sdk/securityinsight/arm-securityinsight/src/models/index.ts

/*
 * Copyright (c) Microsoft Corporation.
 * Licensed under the MIT License.
 *
 * Code generated by Microsoft (R) AutoRest Code Generator.
 * Changes may cause incorrect behavior and will be lost if the code is regenerated.
 */

import * as coreClient from "@azure/core-client";

export type AutomationRuleConditionUnion =
  | AutomationRuleCondition
  | PropertyConditionProperties;
export type AutomationRuleActionUnion =
  | AutomationRuleAction
  | AutomationRuleModifyPropertiesAction
  | AutomationRuleRunPlaybookAction;
export type EntityTimelineItemUnion =
  | EntityTimelineItem
  | ActivityTimelineItem
  | BookmarkTimelineItem
  | SecurityAlertTimelineItem;
export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem;
export type DataConnectorsCheckRequirementsUnion =
  | DataConnectorsCheckRequirements
  | AADCheckRequirements
  | AatpCheckRequirements
  | ASCCheckRequirements
  | AwsCloudTrailCheckRequirements
  | AwsS3CheckRequirements
  | Dynamics365CheckRequirements
  | McasCheckRequirements
  | MdatpCheckRequirements
  | MstiCheckRequirements
  | MtpCheckRequirements
  | OfficeATPCheckRequirements
  | OfficeIRMCheckRequirements
  | Office365ProjectCheckRequirements
  | OfficePowerBICheckRequirements
  | TICheckRequirements
  | TiTaxiiCheckRequirements
  | IoTCheckRequirements;
export type AlertRuleTemplateUnion =
  | AlertRuleTemplate
  | MLBehaviorAnalyticsAlertRuleTemplate
  | FusionAlertRuleTemplate
  | ThreatIntelligenceAlertRuleTemplate
  | MicrosoftSecurityIncidentCreationAlertRuleTemplate
  | ScheduledAlertRuleTemplate
  | NrtAlertRuleTemplate;
export type EntityUnion =
  | Entity
  | SecurityAlert
  | HuntingBookmark
  | AccountEntity
  | AzureResourceEntity
  | CloudApplicationEntity
  | DnsEntity
  | FileEntity
  | FileHashEntity
  | HostEntity
  | IoTDeviceEntity
  | IpEntity
  | MailboxEntity
  | MailClusterEntity
  | MailMessageEntity
  | MalwareEntity
  | ProcessEntity
  | RegistryKeyEntity
  | RegistryValueEntity
  | SecurityGroupEntity
  | SubmissionMailEntity
  | UrlEntity;
export type EntityQueryTemplateUnion =
  | EntityQueryTemplate
  | ActivityEntityQueryTemplate;
export type AlertRuleUnion =
  | AlertRule
  | MLBehaviorAnalyticsAlertRule
  | FusionAlertRule
  | ThreatIntelligenceAlertRule
  | MicrosoftSecurityIncidentCreationAlertRule
  | ScheduledAlertRule
  | NrtAlertRule;
export type EntityQueryUnion =
  | EntityQuery
  | ExpansionEntityQuery
  | ActivityEntityQuery;
export type CustomEntityQueryUnion =
  | CustomEntityQuery
  | ActivityCustomEntityQuery;
export type SettingsUnion =
  | Settings
  | Anomalies
  | EyesOn
  | EntityAnalytics
  | Ueba;
export type ThreatIntelligenceInformationUnion =
  | ThreatIntelligenceInformation
  | ThreatIntelligenceIndicatorModel;
export type DataConnectorUnion =
  | DataConnector
  | AADDataConnector
  | MstiDataConnector
  | MTPDataConnector
  | AatpDataConnector
  | ASCDataConnector
  | AwsCloudTrailDataConnector
  | AwsS3DataConnector
  | McasDataConnector
  | Dynamics365DataConnector
  | OfficeATPDataConnector
  | Office365ProjectDataConnector
  | OfficePowerBIDataConnector
  | OfficeIRMDataConnector
  | MdatpDataConnector
  | OfficeDataConnector
  | TIDataConnector
  | TiTaxiiDataConnector
  | IoTDataConnector
  | CodelessUiDataConnector
  | CodelessApiPollingDataConnector;

/** List all the alert rules. */
export interface AlertRulesList {
  /**
   * URL to fetch the next set of alert rules.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of alert rules. */
  value: AlertRuleUnion[];
}

/** Common fields that are returned in the response for all Azure Resource Manager resources */
export interface Resource {
  /**
   * Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly id?: string;
  /**
   * The name of the resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly name?: string;
  /**
   * The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly type?: string;
  /**
   * Azure Resource Manager metadata containing createdBy and modifiedBy information.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly systemData?: SystemData;
}

/** Metadata pertaining to creation and last modification of the resource. */
export interface SystemData {
  /** The identity that created the resource. */
  createdBy?: string;
  /** The type of identity that created the resource. */
  createdByType?: CreatedByType;
  /** The timestamp of resource creation (UTC). */
  createdAt?: Date;
  /** The identity that last modified the resource. */
  lastModifiedBy?: string;
  /** The type of identity that last modified the resource. */
  lastModifiedByType?: CreatedByType;
  /** The timestamp of resource last modification (UTC) */
  lastModifiedAt?: Date;
}

/** Error response structure. */
export interface CloudError {
  /** Error data */
  error?: CloudErrorBody;
}

/** Error details. */
export interface CloudErrorBody {
  /**
   * An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly code?: string;
  /**
   * A message describing the error, intended to be suitable for display in a user interface.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly message?: string;
}

/** List all the actions. */
export interface ActionsList {
  /**
   * URL to fetch the next set of actions.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of actions. */
  value: ActionResponse[];
}

/** Action property bag base. */
export interface ActionPropertiesBase {
  /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
  logicAppResourceId: string;
}

/** List all the alert rule templates. */
export interface AlertRuleTemplatesList {
  /**
   * URL to fetch the next set of alert rule templates.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of alert rule templates. */
  value: AlertRuleTemplateUnion[];
}

/** Describes automation rule triggering logic */
export interface AutomationRuleTriggeringLogic {
  /** Determines whether the automation rule is enabled or disabled */
  isEnabled: boolean;
  /** Determines when the automation rule should automatically expire and be disabled. */
  expirationTimeUtc?: Date;
  triggersOn: TriggersOn;
  triggersWhen: TriggersWhen;
  /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */
  conditions?: AutomationRuleConditionUnion[];
}

/** Describes an automation rule condition */
export interface AutomationRuleCondition {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  conditionType: "Property";
}

/** Describes an automation rule action */
export interface AutomationRuleAction {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  actionType: "ModifyProperties" | "RunPlaybook";
  order: number;
}

/** Information on the client (user or application) that made some action */
export interface ClientInfo {
  /** The email of the client. */
  email?: string;
  /** The name of the client. */
  name?: string;
  /** The object id of the client. */
  objectId?: string;
  /** The user principal name of the client. */
  userPrincipalName?: string;
}

export interface AutomationRulesList {
  value?: AutomationRule[];
  nextLink?: string;
}

export interface ManualTriggerRequestBody {
  tenantId?: string;
  logicAppsResourceId?: string;
}

/** List all the bookmarks. */
export interface BookmarkList {
  /**
   * URL to fetch the next set of bookmarks.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of bookmarks. */
  value: Bookmark[];
}

/** User information that made some action */
export interface UserInfo {
  /**
   * The email of the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly email?: string;
  /**
   * The name of the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly name?: string;
  /** The object id of the user. */
  objectId?: string;
}

/** Describes related incident information for the bookmark */
export interface IncidentInfo {
  /** Incident Id */
  incidentId?: string;
  /** The severity of the incident */
  severity?: IncidentSeverity;
  /** The title of the incident */
  title?: string;
  /** Relation Name */
  relationName?: string;
}

/** Describes the entity mappings of a single entity */
export interface BookmarkEntityMappings {
  /** The entity type */
  entityType?: string;
  /** Array of fields mapping for that entity type */
  fieldMappings?: EntityFieldMapping[];
}

/** Map identifiers of a single entity */
export interface EntityFieldMapping {
  /** Alert V3 identifier */
  identifier?: string;
  /** The value of the identifier */
  value?: string;
}

/** List of relations. */
export interface RelationList {
  /**
   * URL to fetch the next set of relations.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of relations. */
  value: Relation[];
}

/** The parameters required to execute an expand operation on the given bookmark. */
export interface BookmarkExpandParameters {
  /** The end date filter, so the only expansion results returned are before this date. */
  endTime?: Date;
  /** The Id of the expansion to perform. */
  expansionId?: string;
  /** The start date filter, so the only expansion results returned are after this date. */
  startTime?: Date;
}

/** The entity expansion result operation response. */
export interface BookmarkExpandResponse {
  /** The metadata from the expansion operation results. */
  metaData?: ExpansionResultsMetadata;
  /** The expansion result values. */
  value?: BookmarkExpandResponseValue;
}

/** Expansion result metadata. */
export interface ExpansionResultsMetadata {
  /** Information of the aggregated nodes in the expansion result. */
  aggregations?: ExpansionResultAggregation[];
}

/** Information of a specific aggregation in the expansion result. */
export interface ExpansionResultAggregation {
  /** The common type of the aggregation. (for e.g. entity field name) */
  aggregationType?: string;
  /** Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. */
  count: number;
  /** The display name of the aggregation by type. */
  displayName?: string;
  /** The kind of the aggregated entity. */
  entityKind: EntityKind;
}

/** The expansion result values. */
export interface BookmarkExpandResponseValue {
  /** Array of the expansion result entities. */
  entities?: EntityUnion[];
  /** Array of expansion result connected entities */
  edges?: ConnectedEntity[];
}

/** Expansion result connected entities */
export interface ConnectedEntity {
  /** Entity Id of the connected entity */
  targetEntityId?: string;
  /** key-value pairs for a connected entity mapping */
  additionalData?: Record<string, unknown>;
}

/** Geodata information for a given IP address */
export interface EnrichmentIpGeodata {
  /** The autonomous system number associated with this IP address */
  asn?: string;
  /** The name of the carrier for this IP address */
  carrier?: string;
  /** The city this IP address is located in */
  city?: string;
  /** A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 */
  cityCf?: number;
  /** The continent this IP address is located on */
  continent?: string;
  /** The county this IP address is located in */
  country?: string;
  /** A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 */
  countryCf?: number;
  /** The dotted-decimal or colon-separated string representation of the IP address */
  ipAddr?: string;
  /** A description of the connection type of this IP address */
  ipRoutingType?: string;
  /** The latitude of this IP address */
  latitude?: string;
  /** The longitude of this IP address */
  longitude?: string;
  /** The name of the organization for this IP address */
  organization?: string;
  /** The type of the organization for this IP address */
  organizationType?: string;
  /** The geographic region this IP address is located in */
  region?: string;
  /** The state this IP address is located in */
  state?: string;
  /** A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 */
  stateCf?: number;
  /** The abbreviated name for the state this IP address is located in */
  stateCode?: string;
}

/** Whois information for a given domain and associated metadata */
export interface EnrichmentDomainWhois {
  /** The domain for this whois record */
  domain?: string;
  /** The hostname of this registrar's whois server */
  server?: string;
  /** The timestamp at which this record was created */
  created?: Date;
  /** The timestamp at which this record was last updated */
  updated?: Date;
  /** The timestamp at which this record will expire */
  expires?: Date;
  /** The whois record for a given domain */
  parsedWhois?: EnrichmentDomainWhoisDetails;
}

