient) getHandleResponse(resp *http.Respo // List - Gets all Sentinel onboarding states // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List @@ -276,7 +276,7 @@ func (client *SentinelOnboardingStatesClient) listCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrol_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrol_client.go new file mode 100644 index 000000000000..44ab451b7c57 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrol_client.go @@ -0,0 +1,126 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// SourceControlClient contains the methods for the SourceControl group. +// Don't use this type directly, use NewSourceControlClient() instead. +type SourceControlClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewSourceControlClient creates a new instance of SourceControlClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewSourceControlClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &SourceControlClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// NewListRepositoriesPager - Gets a list of repositories metadata. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// repoType - The repo type. +// options - SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories +// method. +func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) *runtime.Pager[SourceControlClientListRepositoriesResponse] { + return runtime.NewPager(runtime.PagingHandler[SourceControlClientListRepositoriesResponse]{ + More: func(page SourceControlClientListRepositoriesResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *SourceControlClientListRepositoriesResponse) (SourceControlClientListRepositoriesResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listRepositoriesCreateRequest(ctx, resourceGroupName, workspaceName, repoType, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return SourceControlClientListRepositoriesResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SourceControlClientListRepositoriesResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SourceControlClientListRepositoriesResponse{}, runtime.NewResponseError(resp) + } + return client.listRepositoriesHandleResponse(resp) + }, + }) +} + +// listRepositoriesCreateRequest creates the ListRepositories request. +func (client *SourceControlClient) listRepositoriesCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, repoType) +} + +// listRepositoriesHandleResponse handles the ListRepositories response. +func (client *SourceControlClient) listRepositoriesHandleResponse(resp *http.Response) (SourceControlClientListRepositoriesResponse, error) { + result := SourceControlClientListRepositoriesResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.RepoList); err != nil { + return SourceControlClientListRepositoriesResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrols_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrols_client.go new file mode 100644 index 000000000000..0fb473103c49 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_sourcecontrols_client.go @@ -0,0 +1,299 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + armruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// SourceControlsClient contains the methods for the SourceControls group. +// Don't use this type directly, use NewSourceControlsClient() instead. +type SourceControlsClient struct { + host string + subscriptionID string + pl runtime.Pipeline +} + +// NewSourceControlsClient creates a new instance of SourceControlsClient with the specified values. +// subscriptionID - The ID of the target subscription. +// credential - used to authorize requests. Usually a credential from azidentity. +// options - pass nil to accept the default values. +func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlsClient, error) { + if options == nil { + options = &arm.ClientOptions{} + } + ep := cloud.AzurePublic.Services[cloud.ResourceManager].Endpoint + if c, ok := options.Cloud.Services[cloud.ResourceManager]; ok { + ep = c.Endpoint + } + pl, err := armruntime.NewPipeline(moduleName, moduleVersion, credential, runtime.PipelineOptions{}, options) + if err != nil { + return nil, err + } + client := &SourceControlsClient{ + subscriptionID: subscriptionID, + host: ep, + pl: pl, + } + return client, nil +} + +// Create - Creates a source control. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// sourceControlID - Source control Id +// sourceControl - The SourceControl +// options - SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method. +func (client *SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl, options *SourceControlsClientCreateOptions) (SourceControlsClientCreateResponse, error) { + req, err := client.createCreateRequest(ctx, resourceGroupName, workspaceName, sourceControlID, sourceControl, options) + if err != nil { + return SourceControlsClientCreateResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SourceControlsClientCreateResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusCreated) { + return SourceControlsClientCreateResponse{}, runtime.NewResponseError(resp) + } + return client.createHandleResponse(resp) +} + +// createCreateRequest creates the Create request. +func (client *SourceControlsClient) createCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl, options *SourceControlsClientCreateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if sourceControlID == "" { + return nil, errors.New("parameter sourceControlID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{sourceControlId}", url.PathEscape(sourceControlID)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, runtime.MarshalAsJSON(req, sourceControl) +} + +// createHandleResponse handles the Create response. +func (client *SourceControlsClient) createHandleResponse(resp *http.Response) (SourceControlsClientCreateResponse, error) { + result := SourceControlsClientCreateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SourceControl); err != nil { + return SourceControlsClientCreateResponse{}, err + } + return result, nil +} + +// Delete - Delete a source control. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// sourceControlID - Source control Id +// options - SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method. +func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error) { + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, sourceControlID, options) + if err != nil { + return SourceControlsClientDeleteResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SourceControlsClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { + return SourceControlsClientDeleteResponse{}, runtime.NewResponseError(resp) + } + return SourceControlsClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *SourceControlsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if sourceControlID == "" { + return nil, errors.New("parameter sourceControlID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{sourceControlId}", url.PathEscape(sourceControlID)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets a source control byt its identifier. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// sourceControlID - Source control Id +// options - SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method. +func (client *SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientGetOptions) (SourceControlsClientGetResponse, error) { + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, sourceControlID, options) + if err != nil { + return SourceControlsClientGetResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SourceControlsClientGetResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SourceControlsClientGetResponse{}, runtime.NewResponseError(resp) + } + return client.getHandleResponse(resp) +} + +// getCreateRequest creates the Get request. +func (client *SourceControlsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if sourceControlID == "" { + return nil, errors.New("parameter sourceControlID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{sourceControlId}", url.PathEscape(sourceControlID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *SourceControlsClient) getHandleResponse(resp *http.Response) (SourceControlsClientGetResponse, error) { + result := SourceControlsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SourceControl); err != nil { + return SourceControlsClientGetResponse{}, err + } + return result, nil +} + +// NewListPager - Gets all source controls, without source control items. +// If the operation fails it returns an *azcore.ResponseError type. +// Generated from API version 2022-05-01-preview +// resourceGroupName - The name of the resource group. The name is case insensitive. +// workspaceName - The name of the workspace. +// options - SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method. +func (client *SourceControlsClient) NewListPager(resourceGroupName string, workspaceName string, options *SourceControlsClientListOptions) *runtime.Pager[SourceControlsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[SourceControlsClientListResponse]{ + More: func(page SourceControlsClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *SourceControlsClientListResponse) (SourceControlsClientListResponse, error) { + var req *policy.Request + var err error + if page == nil { + req, err = client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + } else { + req, err = runtime.NewRequest(ctx, http.MethodGet, *page.NextLink) + } + if err != nil { + return SourceControlsClientListResponse{}, err + } + resp, err := client.pl.Do(req) + if err != nil { + return SourceControlsClientListResponse{}, err + } + if !runtime.HasStatusCode(resp, http.StatusOK) { + return SourceControlsClientListResponse{}, runtime.NewResponseError(resp) + } + return client.listHandleResponse(resp) + }, + }) +} + +// listCreateRequest creates the List request. +func (client *SourceControlsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *SourceControlsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.host, urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2022-05-01-preview") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *SourceControlsClient) listHandleResponse(resp *http.Response) (SourceControlsClientListResponse, error) { + result := SourceControlsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.SourceControlList); err != nil { + return SourceControlsClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicator_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicator_client.go index e938b8506a7b..7e7f314c3fd5 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicator_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicator_client.go @@ -56,7 +56,7 @@ func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azco // AppendTags - Append tags to a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // name - Threat intelligence indicator name field. @@ -102,7 +102,7 @@ func (client *ThreatIntelligenceIndicatorClient) appendTagsCreateRequest(ctx con return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, threatIntelligenceAppendTags) @@ -110,7 +110,7 @@ func (client *ThreatIntelligenceIndicatorClient) appendTagsCreateRequest(ctx con // Create - Update a threat Intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // name - Threat intelligence indicator name field. @@ -156,7 +156,7 @@ func (client *ThreatIntelligenceIndicatorClient) createCreateRequest(ctx context return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, threatIntelligenceProperties) @@ -173,7 +173,7 @@ func (client *ThreatIntelligenceIndicatorClient) createHandleResponse(resp *http // CreateIndicator - Create a new threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. @@ -214,7 +214,7 @@ func (client *ThreatIntelligenceIndicatorClient) createIndicatorCreateRequest(ct return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, threatIntelligenceProperties) @@ -231,7 +231,7 @@ func (client *ThreatIntelligenceIndicatorClient) createIndicatorHandleResponse(r // Delete - Delete a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // name - Threat intelligence indicator name field. @@ -276,7 +276,7 @@ func (client *ThreatIntelligenceIndicatorClient) deleteCreateRequest(ctx context return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -284,7 +284,7 @@ func (client *ThreatIntelligenceIndicatorClient) deleteCreateRequest(ctx context // Get - View a threat intelligence indicator by name. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // name - Threat intelligence indicator name field. @@ -329,7 +329,7 @@ func (client *ThreatIntelligenceIndicatorClient) getCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -346,7 +346,7 @@ func (client *ThreatIntelligenceIndicatorClient) getHandleResponse(resp *http.Re // NewQueryIndicatorsPager - Query threat intelligence indicators as per filtering criteria. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators. @@ -400,7 +400,7 @@ func (client *ThreatIntelligenceIndicatorClient) queryIndicatorsCreateRequest(ct return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, threatIntelligenceFilteringCriteria) @@ -417,7 +417,7 @@ func (client *ThreatIntelligenceIndicatorClient) queryIndicatorsHandleResponse(r // ReplaceTags - Replace tags added to a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // name - Threat intelligence indicator name field. @@ -463,7 +463,7 @@ func (client *ThreatIntelligenceIndicatorClient) replaceTagsCreateRequest(ctx co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, threatIntelligenceReplaceTags) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicatormetrics_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicatormetrics_client.go index d30f7b6badf1..6eae22aa50dc 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicatormetrics_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicatormetrics_client.go @@ -56,7 +56,7 @@ func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credenti // List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List @@ -96,7 +96,7 @@ func (client *ThreatIntelligenceIndicatorMetricsClient) listCreateRequest(ctx co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicators_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicators_client.go index 491eee2829b1..df93e12c970e 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicators_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_threatintelligenceindicators_client.go @@ -57,7 +57,7 @@ func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azc // NewListPager - Get all threat intelligence indicators. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.List @@ -110,19 +110,19 @@ func (client *ThreatIntelligenceIndicatorsClient) listCreateRequest(ctx context. return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.Filter != nil { reqQP.Set("$filter", *options.Filter) } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } if options != nil && options.SkipToken != nil { reqQP.Set("$skipToken", *options.SkipToken) } - if options != nil && options.Orderby != nil { - reqQP.Set("$orderby", *options.Orderby) - } req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlistitems_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlistitems_client.go index 38cb0f2d1794..bea60fa242e9 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlistitems_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlistitems_client.go @@ -54,13 +54,13 @@ func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCrede return client, nil } -// CreateOrUpdate - Create or update a watchlist item. +// CreateOrUpdate - Creates or updates a watchlist item. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias -// watchlistItemID - The watchlist item id (GUID) +// watchlistAlias - Watchlist Alias +// watchlistItemID - Watchlist Item Id (GUID) // watchlistItem - The watchlist item // options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate // method. @@ -107,7 +107,7 @@ func (client *WatchlistItemsClient) createOrUpdateCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, watchlistItem) @@ -124,11 +124,11 @@ func (client *WatchlistItemsClient) createOrUpdateHandleResponse(resp *http.Resp // Delete - Delete a watchlist item. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias -// watchlistItemID - The watchlist item id (GUID) +// watchlistAlias - Watchlist Alias +// watchlistItemID - Watchlist Item Id (GUID) // options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method. func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error) { req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, watchlistItemID, options) @@ -173,19 +173,19 @@ func (client *WatchlistItemsClient) deleteCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Get a watchlist item. +// Get - Gets a watchlist, without its watchlist items. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias -// watchlistItemID - The watchlist item id (GUID) +// watchlistAlias - Watchlist Alias +// watchlistItemID - Watchlist Item Id (GUID) // options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method. func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error) { req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, watchlistItemID, options) @@ -230,7 +230,7 @@ func (client *WatchlistItemsClient) getCreateRequest(ctx context.Context, resour return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -245,12 +245,12 @@ func (client *WatchlistItemsClient) getHandleResponse(resp *http.Response) (Watc return result, nil } -// NewListPager - Get all watchlist Items. +// NewListPager - Gets all watchlist Items. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias +// watchlistAlias - Watchlist Alias // options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.List method. func (client *WatchlistItemsClient) NewListPager(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *runtime.Pager[WatchlistItemsClientListResponse] { return runtime.NewPager(runtime.PagingHandler[WatchlistItemsClientListResponse]{ @@ -304,7 +304,7 @@ func (client *WatchlistItemsClient) listCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.SkipToken != nil { reqQP.Set("$skipToken", *options.SkipToken) } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlists_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlists_client.go index 03e317165503..6770819081d5 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlists_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/zz_generated_watchlists_client.go @@ -55,13 +55,16 @@ func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredentia } // CreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). -// To create a Watchlist and its Items, we should call this endpoint with rawContent and -// contentType properties. +// To create a Watchlist and its Items, we should call this endpoint with either rawContent or a +// valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). +// The SAS URI enables the creation of large watchlist, where the content size can +// go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation +// header. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias +// watchlistAlias - Watchlist Alias // watchlist - The watchlist // options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate // method. @@ -104,7 +107,7 @@ func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, runtime.MarshalAsJSON(req, watchlist) @@ -113,6 +116,9 @@ func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, // createOrUpdateHandleResponse handles the CreateOrUpdate response. func (client *WatchlistsClient) createOrUpdateHandleResponse(resp *http.Response) (WatchlistsClientCreateOrUpdateResponse, error) { result := WatchlistsClientCreateOrUpdateResponse{} + if val := resp.Header.Get("Azure-AsyncOperation"); val != "" { + result.AzureAsyncOperation = &val + } if err := runtime.UnmarshalAsJSON(resp, &result.Watchlist); err != nil { return WatchlistsClientCreateOrUpdateResponse{}, err } @@ -121,10 +127,10 @@ func (client *WatchlistsClient) createOrUpdateHandleResponse(resp *http.Response // Delete - Delete a watchlist. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias +// watchlistAlias - Watchlist Alias // options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method. func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error) { req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, options) @@ -138,7 +144,7 @@ func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName st if !runtime.HasStatusCode(resp, http.StatusOK, http.StatusNoContent) { return WatchlistsClientDeleteResponse{}, runtime.NewResponseError(resp) } - return WatchlistsClientDeleteResponse{}, nil + return client.deleteHandleResponse(resp) } // deleteCreateRequest creates the Delete request. @@ -165,18 +171,27 @@ func (client *WatchlistsClient) deleteCreateRequest(ctx context.Context, resourc return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Get a watchlist, without its watchlist items. +// deleteHandleResponse handles the Delete response. +func (client *WatchlistsClient) deleteHandleResponse(resp *http.Response) (WatchlistsClientDeleteResponse, error) { + result := WatchlistsClientDeleteResponse{} + if val := resp.Header.Get("Azure-AsyncOperation"); val != "" { + result.AzureAsyncOperation = &val + } + return result, nil +} + +// Get - Gets a watchlist, without its watchlist items. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. -// watchlistAlias - The watchlist alias +// watchlistAlias - Watchlist Alias // options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method. func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error) { req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, options) @@ -217,7 +232,7 @@ func (client *WatchlistsClient) getCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -232,9 +247,9 @@ func (client *WatchlistsClient) getHandleResponse(resp *http.Response) (Watchlis return result, nil } -// NewListPager - Get all watchlists, without watchlist items. +// NewListPager - Gets all watchlists, without watchlist items. // If the operation fails it returns an *azcore.ResponseError type. -// Generated from API version 2021-10-01 +// Generated from API version 2022-05-01-preview // resourceGroupName - The name of the resource group. The name is case insensitive. // workspaceName - The name of the workspace. // options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.List method. @@ -286,7 +301,7 @@ func (client *WatchlistsClient) listCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2021-10-01") + reqQP.Set("api-version", "2022-05-01-preview") if options != nil && options.SkipToken != nil { reqQP.Set("$skipToken", *options.SkipToken) }