/** The whois record for a given domain */
export interface EnrichmentDomainWhoisDetails {
  /** The registrar associated with this domain */
  registrar?: EnrichmentDomainWhoisRegistrarDetails;
  /** The set of contacts associated with this domain */
  contacts?: EnrichmentDomainWhoisContacts;
  /** A list of name servers associated with this domain */
  nameServers?: string[];
  /** The set of status flags for this whois record */
  statuses?: string[];
}

/** The registrar associated with this domain */
export interface EnrichmentDomainWhoisRegistrarDetails {
  /** The name of this registrar */
  name?: string;
  /** This registrar's abuse contact email */
  abuseContactEmail?: string;
  /** This registrar's abuse contact phone number */
  abuseContactPhone?: string;
  /** This registrar's Internet Assigned Numbers Authority id */
  ianaId?: string;
  /** This registrar's URL */
  url?: string;
  /** The hostname of this registrar's whois server */
  whoisServer?: string;
}

/** The set of contacts associated with this domain */
export interface EnrichmentDomainWhoisContacts {
  /** The admin contact for this whois record */
  admin?: EnrichmentDomainWhoisContact;
  /** The billing contact for this whois record */
  billing?: EnrichmentDomainWhoisContact;
  /** The registrant contact for this whois record */
  registrant?: EnrichmentDomainWhoisContact;
  /** The technical contact for this whois record */
  tech?: EnrichmentDomainWhoisContact;
}

/** An individual contact associated with this domain */
export interface EnrichmentDomainWhoisContact {
  /** The name of this contact */
  name?: string;
  /** The organization for this contact */
  org?: string;
  /** A list describing the street address for this contact */
  street?: string[];
  /** The city for this contact */
  city?: string;
  /** The state for this contact */
  state?: string;
  /** The postal code for this contact */
  postal?: string;
  /** The country for this contact */
  country?: string;
  /** The phone number for this contact */
  phone?: string;
  /** The fax number for this contact */
  fax?: string;
  /** The email address for this contact */
  email?: string;
}

/** List of all the entities. */
export interface EntityList {
  /**
   * URL to fetch the next set of entities.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of entities. */
  value: EntityUnion[];
}

/** The parameters required to execute an expand operation on the given entity. */
export interface EntityExpandParameters {
  /** The end date filter, so the only expansion results returned are before this date. */
  endTime?: Date;
  /** The Id of the expansion to perform. */
  expansionId?: string;
  /** The start date filter, so the only expansion results returned are after this date. */
  startTime?: Date;
}

/** The entity expansion result operation response. */
export interface EntityExpandResponse {
  /** The metadata from the expansion operation results. */
  metaData?: ExpansionResultsMetadata;
  /** The expansion result values. */
  value?: EntityExpandResponseValue;
}

/** The expansion result values. */
export interface EntityExpandResponseValue {
  /** Array of the expansion result entities. */
  entities?: EntityUnion[];
  /** Array of edges that connects the entity to the list of entities. */
  edges?: EntityEdges[];
}

/** The edge that connects the entity to the other entity. */
export interface EntityEdges {
  /** The target entity Id. */
  targetEntityId?: string;
  /** A bag of custom fields that should be part of the entity and will be presented to the user. */
  additionalData?: { [propertyName: string]: Record<string, unknown> };
}

/** The parameters required to execute s timeline operation on the given entity. */
export interface EntityTimelineParameters {
  /** Array of timeline Item kinds. */
  kinds?: EntityTimelineKind[];
  /** The start timeline date, so the results returned are after this date. */
  startTime: Date;
  /** The end timeline date, so the results returned are before this date. */
  endTime: Date;
  /** The number of bucket for timeline queries aggregation. */
  numberOfBucket?: number;
}

/** The entity timeline result operation response. */
export interface EntityTimelineResponse {
  /** The metadata from the timeline operation results. */
  metaData?: TimelineResultsMetadata;
  /** The timeline result values. */
  value?: EntityTimelineItemUnion[];
}

/** Expansion result metadata. */
export interface TimelineResultsMetadata {
  /** the total items found for the timeline request */
  totalCount: number;
  /** timeline aggregation per kind */
  aggregations: TimelineAggregation[];
  /** information about the failure queries */
  errors?: TimelineError[];
}

/** timeline aggregation information per kind */
export interface TimelineAggregation {
  /** the total items found for a kind */
  count: number;
  /** the query kind */
  kind: EntityTimelineKind;
}

/** Timeline Query Errors. */
export interface TimelineError {
  /** the query kind */
  kind: EntityTimelineKind;
  /** the query id */
  queryId?: string;
  /** the error message */
  errorMessage: string;
}

/** Entity timeline Item. */
export interface EntityTimelineItem {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Activity" | "Bookmark" | "SecurityAlert";
}

/** Retrieve queries for entity result operation response. */
export interface GetQueriesResponse {
  /** The query result values. */
  value?: EntityQueryItemUnion[];
}

/** An abstract Query item for entity */
export interface EntityQueryItem {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Insight";
  /**
   * Query Template ARM ID
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly id?: string;
  /** Query Template ARM Name */
  name?: string;
  /** ARM Type */
  type?: string;
}

/** The parameters required to execute insights operation on the given entity. */
export interface EntityGetInsightsParameters {
  /** The start timeline date, so the results returned are after this date. */
  startTime: Date;
  /** The end timeline date, so the results returned are before this date. */
  endTime: Date;
  /** Indicates if query time range should be extended with default time range of the query. Default value is false */
  addDefaultExtendedTimeRange?: boolean;
  /** List of Insights Query Id. If empty, default value is all insights of this entity */
  insightQueryIds?: string[];
}

/** The Get Insights result operation response. */
export interface EntityGetInsightsResponse {
  /** The metadata from the get insights operation results. */
  metaData?: GetInsightsResultsMetadata;
  /** The insights result values. */
  value?: EntityInsightItem[];
}

/** Get Insights result metadata. */
export interface GetInsightsResultsMetadata {
  /** the total items found for the insights request */
  totalCount: number;
  /** information about the failed queries */
  errors?: GetInsightsError[];
}

/** GetInsights Query Errors. */
export interface GetInsightsError {
  /** the query kind */
  kind: "Insight";
  /** the query id */
  queryId?: string;
  /** the error message */
  errorMessage: string;
}

/** Entity insight Item. */
export interface EntityInsightItem {
  /** The query id of the insight */
  queryId?: string;
  /** The Time interval that the query actually executed on. */
  queryTimeInterval?: EntityInsightItemQueryTimeInterval;
  /** Query results for table insights query. */
  tableQueryResults?: InsightsTableResult;
  /** Query results for table insights query. */
  chartQueryResults?: InsightsTableResult[];
}

/** The Time interval that the query actually executed on. */
export interface EntityInsightItemQueryTimeInterval {
  /** Insight query start time */
  startTime?: Date;
  /** Insight query end time */
  endTime?: Date;
}

/** Query results for table insights query. */
export interface InsightsTableResult {
  /** Columns Metadata of the table */
  columns?: InsightsTableResultColumnsItem[];
  /** Rows data of the table */
  rows?: string[][];
}

export interface InsightsTableResultColumnsItem {
  /** the type of the colum */
  type?: string;
  /** the name of the colum */
  name?: string;
}

/** List of all the entity queries. */
export interface EntityQueryList {
  /**
   * URL to fetch the next set of entity queries.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of entity queries. */
  value: EntityQueryUnion[];
}

/** List of all the entity query templates. */
export interface EntityQueryTemplateList {
  /**
   * URL to fetch the next set of entity query templates.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of entity query templates. */
  value: EntityQueryTemplateUnion[];
}

/** List all the incidents. */
export interface IncidentList {
  /**
   * URL to fetch the next set of incidents.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of incidents. */
  value: Incident[];
}

/** Incident additional data property bag. */
export interface IncidentAdditionalData {
  /**
   * The number of alerts in the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertsCount?: number;
  /**
   * The number of bookmarks in the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly bookmarksCount?: number;
  /**
   * The number of comments in the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly commentsCount?: number;
  /**
   * List of product names of alerts in the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertProductNames?: string[];
  /**
   * The provider incident url to the incident in Microsoft 365 Defender portal
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly providerIncidentUrl?: string;
  /**
   * The tactics associated with incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The techniques associated with incident's tactics'
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly techniques?: string[];
}

/** Represents an incident label */
export interface IncidentLabel {
  /** The name of the label */
  labelName: string;
  /**
   * The type of the label
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly labelType?: IncidentLabelType;
}

/** Information on the user an incident is assigned to */
export interface IncidentOwnerInfo {
  /** The email of the user the incident is assigned to. */
  email?: string;
  /** The name of the user the incident is assigned to. */
  assignedTo?: string;
  /** The object id of the user the incident is assigned to. */
  objectId?: string;
  /** The user principal name of the user the incident is assigned to. */
  userPrincipalName?: string;
  /**
   * The type of the owner the incident is assigned to.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ownerType?: OwnerType;
}

/** Describes team information */
export interface TeamInformation {
  /**
   * Team ID
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly teamId?: string;
  /**
   * The primary channel URL of the team
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly primaryChannelUrl?: string;
  /**
   * The time the team was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly teamCreationTimeUtc?: Date;
  /**
   * The name of the team
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly name?: string;
  /**
   * The description of the team
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
}

/** Describes team properties */
export interface TeamProperties {
  /** The name of the team */
  teamName: string;
  /** The description of the team */
  teamDescription?: string;
  /** List of member IDs to add to the team */
  memberIds?: string[];
  /** List of group IDs to add their members to the team */
  groupIds?: string[];
}

/** List of incident alerts. */
export interface IncidentAlertList {
  /** Array of incident alerts. */
  value: SecurityAlert[];
}

/** confidence reason item */
export interface SecurityAlertPropertiesConfidenceReasonsItem {
  /**
   * The reason's description
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly reason?: string;
  /**
   * The type (category) of the reason
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly reasonType?: string;
}

/** Entity common property bag. */
export interface EntityCommonProperties {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
}

/** List of incident bookmarks. */
export interface IncidentBookmarkList {
  /** Array of incident bookmarks. */
  value: HuntingBookmark[];
}

/** List of incident comments. */
export interface IncidentCommentList {
  /**
   * URL to fetch the next set of comments.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of comments. */
  value: IncidentComment[];
}

/** The incident related entities response. */
export interface IncidentEntitiesResponse {
  /** Array of the incident related entities. */
  entities?: EntityUnion[];
  /** The metadata from the incident related entities results. */
  metaData?: IncidentEntitiesResultsMetadata[];
}

/** Information of a specific aggregation in the incident related entities result. */
export interface IncidentEntitiesResultsMetadata {
  /** Total number of aggregations of the given kind in the incident related entities result. */
  count: number;
  /** The kind of the aggregated entity. */
  entityKind: EntityKind;
}

/** List of all the metadata. */
export interface MetadataList {
  /** Array of metadata. */
  value: MetadataModel[];
  /**
   * URL to fetch the next page of metadata.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
}

/** The original source of the content item, where it comes from. */
export interface MetadataSource {
  /** Source type of the content */
  kind: SourceKind;
  /** Name of the content source.  The repo name, solution name, LA workspace name etc. */
  name?: string;
  /** ID of the content source.  The solution ID, workspace ID, etc */
  sourceId?: string;
}

/** Publisher or creator of the content item. */
export interface MetadataAuthor {
  /** Name of the author. Company or person. */
  name?: string;
  /** Email of author contact */
  email?: string;
  /** Link for author/vendor page */
  link?: string;
}

/** Support information for the content item. */
export interface MetadataSupport {
  /** Type of support for content item */
  tier: SupportTier;
  /** Name of the support contact. Company or person. */
  name?: string;
  /** Email of support contact */
  email?: string;
  /** Link for support help, like to support page to open a ticket etc. */
  link?: string;
}

/** Dependencies for the content item, what other content items it requires to work.  Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. */
export interface MetadataDependencies {
  /** Id of the content item we depend on */
  contentId?: string;
  /** Type of the content item we depend on */
  kind?: Kind;
  /** Version of the the content item we depend on.  Can be blank, * or missing to indicate any version fulfills the dependency.  If version does not match our defined numeric format then an exact match is required. */
  version?: string;
  /** Name of the content item */
  name?: string;
  /** Operator used for list of dependencies in criteria array. */
  operator?: Operator;
  /** This is the list of dependencies we must fulfill, according to the AND/OR operator */
  criteria?: MetadataDependencies[];
}

/** ies for the solution content item */
export interface MetadataCategories {
  /** domain for the solution content item */
  domains?: string[];
  /** Industry verticals for the solution content item */
  verticals?: string[];
}

/** List of all the office365 consents. */
export interface OfficeConsentList {
  /**
   * URL to fetch the next set of office consents.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of the consents. */
  value: OfficeConsent[];
}

/** List of the Sentinel onboarding states */
export interface SentinelOnboardingStatesList {
  /** Array of Sentinel onboarding states */
  value: SentinelOnboardingState[];
}

/** List of all the settings. */
export interface SettingList {
  /** Array of settings. */
  value: SettingsUnion[];
}

/** List all the source controls. */
export interface RepoList {
  /**
   * URL to fetch the next set of repositories.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of repositories. */
  value: Repo[];
}

/** Represents a repository. */
export interface Repo {
  /** The url to access the repository. */
  url?: string;
  /** The name of the repository. */
  fullName?: string;
  /** Array of branches. */
  branches?: string[];
}

/** List all the source controls. */
export interface SourceControlList {
  /**
   * URL to fetch the next set of source controls.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of source controls. */
  value: SourceControl[];
}

/** metadata of a repository. */
export interface Repository {
  /** Url of repository. */
  url?: string;
  /** Branch name of repository. */
  branch?: string;
  /** Display url of repository. */
  displayUrl?: string;
  /** Url to access repository action logs. */
  deploymentLogsUrl?: string;
  /** Dictionary of source control content type and path mapping. */
  pathMapping?: ContentPathMap[];
}

/** The mapping of content type to a repo path. */
export interface ContentPathMap {
  /** Content type. */
  contentType?: ContentType;
  /** The path to the content. */
  path?: string;
}

/** Resources created in user's repository for the source-control. */
export interface RepositoryResourceInfo {
  /** The webhook object created for the source-control. */
  webhook?: Webhook;
  /** Resources created in GitHub for this source-control. */
  gitHubResourceInfo?: GitHubResourceInfo;
  /** Resources created in Azure DevOps for this source-control. */
  azureDevOpsResourceInfo?: AzureDevOpsResourceInfo;
}

/** Detail about the webhook object. */
export interface Webhook {
  /** Unique identifier for the webhook. */
  webhookId?: string;
  /** URL that gets invoked by the webhook. */
  webhookUrl?: string;
  /** Time when the webhook secret was updated. */
  webhookSecretUpdateTime?: string;
  /** A flag to instruct the backend service to rotate webhook secret. */
  rotateWebhookSecret?: boolean;
}

/** Resources created in GitHub repository. */
export interface GitHubResourceInfo {
  /** GitHub application installation id. */
  appInstallationId?: string;
}

/** Resources created in Azure DevOps repository. */
export interface AzureDevOpsResourceInfo {
  /** Id of the pipeline created for the source-control. */
  pipelineId?: string;
  /** Id of the service-connection created for the source-control. */
  serviceConnectionId?: string;
}

/** Information regarding a deployment. */
export interface DeploymentInfo {
  /** Status while fetching the last deployment. */
  deploymentFetchStatus?: DeploymentFetchStatus;
  /** Deployment information. */
  deployment?: Deployment;
  /** Additional details about the deployment that can be shown to the user. */
  message?: string;
}

/** Description about a deployment. */
export interface Deployment {
  /** Deployment identifier. */
  deploymentId?: string;
  /** Current status of the deployment. */
  deploymentState?: DeploymentState;
  /** The outcome of the deployment. */
  deploymentResult?: DeploymentResult;
  /** The time when the deployment finished. */
  deploymentTime?: Date;
  /** Url to access repository action logs. */
  deploymentLogsUrl?: string;
}

/** Describes threat kill chain phase entity */
export interface ThreatIntelligenceKillChainPhase {
  /** Kill chainName name */
  killChainName?: string;
  /** Phase name */
  phaseName?: string;
}

/** Describes parsed pattern entity */
export interface ThreatIntelligenceParsedPattern {
  /** Pattern type key */
  patternTypeKey?: string;
  /** Pattern type keys */
  patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[];
}

/** Describes threat kill chain phase entity */
export interface ThreatIntelligenceParsedPatternTypeValue {
  /** Type of the value */
  valueType?: string;
  /** Value of parsed pattern */
  value?: string;
}

/** Describes external reference */
export interface ThreatIntelligenceExternalReference {
  /** External reference description */
  description?: string;
  /** External reference ID */
  externalId?: string;
  /** External reference source name */
  sourceName?: string;
  /** External reference URL */
  url?: string;
  /** External reference hashes */
  hashes?: { [propertyName: string]: string };
}

/** Describes threat granular marking model entity */
export interface ThreatIntelligenceGranularMarkingModel {
  /** Language granular marking model */
  language?: string;
  /** marking reference granular marking model */
  markingRef?: number;
  /** granular marking model selectors */
  selectors?: string[];
}

/** List of all the threat intelligence information objects. */
export interface ThreatIntelligenceInformationList {
  /**
   * URL to fetch the next set of information objects.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of threat intelligence information objects. */
  value: ThreatIntelligenceInformationUnion[];
}

/** Filtering criteria for querying threat intelligence indicators. */
export interface ThreatIntelligenceFilteringCriteria {
  /** Page size */
  pageSize?: number;
  /** Minimum confidence. */
  minConfidence?: number;
  /** Maximum confidence. */
  maxConfidence?: number;
  /** Start time for ValidUntil filter. */
  minValidUntil?: string;
  /** End time for ValidUntil filter. */
  maxValidUntil?: string;
  /** Parameter to include/exclude disabled indicators. */
  includeDisabled?: boolean;
  /** Columns to sort by and sorting order */
  sortBy?: ThreatIntelligenceSortingCriteria[];
  /** Sources of threat intelligence indicators */
  sources?: string[];
  /** Pattern types */
  patternTypes?: string[];
  /** Threat types of threat intelligence indicators */
  threatTypes?: string[];
  /** Ids of threat intelligence indicators */
  ids?: string[];
  /** Keywords for searching threat intelligence indicators */
  keywords?: string[];
  /** Skip token. */
  skipToken?: string;
}

/** List of available columns for sorting */
export interface ThreatIntelligenceSortingCriteria {
  /** Column name */
  itemKey?: string;
  /** Sorting order (ascending/descending/unsorted). */
  sortOrder?: ThreatIntelligenceSortingCriteriaEnum;
}

/** List of all the threat intelligence metric fields (type/threat type/source). */
export interface ThreatIntelligenceMetricsList {
  /** Array of threat intelligence metric fields (type/threat type/source). */
  value: ThreatIntelligenceMetrics[];
}

/** Threat intelligence metrics. */
export interface ThreatIntelligenceMetrics {
  /** Threat intelligence metrics. */
  properties?: ThreatIntelligenceMetric;
}

/** Describes threat intelligence metric */
export interface ThreatIntelligenceMetric {
  /** Last updated indicator metric */
  lastUpdatedTimeUtc?: string;
  /** Threat type metrics */
  threatTypeMetrics?: ThreatIntelligenceMetricEntity[];
  /** Pattern type metrics */
  patternTypeMetrics?: ThreatIntelligenceMetricEntity[];
  /** Source metrics */
  sourceMetrics?: ThreatIntelligenceMetricEntity[];
}

/** Describes threat intelligence metric entity */
export interface ThreatIntelligenceMetricEntity {
  /** Metric name */
  metricName?: string;
  /** Metric value */
  metricValue?: number;
}

/** Array of tags to be appended to the threat intelligence indicator. */
export interface ThreatIntelligenceAppendTags {
  /** List of tags to be appended. */
  threatIntelligenceTags?: string[];
}

/** List all the watchlists. */
export interface WatchlistList {
  /**
   * URL to fetch the next set of watchlists.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of watchlist. */
  value: Watchlist[];
}

/** List all the watchlist items. */
export interface WatchlistItemList {
  /**
   * URL to fetch the next set of watchlist item.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of watchlist items. */
  value: WatchlistItem[];
}

/** List all the data connectors. */
export interface DataConnectorList {
  /**
   * URL to fetch the next set of data connectors.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of data connectors. */
  value: DataConnectorUnion[];
}

/** Represents Codeless API Polling data connector. */
export interface DataConnectorConnectBody {
  /** The authentication kind used to poll the data */
  kind?: ConnectAuthKind;
  /** The API key of the audit server. */
  apiKey?: string;
  /** The client secret of the OAuth 2.0 application. */
  clientSecret?: string;
  /** The client id of the OAuth 2.0 application. */
  clientId?: string;
  /** The authorization code used in OAuth 2.0 code flow to issue a token. */
  authorizationCode?: string;
  /** The user name in the audit log server. */
  userName?: string;
  /** The user password in the audit log server. */
  password?: string;
  requestConfigUserInputValues?: Record<string, unknown>[];
}

/** Data connector requirements properties. */
export interface DataConnectorsCheckRequirements {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind:
    | "AzureActiveDirectory"
    | "AzureAdvancedThreatProtection"
    | "AzureSecurityCenter"
    | "AmazonWebServicesCloudTrail"
    | "AmazonWebServicesS3"
    | "Dynamics365"
    | "MicrosoftCloudAppSecurity"
    | "MicrosoftDefenderAdvancedThreatProtection"
    | "MicrosoftThreatIntelligence"
    | "MicrosoftThreatProtection"
    | "OfficeATP"
    | "OfficeIRM"
    | "Office365Project"
    | "OfficePowerBI"
    | "ThreatIntelligence"
    | "ThreatIntelligenceTaxii"
    | "IOT";
}

/** Data connector requirements status. */
export interface DataConnectorRequirementsState {
  /** Authorization state for this connector */
  authorizationState?: DataConnectorAuthorizationState;
  /** License state for this connector */
  licenseState?: DataConnectorLicenseState;
}

/** Lists the operations available in the SecurityInsights RP. */
export interface OperationsList {
  /**
   * URL to fetch the next set of operations.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly nextLink?: string;
  /** Array of operations */
  value: Operation[];
}

/** Operation provided by provider */
export interface Operation {
  /** Properties of the operation */
  display?: OperationDisplay;
  /** Name of the operation */
  name?: string;
  /** The origin of the operation */
  origin?: string;
  /** Indicates whether the operation is a data action */
  isDataAction?: boolean;
}

/** Properties of the operation */
export interface OperationDisplay {
  /** Description of the operation */
  description?: string;
  /** Operation name */
  operation?: string;
  /** Provider name */
  provider?: string;
  /** Resource name */
  resource?: string;
}

/** alert rule template data sources */
export interface AlertRuleTemplateDataSource {
  /** The connector id that provides the following data types */
  connectorId?: string;
  /** The data types used by the alert rule template */
  dataTypes?: string[];
}

/** Base alert rule template property bag. */
export interface AlertRuleTemplatePropertiesBase {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The last time that this alert rule template has been updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data sources for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
}

/** Query based alert rule template base property bag. */
export interface QueryBasedAlertRuleTemplateProperties {
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>. */
  version?: string;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
}

/** Single entity mapping for the alert rule */
export interface EntityMapping {
  /** The V3 type of the mapped entity */
  entityType?: EntityMappingType;
  /** array of field mappings for the given entity mapping */
  fieldMappings?: FieldMapping[];
}

/** A single field mapping of the mapped entity */
export interface FieldMapping {
  /** the V3 identifier of the entity */
  identifier?: string;
  /** the column name to be mapped to the identifier */
  columnName?: string;
}

/** Settings for how to dynamically override alert static details */
export interface AlertDetailsOverride {
  /** the format containing columns name(s) to override the alert name */
  alertDisplayNameFormat?: string;
  /** the format containing columns name(s) to override the alert description */
  alertDescriptionFormat?: string;
  /** the column name to take the alert tactics from */
  alertTacticsColumnName?: string;
  /** the column name to take the alert severity from */
  alertSeverityColumnName?: string;
}

/** Represents a supported source signal configuration in Fusion detection. */
export interface FusionSourceSettings {
  /** Determines whether this source signal is enabled or disabled in Fusion detection. */
  enabled: boolean;
  /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */
  sourceName: string;
  /** Configuration for all source subtypes under this source signal consumed in fusion detection. */
  sourceSubTypes?: FusionSourceSubTypeSetting[];
}

/** Represents a supported source subtype configuration under a source signal in Fusion detection. */
export interface FusionSourceSubTypeSetting {
  /** Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. */
  enabled: boolean;
  /** The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */
  sourceSubTypeName: string;
  /**
   * The display name of source subtype under a source signal consumed in Fusion detection.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sourceSubTypeDisplayName?: string;
  /** Severity configuration for a source subtype consumed in fusion detection. */
  severityFilters: FusionSubTypeSeverityFilter;
}

/** Represents severity configuration for a source subtype consumed in Fusion detection. */
export interface FusionSubTypeSeverityFilter {
  /**
   * Determines whether this source subtype supports severity configuration or not.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isSupported?: boolean;
  /** Individual Severity configuration settings for a given source subtype consumed in Fusion detection. */
  filters?: FusionSubTypeSeverityFiltersItem[];
}

/** Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */
export interface FusionSubTypeSeverityFiltersItem {
  /** The Severity for a given source subtype consumed in Fusion detection. */
  severity: AlertSeverity;
  /** Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. */
  enabled: boolean;
}

/** Represents a Fusion scenario exclusion patterns in Fusion detection. */
export interface FusionScenarioExclusionPattern {
  /** Scenario exclusion pattern. */
  exclusionPattern: string;
  /** DateTime when scenario exclusion pattern is added in UTC. */
  dateAddedInUTC: string;
}

/** Represents a source signal consumed in Fusion detection. */
export interface FusionTemplateSourceSetting {
  /** The name of a source signal consumed in Fusion detection. */
  sourceName: string;
  /** All supported source subtypes under this source signal consumed in fusion detection. */
  sourceSubTypes?: FusionTemplateSourceSubType[];
}

/** Represents a source subtype under a source signal consumed in Fusion detection. */
export interface FusionTemplateSourceSubType {
  /** The name of source subtype under a source signal consumed in Fusion detection. */
  sourceSubTypeName: string;
  /**
   * The display name of source subtype under a source signal consumed in Fusion detection.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sourceSubTypeDisplayName?: string;
  /** Severity configuration available for a source subtype consumed in fusion detection. */
  severityFilter: FusionTemplateSubTypeSeverityFilter;
}

/** Represents severity configurations available for a source subtype consumed in Fusion detection. */
export interface FusionTemplateSubTypeSeverityFilter {
  /** Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. */
  isSupported: boolean;
  /** List of all supported severities for this source subtype consumed in Fusion detection. */
  severityFilters?: AlertSeverity[];
}

/** MicrosoftSecurityIncidentCreation rule common property bag. */
export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
  /** the alerts' displayNames on which the cases will be generated */
  displayNamesFilter?: string[];
  /** the alerts' displayNames on which the cases will not be generated */
  displayNamesExcludeFilter?: string[];
  /** The alerts' productName on which the cases will be generated */
  productFilter: MicrosoftSecurityProductName;
  /** the alerts' severities on which the cases will be generated */
  severitiesFilter?: AlertSeverity[];
}

/** Incident Configuration property bag. */
export interface IncidentConfiguration {
  /** Create incidents from alerts triggered by this analytics rule */
  createIncident: boolean;
  /** Set how the alerts that are triggered by this analytics rule, are grouped into incidents */
  groupingConfiguration?: GroupingConfiguration;
}

/** Grouping configuration property bag. */
export interface GroupingConfiguration {
  /** Grouping enabled */
  enabled: boolean;
  /** Re-open closed matching incidents */
  reopenClosedIncident: boolean;
  /** Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) */
  lookbackDuration: string;
  /** Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. */
  matchingMethod: MatchingMethod;
  /** A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used. */
  groupByEntities?: EntityMappingType[];
  /** A list of alert details to group by (when matchingMethod is Selected) */
  groupByAlertDetails?: AlertDetail[];
  /** A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used. */
  groupByCustomDetails?: string[];
}

/** Scheduled alert rule template property bag. */
export interface ScheduledAlertRuleCommonProperties {
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The frequency (in ISO 8601 duration format) for this alert rule to run. */
  queryFrequency?: string;
  /** The period (in ISO 8601 duration format) that this alert rule looks at. */
  queryPeriod?: string;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The operation against the threshold that triggers alert rule. */
  triggerOperator?: TriggerOperator;
  /** The threshold triggers this alert rule. */
  triggerThreshold?: number;
  /** The event grouping settings. */
  eventGroupingSettings?: EventGroupingSettings;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
}

/** Event grouping settings property bag. */
export interface EventGroupingSettings {
  /** The event grouping aggregation kinds */
  aggregationKind?: EventGroupingAggregationKind;
}

export interface IncidentPropertiesAction {
  /** The severity of the incident */
  severity?: IncidentSeverity;
  /** The status of the incident */
  status?: IncidentStatus;
  /** The reason the incident was closed */
  classification?: IncidentClassification;
  /** The classification reason the incident was closed with */
  classificationReason?: IncidentClassificationReason;
  /** Describes the reason the incident was closed */
  classificationComment?: string;
  /** Information on the user an incident is assigned to */
  owner?: IncidentOwnerInfo;
  /** List of labels to add to the incident */
  labels?: IncidentLabel[];
}

export interface AutomationRulePropertyValuesCondition {
  /** The property to evaluate in an automation rule property condition */
  propertyName?: AutomationRulePropertyConditionSupportedProperty;
  operator?: AutomationRulePropertyConditionSupportedOperator;
  propertyValues?: string[];
}

export interface PlaybookActionProperties {
  /** The resource id of the playbook resource */
  logicAppResourceId?: string;
  /** The tenant id of the playbook resource */
  tenantId?: string;
}

/** An properties abstract Query item for entity */
export interface EntityQueryItemProperties {
  /** Data types for template */
  dataTypes?: EntityQueryItemPropertiesDataTypesItem[];
  /** The type of the entity */
  inputEntityType?: EntityType;
  /** Data types for template */
  requiredInputFieldsSets?: string[][];
  /** The query applied only to entities matching to all filters */
  entitiesFilter?: Record<string, unknown>;
}

export interface EntityQueryItemPropertiesDataTypesItem {
  /** Data type name */
  dataType?: string;
}

/** The insight table query. */
export interface InsightQueryItemPropertiesTableQuery {
  /** List of insight column definitions. */
  columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[];
  /** List of insight queries definitions. */
  queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[];
}

export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem {
  /** Insight column header. */
  header?: string;
  /** Insights Column type. */
  outputType?: OutputType;
  /** Is query supports deep-link. */
  supportDeepLink?: boolean;
}

export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem {
  /** Insight column header. */
  filter?: string;
  /** Insight column header. */
  summarize?: string;
  /** Insight column header. */
  project?: string;
  /** Insight column header. */
  linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[];
}

export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem {
  /** Insight Link Definition Projected Name. */
  projectedName?: string;
  /** Insight Link Definition Query. */
  query?: string;
}

/** The activity query definitions. */
export interface InsightQueryItemPropertiesAdditionalQuery {
  /** The insight query. */
  query?: string;
  /** The insight text. */
  text?: string;
}

/** The insight chart query. */
export interface InsightQueryItemPropertiesDefaultTimeRange {
  /** The padding for the start time of the query. */
  beforeRange?: string;
  /** The padding for the end time of the query. */
  afterRange?: string;
}

/** The insight chart query. */
export interface InsightQueryItemPropertiesReferenceTimeRange {
  /** Additional query time for looking back. */
  beforeRange?: string;
}

/** The Activity query definitions */
export interface ActivityEntityQueriesPropertiesQueryDefinitions {
  /** The Activity query to run on a given entity */
  query?: string;
}

/** The Activity query definitions */
export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions {
  /** The Activity query to run on a given entity */
  query?: string;
  /** The dimensions we want to summarize the timeline results on, this is comma separated list */
  summarizeBy?: string;
}

/** The data type definition */
export interface DataTypeDefinitions {
  /** The data type name */
  dataType?: string;
}

/** The pricing tier of the solution */
export interface Sku {
  /** The kind of the tier */
  name?: SkuKind;
  /** The amount of reservation level */
  capacityReservationLevel?: number;
}

/** Properties data connector on tenant level. */
export interface DataConnectorTenantId {
  /** The tenant id to connect to, and get the data from. */
  tenantId: string;
}

/** Data connector properties. */
export interface DataConnectorWithAlertsProperties {
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
}

/** Alerts data type for data connectors. */
export interface AlertsDataTypeOfDataConnector {
  /** Alerts data type connection. */
  alerts: DataConnectorDataTypeCommon;
}

/** Common field for data type in data connectors. */
export interface DataConnectorDataTypeCommon {
  /** Describe whether this data type connection is enabled or not. */
  state: DataTypeState;
}

/** The available data types for Microsoft Threat Intelligence Platforms data connector. */
export interface MstiDataConnectorDataTypes {
  /** Data type for Microsoft Threat Intelligence Platforms data connector. */
  bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL;
  /** Data type for Microsoft Threat Intelligence Platforms data connector. */
  microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed;
}

/** The available data types for Microsoft Threat Protection Platforms data connector. */
export interface MTPDataConnectorDataTypes {
  /** Data type for Microsoft Threat Protection Platforms data connector. */
  incidents: MTPDataConnectorDataTypesIncidents;
}

/** The available data types for Amazon Web Services CloudTrail data connector. */
export interface AwsCloudTrailDataConnectorDataTypes {
  /** Logs data type. */
  logs: AwsCloudTrailDataConnectorDataTypesLogs;
}

/** The available data types for Amazon Web Services S3 data connector. */
export interface AwsS3DataConnectorDataTypes {
  /** Logs data type. */
  logs: AwsS3DataConnectorDataTypesLogs;
}

/** The available data types for Dynamics365 data connector. */
export interface Dynamics365DataConnectorDataTypes {
  /** Common Data Service data type connection. */
  dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities;
}

/** The available data types for Office Microsoft Project data connector. */
export interface Office365ProjectConnectorDataTypes {
  /** Logs data type. */
  logs: Office365ProjectConnectorDataTypesLogs;
}

/** The available data types for Office Microsoft PowerBI data connector. */
export interface OfficePowerBIConnectorDataTypes {
  /** Logs data type. */
  logs: OfficePowerBIConnectorDataTypesLogs;
}

/** The available data types for office data connector. */
export interface OfficeDataConnectorDataTypes {
  /** Exchange data type connection. */
  exchange: OfficeDataConnectorDataTypesExchange;
  /** SharePoint data type connection. */
  sharePoint: OfficeDataConnectorDataTypesSharePoint;
  /** Teams data type connection. */
  teams: OfficeDataConnectorDataTypesTeams;
}

/** The available data types for TI (Threat Intelligence) data connector. */
export interface TIDataConnectorDataTypes {
  /** Data type for indicators connection. */
  indicators: TIDataConnectorDataTypesIndicators;
}

/** The available data types for Threat Intelligence TAXII data connector. */
export interface TiTaxiiDataConnectorDataTypes {
  /** Data type for TAXII connector. */
  taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient;
}

/** Config to describe the instructions blade */
export interface CodelessUiConnectorConfigProperties {
  /** Connector blade title */
  title: string;
  /** Connector publisher name */
  publisher: string;
  /** Connector description */
  descriptionMarkdown: string;
  /** An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery */
  customImage?: string;
  /** Name of the table the connector will insert the data to */
  graphQueriesTableName: string;
  /** The graph query to show the current data status */
  graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[];
  /** The sample queries for the connector */
  sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[];
  /** Data types to check for last data received */
  dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[];
  /** Define the way the connector check connectivity */
  connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[];
  /** Connector Availability Status */
  availability: Availability;
  /** Permissions required for the connector */
  permissions: Permissions;
  /** Instruction steps to enable the connector */
  instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[];
}

/** The graph query to show the current data status */
export interface GraphQueries {
  /** the metric that the query is checking */
  metricName?: string;
  /** The legend for the graph */
  legend?: string;
  /** The base query for the graph */
  baseQuery?: string;
}

/** The sample queries for the connector */
export interface SampleQueries {
  /** The sample query description */
  description?: string;
  /** the sample query */
  query?: string;
}

/** Data type for last data received */
export interface LastDataReceivedDataType {
  /** Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder */
  name?: string;
  /** Query for indicate last data received */
  lastDataReceivedQuery?: string;
}

/** Setting for the connector check connectivity */
export interface ConnectivityCriteria {
  /** type of connectivity */
  type?: ConnectivityType;
  /** Queries for checking connectivity */
  value?: string[];
}

/** Connector Availability Status */
export interface Availability {
  /** The connector Availability Status */
  status?: 1;
  /** Set connector as preview */
  isPreview?: boolean;
}

/** Permissions required for the connector */
export interface Permissions {
  /** Resource provider permissions required for the connector */
  resourceProvider?: PermissionsResourceProviderItem[];
  /** Customs permissions required for the connector */
  customs?: PermissionsCustomsItem[];
}

/** Resource provider permissions required for the connector */
export interface ResourceProvider {
  /** Provider name */
  provider?: ProviderName;
  /** Permission description text */
  permissionsDisplayText?: string;
  /** Permission provider display name */
  providerDisplayName?: string;
  /** Permission provider scope */
  scope?: PermissionProviderScope;
  /** Required permissions for the connector */
  requiredPermissions?: RequiredPermissions;
}

/** Required permissions for the connector */
export interface RequiredPermissions {
  /** action permission */
  action?: boolean;
  /** write permission */
  write?: boolean;
  /** read permission */
  read?: boolean;
  /** delete permission */
  delete?: boolean;
}

/** Customs permissions required for the connector */
export interface CustomsPermission {
  /** Customs permissions name */
  name?: string;
  /** Customs permissions description */
  description?: string;
}

/** Instruction steps to enable the connector */
export interface InstructionSteps {
  /** Instruction step title */
  title?: string;
  /** Instruction step description */
  description?: string;
  /** Instruction step details */
  instructions?: InstructionStepsInstructionsItem[];
}

/** Instruction step details */
export interface ConnectorInstructionModelBase {
  /** The parameters for the setting */
  parameters?: Record<string, unknown>;
  /** The kind of the setting */
  type: SettingType;
}

/** Config to describe the polling config for API poller connector */
export interface CodelessConnectorPollingConfigProperties {
  /** The poller active status */
  isActive?: boolean;
  /** Describe the authentication type of the poller */
  auth: CodelessConnectorPollingAuthProperties;
  /** Describe the poll request config parameters of the poller */
  request: CodelessConnectorPollingRequestProperties;
  /** Describe the poll request paging config of the poller */
  paging?: CodelessConnectorPollingPagingProperties;
  /** Describe the response config parameters of the poller */
  response?: CodelessConnectorPollingResponseProperties;
}

/** Describe the authentication properties needed to successfully authenticate with the server */
export interface CodelessConnectorPollingAuthProperties {
  /** The authentication type */
  authType: string;
  /** The header name which the token is sent with */
  apiKeyName?: string;
  /** A prefix send in the header before the actual token */
  apiKeyIdentifier?: string;
  /** Marks if the key should sent in header */
  isApiKeyInPostPayload?: string;
  /** Describes the flow name, for example 'AuthCode' for Oauth 2.0 */
  flowName?: string;
  /** The endpoint used to issue a token, used in Oauth 2.0 flow */
  tokenEndpoint?: string;
  /** The endpoint used to authorize the user, used in Oauth 2.0 flow */
  authorizationEndpoint?: string;
  /** The query parameters used in authorization request, used in Oauth 2.0 flow */
  authorizationEndpointQueryParameters?: Record<string, unknown>;
  /** The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow */
  redirectionEndpoint?: string;
  /** The query headers used in token request, used in Oauth 2.0 flow */
  tokenEndpointHeaders?: Record<string, unknown>;
  /** The query parameters used in token request, used in Oauth 2.0 flow */
  tokenEndpointQueryParameters?: Record<string, unknown>;
  /** Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow */
  isClientSecretInHeader?: boolean;
  /** The OAuth token scope */
  scope?: string;
}

/** Describe the request properties needed to successfully pull from the server */
export interface CodelessConnectorPollingRequestProperties {
  /** Describe the endpoint we should pull the data from */
  apiEndpoint: string;
  /** Defines the rate limit QPS */
  rateLimitQps?: number;
  /** The window interval we will use the pull the data */
  queryWindowInMin: number;
  /** The http method type we will use in the poll request, GET or POST */
  httpMethod: string;
  /** The time format will be used the query events in a specific window */
  queryTimeFormat: string;
  /** Describe the amount of time we should try and poll the data in case of failure */
  retryCount?: number;
  /** The number of seconds we will consider as a request timeout */
  timeoutInSeconds?: number;
  /** Describe the headers sent in the poll request */
  headers?: Record<string, unknown>;
  /** Describe the query parameters sent in the poll request */
  queryParameters?: Record<string, unknown>;
  /** For advanced scenarios for example user name/password embedded in nested JSON payload */
  queryParametersTemplate?: string;
  /** This will be used the query events from a start of the time window */
  startTimeAttributeName?: string;
  /** This will be used the query events from the end of the time window */
  endTimeAttributeName?: string;
}

/** Describe the properties needed to make a pagination call */
export interface CodelessConnectorPollingPagingProperties {
  /** Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' */
  pagingType: string;
  /** Defines the name of a next page attribute */
  nextPageParaName?: string;
  /** Defines the path to a next page token JSON */
  nextPageTokenJsonPath?: string;
  /** Defines the path to a page count attribute */
  pageCountAttributePath?: string;
  /** Defines the path to a page total count attribute */
  pageTotalCountAttributePath?: string;
  /** Defines the path to a paging time stamp attribute */
  pageTimeStampAttributePath?: string;
  /** Determines whether to search for the latest time stamp in the events list */
  searchTheLatestTimeStampFromEventsList?: string;
  /** Defines the name of the page size parameter */
  pageSizeParaName?: string;
  /** Defines the paging size */
  pageSize?: number;
}

/** Describes the response from the external server */
export interface CodelessConnectorPollingResponseProperties {
  /** Describes the path we should extract the data in the response */
  eventsJsonPaths: string[];
  /** Describes the path we should extract the status code in the response */
  successStatusJsonPath?: string;
  /** Describes the path we should extract the status value in the response */
  successStatusValue?: string;
  /** Describes if the data in the response is Gzip */
  isGzipCompressed?: boolean;
}

/** ThreatIntelligence property bag. */
export interface ThreatIntelligence {
  /**
   * Confidence (must be between 0 and 1)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidence?: number;
  /**
   * Name of the provider from whom this Threat Intelligence information was received
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly providerName?: string;
  /**
   * Report link
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly reportLink?: string;
  /**
   * Threat description (free text)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatDescription?: string;
  /**
   * Threat name (e.g. "Jedobot malware")
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatName?: string;
  /**
   * Threat type (e.g. "Botnet")
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatType?: string;
}

/** The geo-location context attached to the ip entity */
export interface GeoLocation {
  /**
   * Autonomous System Number
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly asn?: number;
  /**
   * City name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly city?: string;
  /**
   * The country code according to ISO 3166 format
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countryCode?: string;
  /**
   * Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countryName?: string;
  /**
   * The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly latitude?: number;
  /**
   * The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly longitude?: number;
  /**
   * State name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly state?: string;
}

/** An azure resource object with an Etag property */
export type ResourceWithEtag = Resource & {
  /** Etag of the azure resource */
  etag?: string;
};

/** Alert rule template. */
export type AlertRuleTemplate = Resource & {
  /** The kind of the alert rule */
  kind: AlertRuleKind;
};

/** Specific entity. */
export type Entity = Resource & {
  /** The kind of the entity. */
  kind: EntityKind;
};

/** Specific entity query template. */
export type EntityQueryTemplate = Resource & {
  /** the entity query template kind */
  kind: EntityQueryTemplateKind;
};

/** Consent for Office365 tenant that already made. */
export type OfficeConsent = Resource & {
  /** The tenantId of the Office365 with the consent. */
  tenantId?: string;
  /** Help to easily cascade among the data layers. */
  consentId?: string;
};

/** Action property bag. */
export type ActionResponseProperties = ActionPropertiesBase & {
  /** The name of the logic app's workflow. */
  workflowId?: string;
};

/** Action property bag. */
export type ActionRequestProperties = ActionPropertiesBase & {
  /** Logic App Callback URL for this specific workflow. */
  triggerUri: string;
};

/** Describes an automation rule condition that evaluates a property's value */
export type PropertyConditionProperties = AutomationRuleCondition & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  conditionType: "Property";
  conditionProperties?: AutomationRulePropertyValuesCondition;
};

/** Describes an automation rule action to modify an object's properties */
export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  actionType: "ModifyProperties";
  actionConfiguration?: IncidentPropertiesAction;
};

/** Describes an automation rule action to run a playbook */
export type AutomationRuleRunPlaybookAction = AutomationRuleAction & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  actionType: "RunPlaybook";
  actionConfiguration?: PlaybookActionProperties;
};

/** Represents Activity timeline item. */
export type ActivityTimelineItem = EntityTimelineItem & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Activity";
  /** The activity query id. */
  queryId: string;
  /** The grouping bucket start time. */
  bucketStartTimeUTC: Date;
  /** The grouping bucket end time. */
  bucketEndTimeUTC: Date;
  /** The time of the first activity in the grouping bucket. */
  firstActivityTimeUTC: Date;
  /** The time of the last activity in the grouping bucket. */
  lastActivityTimeUTC: Date;
  /** The activity timeline content. */
  content: string;
  /** The activity timeline title. */
  title: string;
};

/** Represents bookmark timeline item. */
export type BookmarkTimelineItem = EntityTimelineItem & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Bookmark";
  /** The bookmark azure resource id. */
  azureResourceId: string;
  /** The bookmark display name. */
  displayName?: string;
  /** The notes of the bookmark */
  notes?: string;
  /** The bookmark end time. */
  endTimeUtc?: Date;
  /** The bookmark start time. */
  startTimeUtc?: Date;
  /** The bookmark event time. */
  eventTime?: Date;
  /** Describes a user that created the bookmark */
  createdBy?: UserInfo;
  /** List of labels relevant to this bookmark */
  labels?: string[];
};

/** Represents security alert timeline item. */
export type SecurityAlertTimelineItem = EntityTimelineItem & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "SecurityAlert";
  /** The alert azure resource id. */
  azureResourceId: string;
  /** The alert product name. */
  productName?: string;
  /** The alert description. */
  description?: string;
  /** The alert name. */
  displayName: string;
  /** The alert severity. */
  severity: AlertSeverity;
  /** The alert end time. */
  endTimeUtc: Date;
  /** The alert start time. */
  startTimeUtc: Date;
  /** The alert generated time. */
  timeGenerated: Date;
  /** The name of the alert type. */
  alertType: string;
};

/** Represents Insight Query. */
export type InsightQueryItem = EntityQueryItem & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Insight";
  /** Properties bag for InsightQueryItem */
  properties?: InsightQueryItemProperties;
};

/** SecurityAlert entity property bag. */
export type SecurityAlertProperties = EntityCommonProperties & {
  /**
   * The display name of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertDisplayName?: string;
  /**
   * The type name of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertType?: string;
  /**
   * Display name of the main entity being reported on.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly compromisedEntity?: string;
  /**
   * The confidence level of this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceLevel?: ConfidenceLevel;
  /**
   * The confidence reasons
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[];
  /**
   * The confidence score of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceScore?: number;
  /**
   * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceScoreStatus?: ConfidenceScoreStatus;
  /**
   * Alert description.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
  /**
   * The impact end time of the alert (the time of the last event contributing to the alert).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly endTimeUtc?: Date;
  /**
   * Holds the alert intent stage(s) mapping for this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly intent?: KillChainIntent;
  /**
   * The identifier of the alert inside the product which generated the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly providerAlertId?: string;
  /**
   * The time the alert was made available for consumption.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processingEndTime?: Date;
  /**
   * The name of a component inside the product which generated the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productComponentName?: string;
  /**
   * The name of the product which published this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productName?: string;
  /**
   * The version of the product generating the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productVersion?: string;
  /**
   * Manual action items to take to remediate the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly remediationSteps?: string[];
  /** The severity of the alert */
  severity?: AlertSeverity;
  /**
   * The impact start time of the alert (the time of the first event contributing to the alert).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly startTimeUtc?: Date;
  /**
   * The lifecycle status of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly status?: AlertStatus;
  /**
   * Holds the product identifier of the alert for the product.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly systemAlertId?: string;
  /**
   * The tactics of the alert
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The time the alert was generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly timeGenerated?: Date;
  /**
   * The name of the vendor that raise the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly vendorName?: string;
  /**
   * The uri link of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertLink?: string;
  /**
   * The list of resource identifiers of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly resourceIdentifiers?: Record<string, unknown>[];
};

/** Describes bookmark properties */
export type HuntingBookmarkProperties = EntityCommonProperties & {
  /** The time the bookmark was created */
  created?: Date;
  /** Describes a user that created the bookmark */
  createdBy?: UserInfo;
  /** The display name of the bookmark */
  displayName: string;
  /** The time of the event */
  eventTime?: Date;
  /** List of labels relevant to this bookmark */
  labels?: string[];
  /** The notes of the bookmark */
  notes?: string;
  /** The query of the bookmark. */
  query: string;
  /** The query result of the bookmark. */
  queryResult?: string;
  /** The last time the bookmark was updated */
  updated?: Date;
  /** Describes a user that updated the bookmark */
  updatedBy?: UserInfo;
  /** Describes an incident that relates to bookmark */
  incidentInfo?: IncidentInfo;
};

/** Describes threat intelligence entity properties */
export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & {
  /** List of tags */
  threatIntelligenceTags?: string[];
  /** Last updated time in UTC */
  lastUpdatedTimeUtc?: string;
  /** Source of a threat intelligence entity */
  source?: string;
  /** Display name of a threat intelligence entity */
  displayName?: string;
  /** Description of a threat intelligence entity */
  description?: string;
  /** Indicator types of threat intelligence entities */
  indicatorTypes?: string[];
  /** Pattern of a threat intelligence entity */
  pattern?: string;
  /** Pattern type of a threat intelligence entity */
  patternType?: string;
  /** Pattern version of a threat intelligence entity */
  patternVersion?: string;
  /** Kill chain phases */
  killChainPhases?: ThreatIntelligenceKillChainPhase[];
  /** Parsed patterns */
  parsedPattern?: ThreatIntelligenceParsedPattern[];
  /** External ID of threat intelligence entity */
  externalId?: string;
  /** Created by reference of threat intelligence entity */
  createdByRef?: string;
  /** Is threat intelligence entity defanged */
  defanged?: boolean;
  /** External last updated time in UTC */
  externalLastUpdatedTimeUtc?: string;
  /** External References */
  externalReferences?: ThreatIntelligenceExternalReference[];
  /** Granular Markings */
  granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
  /** Labels  of threat intelligence entity */
  labels?: string[];
  /** Is threat intelligence entity revoked */
  revoked?: boolean;
  /** Confidence of threat intelligence entity */
  confidence?: number;
  /** Threat intelligence entity object marking references */
  objectMarkingRefs?: string[];
  /** Language of threat intelligence entity */
  language?: string;
  /** Threat types */
  threatTypes?: string[];
  /** Valid from */
  validFrom?: string;
  /** Valid until */
  validUntil?: string;
  /** Created by */
  created?: string;
  /** Modified by */
  modified?: string;
  /** Extensions map */
  extensions?: { [propertyName: string]: any };
};

/** Account entity property bag. */
export type AccountEntityProperties = EntityCommonProperties & {
  /**
   * The Azure Active Directory tenant id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly aadTenantId?: string;
  /**
   * The Azure Active Directory user id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly aadUserId?: string;
  /**
   * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly accountName?: string;
  /**
   * The display name of the account.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /**
   * The Host entity id that contains the account in case it is a local account (not domain joined)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * Determines whether this is a domain account.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isDomainJoined?: boolean;
  /**
   * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ntDomain?: string;
  /**
   * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly objectGuid?: string;
  /**
   * The Azure Active Directory Passport User ID.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly puid?: string;
  /**
   * The account security identifier, e.g. S-1-5-18.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sid?: string;
  /**
   * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly upnSuffix?: string;
  /**
   * The fully qualified domain DNS name.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsDomain?: string;
};

/** AzureResource entity property bag. */
export type AzureResourceEntityProperties = EntityCommonProperties & {
  /**
   * The azure resource id of the resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly resourceId?: string;
  /**
   * The subscription id of the resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subscriptionId?: string;
};

/** CloudApplication entity property bag. */
export type CloudApplicationEntityProperties = EntityCommonProperties & {
  /**
   * The technical identifier of the application.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly appId?: number;
  /**
   * The name of the related cloud application.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly appName?: string;
  /**
   * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly instanceName?: string;
};

/** Dns entity property bag. */
export type DnsEntityProperties = EntityCommonProperties & {
  /**
   * An ip entity id for the dns server resolving the request
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsServerIpEntityId?: string;
  /**
   * The name of the dns record associated with the alert
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly domainName?: string;
  /**
   * An ip entity id for the dns request client
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostIpAddressEntityId?: string;
  /**
   * Ip entity identifiers for the resolved ip address.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ipAddressEntityIds?: string[];
};

/** File entity property bag. */
export type FileEntityProperties = EntityCommonProperties & {
  /**
   * The full path to the file.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly directory?: string;
  /**
   * The file hash entity identifiers associated with this file
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileHashEntityIds?: string[];
  /**
   * The file name without path (some alerts might not include path).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileName?: string;
  /**
   * The Host entity id which the file belongs to
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
};

/** FileHash entity property bag. */
export type FileHashEntityProperties = EntityCommonProperties & {
  /**
   * The hash algorithm type.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly algorithm?: FileHashAlgorithm;
  /**
   * The file hash value.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hashValue?: string;
};

/** Host entity property bag. */
export type HostEntityProperties = EntityCommonProperties & {
  /**
   * The azure resource id of the VM.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly azureID?: string;
  /**
   * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsDomain?: string;
  /**
   * The hostname without the domain suffix.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostName?: string;
  /**
   * Determines whether this host belongs to a domain.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isDomainJoined?: boolean;
  /**
   * The host name (pre-windows2000).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly netBiosName?: string;
  /**
   * The NT domain that this host belongs to.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ntDomain?: string;
  /**
   * The OMS agent id, if the host has OMS agent installed.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly omsAgentID?: string;
  /** The operating system type. */
  osFamily?: OSFamily;
  /**
   * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly osVersion?: string;
};

/** IoTDevice entity property bag. */
export type IoTDeviceEntityProperties = EntityCommonProperties & {
  /**
   * The ID of the IoT Device in the IoT Hub
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceId?: string;
  /**
   * The friendly name of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceName?: string;
  /**
   * The source of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly source?: string;
  /**
   * The ID of the security agent running on the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly iotSecurityAgentId?: string;
  /**
   * The type of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceType?: string;
  /**
   * The vendor of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly vendor?: string;
  /**
   * The ID of the edge device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly edgeId?: string;
  /**
   * The MAC address of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly macAddress?: string;
  /**
   * The model of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly model?: string;
  /**
   * The serial number of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly serialNumber?: string;
  /**
   * The firmware version of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly firmwareVersion?: string;
  /**
   * The operating system of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly operatingSystem?: string;
  /**
   * The AzureResource entity id of the IoT Hub
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly iotHubEntityId?: string;
  /**
   * The Host entity id of this device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * The IP entity if of this device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ipAddressEntityId?: string;
  /**
   * A list of TI contexts attached to the IoTDevice entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatIntelligence?: ThreatIntelligence[];
  /**
   * A list of protocols of the IoTDevice entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly protocols?: string[];
};

/** Ip entity property bag. */
export type IpEntityProperties = EntityCommonProperties & {
  /**
   * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly address?: string;
  /**
   * The geo-location context attached to the ip entity
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly location?: GeoLocation;
  /**
   * A list of TI contexts attached to the ip entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatIntelligence?: ThreatIntelligence[];
};

/** Mailbox entity property bag. */
export type MailboxEntityProperties = EntityCommonProperties & {
  /**
   * The mailbox's primary address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly mailboxPrimaryAddress?: string;
  /**
   * The mailbox's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /**
   * The mailbox's UPN
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly upn?: string;
  /**
   * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly externalDirectoryObjectId?: string;
};

/** Mail cluster entity property bag. */
export type MailClusterEntityProperties = EntityCommonProperties & {
  /**
   * The mail message IDs that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageIds?: string[];
  /**
   * Count of mail messages by DeliveryStatus string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByDeliveryStatus?: Record<string, unknown>;
  /**
   * Count of mail messages by ThreatType string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByThreatType?: Record<string, unknown>;
  /**
   * Count of mail messages by ProtectionStatus string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByProtectionStatus?: Record<string, unknown>;
  /**
   * The threats of mail messages that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threats?: string[];
  /**
   * The query that was used to identify the messages of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly query?: string;
  /**
   * The query time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly queryTime?: Date;
  /**
   * The number of mail messages that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly mailCount?: number;
  /**
   * Is this a volume anomaly mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isVolumeAnomaly?: boolean;
  /**
   * The source of the mail cluster (default is 'O365 ATP')
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly source?: string;
  /**
   * The id of the cluster source
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterSourceIdentifier?: string;
  /**
   * The type of the cluster source
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterSourceType?: string;
  /**
   * The cluster query start time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterQueryStartTime?: Date;
  /**
   * The cluster query end time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterQueryEndTime?: Date;
  /**
   * The cluster group
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterGroup?: string;
};

/** Mail message entity property bag. */
export type MailMessageEntityProperties = EntityCommonProperties & {
  /**
   * The File entity ids of this mail message's attachments
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileEntityIds?: string[];
  /**
   * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly recipient?: string;
  /**
   * The Urls contained in this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly urls?: string[];
  /**
   * The threats of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threats?: string[];
  /**
   * The p1 sender's email address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1Sender?: string;
  /**
   * The p1 sender's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1SenderDisplayName?: string;
  /**
   * The p1 sender's domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1SenderDomain?: string;
  /**
   * The sender's IP address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly senderIP?: string;
  /**
   * The p2 sender's email address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2Sender?: string;
  /**
   * The p2 sender's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2SenderDisplayName?: string;
  /**
   * The p2 sender's domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2SenderDomain?: string;
  /**
   * The receive date of this message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly receiveDate?: Date;
  /**
   * The network message id of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageId?: string;
  /**
   * The internet message id of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly internetMessageId?: string;
  /**
   * The subject of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subject?: string;
  /**
   * The language of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly language?: string;
  /**
   * The threat detection methods
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatDetectionMethods?: string[];
  /** The bodyFingerprintBin1 */
  bodyFingerprintBin1?: number;
  /** The bodyFingerprintBin2 */
  bodyFingerprintBin2?: number;
  /** The bodyFingerprintBin3 */
  bodyFingerprintBin3?: number;
  /** The bodyFingerprintBin4 */
  bodyFingerprintBin4?: number;
  /** The bodyFingerprintBin5 */
  bodyFingerprintBin5?: number;
  /** The directionality of this mail message */
  antispamDirection?: AntispamMailDirection;
  /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */
  deliveryAction?: DeliveryAction;
  /** The delivery location of this mail message like Inbox, JunkFolder etc */
  deliveryLocation?: DeliveryLocation;
};

/** Malware entity property bag. */
export type MalwareEntityProperties = EntityCommonProperties & {
  /**
   * The malware category by the vendor, e.g. Trojan
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly category?: string;
  /**
   * List of linked file entity identifiers on which the malware was found
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileEntityIds?: string[];
  /**
   * The malware name by the vendor, e.g. Win32/Toga!rfn
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly malwareName?: string;
  /**
   * List of linked process entity identifiers on which the malware was found.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processEntityIds?: string[];
};

/** Process entity property bag. */
export type ProcessEntityProperties = EntityCommonProperties & {
  /**
   * The account entity id running the processes.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly accountEntityId?: string;
  /**
   * The command line used to create the process
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly commandLine?: string;
  /**
   * The time when the process started to run
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly creationTimeUtc?: Date;
  /** The elevation token associated with the process. */
  elevationToken?: ElevationToken;
  /**
   * The host entity id on which the process was running
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * The session entity id in which the process was running
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostLogonSessionEntityId?: string;
  /**
   * Image file entity id
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly imageFileEntityId?: string;
  /**
   * The parent process entity id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly parentProcessEntityId?: string;
  /**
   * The process ID
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processId?: string;
};

/** RegistryKey entity property bag. */
export type RegistryKeyEntityProperties = EntityCommonProperties & {
  /**
   * the hive that holds the registry key.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hive?: RegistryHive;
  /**
   * The registry key path.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly key?: string;
};

/** RegistryValue entity property bag. */
export type RegistryValueEntityProperties = EntityCommonProperties & {
  /**
   * The registry key entity id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly keyEntityId?: string;
  /**
   * String formatted representation of the value data.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueData?: string;
  /**
   * The registry value name.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueName?: string;
  /**
   * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueType?: RegistryValueKind;
};

/** SecurityGroup entity property bag. */
export type SecurityGroupEntityProperties = EntityCommonProperties & {
  /**
   * The group distinguished name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly distinguishedName?: string;
  /**
   * A single-value attribute that is the unique identifier for the object, assigned by active directory.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly objectGuid?: string;
  /**
   * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sid?: string;
};

/** Submission mail entity property bag. */
export type SubmissionMailEntityProperties = EntityCommonProperties & {
  /**
   * The network message id of email to which submission belongs
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageId?: string;
  /**
   * The submission id
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submissionId?: string;
  /**
   * The submitter
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submitter?: string;
  /**
   * The submission date
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submissionDate?: Date;
  /**
   * The Time stamp when the message is received (Mail)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly timestamp?: Date;
  /**
   * The recipient of the mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly recipient?: string;
  /**
   * The sender of the mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sender?: string;
  /**
   * The sender's IP
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly senderIp?: string;
  /**
   * The subject of submission mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subject?: string;
  /**
   * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly reportType?: string;
};

/** Url entity property bag. */
export type UrlEntityProperties = EntityCommonProperties & {
  /**
   * A full URL the entity points to
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly url?: string;
};

/** Represents AAD (Azure Active Directory) requirements check request. */
export type AADCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "AzureActiveDirectory";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents AATP (Azure Advanced Threat Protection) requirements check request. */
export type AatpCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "AzureAdvancedThreatProtection";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents ASC (Azure Security Center) requirements check request. */
export type ASCCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "AzureSecurityCenter";
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** Amazon Web Services CloudTrail requirements check request. */
export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "AmazonWebServicesCloudTrail";
};

/** Amazon Web Services S3 requirements check request. */
export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "AmazonWebServicesS3";
};

/** Represents Dynamics365 requirements check request. */
export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Dynamics365";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents MCAS (Microsoft Cloud App Security) requirements check request. */
export type McasCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "MicrosoftCloudAppSecurity";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */
export type MdatpCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "MicrosoftDefenderAdvancedThreatProtection";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents Microsoft Threat Intelligence requirements check request. */
export type MstiCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "MicrosoftThreatIntelligence";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents MTP (Microsoft Threat Protection) requirements check request. */
export type MtpCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "MicrosoftThreatProtection";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */
export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "OfficeATP";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */
export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "OfficeIRM";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents Office365 Project requirements check request. */
export type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "Office365Project";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents Office PowerBI requirements check request. */
export type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "OfficePowerBI";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Threat Intelligence Platforms data connector check requirements */
export type TICheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "ThreatIntelligence";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Threat Intelligence TAXII data connector check requirements */
export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "ThreatIntelligenceTaxii";
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
};

/** Represents IoT requirements check request. */
export type IoTCheckRequirements = DataConnectorsCheckRequirements & {
  /** Polymorphic discriminator, which specifies the different types this object can be */
  kind: "IOT";
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** Alert rule template with MITRE property bag. */
export type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & {
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
};

/** MicrosoftSecurityIncidentCreation rule template properties */
export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
  /** the alerts' displayNames on which the cases will be generated */
  displayNamesFilter?: string[];
  /** the alerts' displayNames on which the cases will not be generated */
  displayNamesExcludeFilter?: string[];
  /** The alerts' productName on which the cases will be generated */
  productFilter?: MicrosoftSecurityProductName;
  /** the alerts' severities on which the cases will be generated */
  severitiesFilter?: AlertSeverity[];
};

/** NRT alert rule template properties */
export type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties &
  QueryBasedAlertRuleTemplateProperties & {};

/** MicrosoftSecurityIncidentCreation rule property bag. */
export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /** The description of the alert rule. */
  description?: string;
  /** The display name for alerts created by this alert rule. */
  displayName: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled: boolean;
  /**
   * The last time that this alert has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
};

/** Scheduled alert rule base property bag. */
export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
  templateVersion?: string;
  /** The description of the alert rule. */
  description?: string;
  /** The display name for alerts created by this alert rule. */
  displayName: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled: boolean;
  /**
   * The last time that this alert rule has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */
  suppressionDuration: string;
  /** Determines whether the suppression for this alert rule is enabled or disabled. */
  suppressionEnabled: boolean;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The settings of the incidents that created from alerts triggered by this analytics rule */
  incidentConfiguration?: IncidentConfiguration;
};

/** Represents Insight Query. */
export type InsightQueryItemProperties = EntityQueryItemProperties & {
  /** The insight display name. */
  displayName?: string;
  /** The insight description. */
  description?: string;
  /** The base query of the insight. */
  baseQuery?: string;
  /** The insight table query. */
  tableQuery?: InsightQueryItemPropertiesTableQuery;
  /** The insight chart query. */
  chartQuery?: Record<string, unknown>;
  /** The activity query definitions. */
  additionalQuery?: InsightQueryItemPropertiesAdditionalQuery;
  /** The insight chart query. */
  defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange;
  /** The insight chart query. */
  referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange;
};

/** AAD (Azure Active Directory) requirements check properties. */
export type AADCheckRequirementsProperties = DataConnectorTenantId & {};

/** AATP (Azure Advanced Threat Protection) requirements check properties. */
export type AatpCheckRequirementsProperties = DataConnectorTenantId & {};

/** Dynamics365 requirements check properties. */
export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {};

/** MCAS (Microsoft Cloud App Security) requirements check properties. */
export type McasCheckRequirementsProperties = DataConnectorTenantId & {};

/** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */
export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {};

/** Microsoft Threat Intelligence requirements check properties. */
export type MstiCheckRequirementsProperties = DataConnectorTenantId & {};

/** MTP (Microsoft Threat Protection) requirements check properties. */
export type MTPCheckRequirementsProperties = DataConnectorTenantId & {};

/** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */
export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {};

/** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */
export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {};

/** Office365 Project requirements check properties. */
export type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {};

/** Office PowerBI requirements check properties. */
export type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {};

/** Threat Intelligence Platforms data connector required properties. */
export type TICheckRequirementsProperties = DataConnectorTenantId & {};

/** Threat Intelligence TAXII data connector required properties. */
export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {};

/** AAD (Azure Active Directory) data connector properties. */
export type AADDataConnectorProperties = DataConnectorTenantId &
  DataConnectorWithAlertsProperties & {};

/** Microsoft Threat Intelligence data connector properties. */
export type MstiDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: MstiDataConnectorDataTypes;
};

/** MTP (Microsoft Threat Protection) data connector properties. */
export type MTPDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: MTPDataConnectorDataTypes;
};

/** AATP (Azure Advanced Threat Protection) data connector properties. */
export type AatpDataConnectorProperties = DataConnectorTenantId &
  DataConnectorWithAlertsProperties & {};

/** MCAS (Microsoft Cloud App Security) data connector properties. */
export type McasDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: McasDataConnectorDataTypes;
};

/** Dynamics365 data connector properties. */
export type Dynamics365DataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: Dynamics365DataConnectorDataTypes;
};

/** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */
export type OfficeATPDataConnectorProperties = DataConnectorTenantId &
  DataConnectorWithAlertsProperties & {};

/** Office Microsoft Project data connector properties. */
export type Office365ProjectDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: Office365ProjectConnectorDataTypes;
};

/** Office Microsoft PowerBI data connector properties. */
export type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: OfficePowerBIConnectorDataTypes;
};

/** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */
export type OfficeIRMDataConnectorProperties = DataConnectorTenantId &
  DataConnectorWithAlertsProperties & {};

/** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */
export type MdatpDataConnectorProperties = DataConnectorTenantId &
  DataConnectorWithAlertsProperties & {};

/** Office data connector properties. */
export type OfficeDataConnectorProperties = DataConnectorTenantId & {
  /** The available data types for the connector. */
  dataTypes: OfficeDataConnectorDataTypes;
};

/** TI (Threat Intelligence) data connector properties. */
export type TIDataConnectorProperties = DataConnectorTenantId & {
  /** The lookback period for the feed to be imported. */
  tipLookbackPeriod?: Date;
  /** The available data types for the connector. */
  dataTypes: TIDataConnectorDataTypes;
};

/** Threat Intelligence TAXII data connector properties. */
export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
  /** The workspace id. */
  workspaceId?: string;
  /** The friendly name for the TAXII server. */
  friendlyName?: string;
  /** The API root for the TAXII server. */
  taxiiServer?: string;
  /** The collection id of the TAXII server. */
  collectionId?: string;
  /** The userName for the TAXII server. */
  userName?: string;
  /** The password for the TAXII server. */
  password?: string;
  /** The lookback period for the TAXII server. */
  taxiiLookbackPeriod?: Date;
  /** The polling frequency for the TAXII server. */
  pollingFrequency: PollingFrequency | null;
  /** The available data types for Threat Intelligence TAXII data connector. */
  dataTypes: TiTaxiiDataConnectorDataTypes;
};

/** ASC (Azure Security Center) data connector properties. */
export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & {
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** IoT data connector properties. */
export type IoTDataConnectorProperties = DataConnectorWithAlertsProperties & {
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** The available data types for MCAS (Microsoft Cloud App Security) data connector. */
export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & {
  /** Discovery log data type connection. */
  discoveryLogs?: DataConnectorDataTypeCommon;
};

/** Data type for Microsoft Threat Intelligence Platforms data connector. */
export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & {
  /** lookback period */
  lookbackPeriod: string;
};

/** Data type for Microsoft Threat Intelligence Platforms data connector. */
export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & {
  /** lookback period */
  lookbackPeriod: string;
};

/** Data type for Microsoft Threat Protection Platforms data connector. */
export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {};

/** Logs data type. */
export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};

/** Logs data type. */
export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};

/** Common Data Service data type connection. */
export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {};

/** Logs data type. */
export type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};

/** Logs data type. */
export type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};

/** Exchange data type connection. */
export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {};

/** SharePoint data type connection. */
export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {};

/** Teams data type connection. */
export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {};

/** Data type for indicators connection. */
export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {};

/** Data type for TAXII connector. */
export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {};

export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {};

export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {};

export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {};

export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {};

export type PermissionsResourceProviderItem = ResourceProvider & {};

/** Customs permissions required for the connector */
export type Customs = CustomsPermission & {};

export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {};

export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {};

/** Alert rule. */
export type AlertRule = ResourceWithEtag & {
  /** The kind of the alert rule */
  kind: AlertRuleKind;
};

/** Action for alert rule. */
export type ActionResponse = ResourceWithEtag & {
  /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
  logicAppResourceId?: string;
  /** The name of the logic app's workflow. */
  workflowId?: string;
};

/** Action for alert rule. */
export type ActionRequest = ResourceWithEtag & {
  /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
  logicAppResourceId?: string;
  /** Logic App Callback URL for this specific workflow. */
  triggerUri?: string;
};

export type AutomationRule = ResourceWithEtag & {
  /** The display name of the automation rule */
  displayName: string;
  /** The order of execution of the automation rule */
  order: number;
  /** Describes automation rule triggering logic */
  triggeringLogic: AutomationRuleTriggeringLogic;
  /** The actions to execute when the automation rule is triggered */
  actions: AutomationRuleActionUnion[];
  /**
   * The last time the automation rule was updated
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedTimeUtc?: Date;
  /**
   * The time the automation rule was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdTimeUtc?: Date;
  /**
   * Information on the client (user or application) that made some action
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedBy?: ClientInfo;
  /**
   * Information on the client (user or application) that made some action
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdBy?: ClientInfo;
};

/** Represents a bookmark in Azure Security Insights. */
export type Bookmark = ResourceWithEtag & {
  /** The time the bookmark was created */
  created?: Date;
  /** Describes a user that created the bookmark */
  createdBy?: UserInfo;
  /** The display name of the bookmark */
  displayName?: string;
  /** List of labels relevant to this bookmark */
  labels?: string[];
  /** The notes of the bookmark */
  notes?: string;
  /** The query of the bookmark. */
  query?: string;
  /** The query result of the bookmark. */
  queryResult?: string;
  /** The last time the bookmark was updated */
  updated?: Date;
  /** Describes a user that updated the bookmark */
  updatedBy?: UserInfo;
  /** The bookmark event time */
  eventTime?: Date;
  /** The start time for the query */
  queryStartTime?: Date;
  /** The end time for the query */
  queryEndTime?: Date;
  /** Describes an incident that relates to bookmark */
  incidentInfo?: IncidentInfo;
  /** Describes the entity mappings of the bookmark */
  entityMappings?: BookmarkEntityMappings[];
  /** A list of relevant mitre attacks */
  tactics?: AttackTactic[];
  /** A list of relevant mitre techniques */
  techniques?: string[];
};

/** Represents a relation between two resources */
export type Relation = ResourceWithEtag & {
  /** The resource ID of the related resource */
  relatedResourceId?: string;
  /**
   * The name of the related resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly relatedResourceName?: string;
  /**
   * The resource type of the related resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly relatedResourceType?: string;
  /**
   * The resource kind of the related resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly relatedResourceKind?: string;
};

/** Specific entity query. */
export type EntityQuery = ResourceWithEtag & {
  /** the entity query kind */
  kind: EntityQueryKind;
};

/** Specific entity query that supports put requests. */
export type CustomEntityQuery = ResourceWithEtag & {
  /** the entity query kind */
  kind: CustomEntityQueryKind;
};

/** Represents an incident in Azure Security Insights. */
export type Incident = ResourceWithEtag & {
  /**
   * Additional data on the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: IncidentAdditionalData;
  /** The reason the incident was closed */
  classification?: IncidentClassification;
  /** Describes the reason the incident was closed */
  classificationComment?: string;
  /** The classification reason the incident was closed with */
  classificationReason?: IncidentClassificationReason;
  /**
   * The time the incident was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdTimeUtc?: Date;
  /** The description of the incident */
  description?: string;
  /** The time of the first activity in the incident */
  firstActivityTimeUtc?: Date;
  /**
   * The deep-link url to the incident in Azure portal
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly incidentUrl?: string;
  /**
   * A sequential number
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly incidentNumber?: number;
  /** List of labels relevant to this incident */
  labels?: IncidentLabel[];
  /** The name of the source provider that generated the incident */
  providerName?: string;
  /** The incident ID assigned by the incident provider */
  providerIncidentId?: string;
  /** The time of the last activity in the incident */
  lastActivityTimeUtc?: Date;
  /**
   * The last time the incident was updated
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedTimeUtc?: Date;
  /** Describes a user that the incident is assigned to */
  owner?: IncidentOwnerInfo;
  /**
   * List of resource ids of Analytic rules related to the incident
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly relatedAnalyticRuleIds?: string[];
  /** The severity of the incident */
  severity?: IncidentSeverity;
  /** The status of the incident */
  status?: IncidentStatus;
  /** Describes a team for the incident */
  teamInformation?: TeamInformation;
  /** The title of the incident */
  title?: string;
};

/** Represents an incident comment */
export type IncidentComment = ResourceWithEtag & {
  /**
   * The time the comment was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdTimeUtc?: Date;
  /**
   * The time the comment was updated
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedTimeUtc?: Date;
  /** The comment message */
  message?: string;
  /**
   * Describes the client that created the comment
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly author?: ClientInfo;
};

/** Metadata resource definition. */
export type MetadataModel = ResourceWithEtag & {
  /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
  contentId?: string;
  /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
  parentId?: string;
  /** Version of the content.  Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices.  Can also be any string, but then we cannot guarantee any version checks */
  version?: string;
  /** The kind of content the metadata is for. */
  kind?: Kind;
  /** Source of the content.  This is where/how it was created. */
  source?: MetadataSource;
  /** The creator of the content item. */
  author?: MetadataAuthor;
  /** Support information for the metadata - type, name, contact information */
  support?: MetadataSupport;
  /** Dependencies for the content item, what other content items it requires to work.  Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */
  dependencies?: MetadataDependencies;
  /** Categories for the solution content item */
  categories?: MetadataCategories;
  /** Providers for the solution content item */
  providers?: string[];
  /** first publish date solution content item */
  firstPublishDate?: Date;
  /** last publish date for the solution content item */
  lastPublishDate?: Date;
  /** The custom version of the content. A optional free text */
  customVersion?: string;
  /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */
  contentSchemaVersion?: string;
  /** the icon identifier. this id can later be fetched from the solution template */
  icon?: string;
  /** the tactics the resource covers */
  threatAnalysisTactics?: string[];
  /** the techniques the resource covers, these have to be aligned with the tactics being used */
  threatAnalysisTechniques?: string[];
  /** preview image file names. These will be taken from the solution artifacts */
  previewImages?: string[];
  /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
  previewImagesDark?: string[];
};

/** Metadata patch request body. */
export type MetadataPatch = ResourceWithEtag & {
  /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
  contentId?: string;
  /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
  parentId?: string;
  /** Version of the content.  Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices.  Can also be any string, but then we cannot guarantee any version checks */
  version?: string;
  /** The kind of content the metadata is for. */
  kind?: Kind;
  /** Source of the content.  This is where/how it was created. */
  source?: MetadataSource;
  /** The creator of the content item. */
  author?: MetadataAuthor;
  /** Support information for the metadata - type, name, contact information */
  support?: MetadataSupport;
  /** Dependencies for the content item, what other content items it requires to work.  Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. */
  dependencies?: MetadataDependencies;
  /** Categories for the solution content item */
  categories?: MetadataCategories;
  /** Providers for the solution content item */
  providers?: string[];
  /** first publish date solution content item */
  firstPublishDate?: Date;
  /** last publish date for the solution content item */
  lastPublishDate?: Date;
  /** The custom version of the content. A optional free text */
  customVersion?: string;
  /** Schema version of the content. Can be used to distinguish between different flow based on the schema version */
  contentSchemaVersion?: string;
  /** the icon identifier. this id can later be fetched from the solution template */
  icon?: string;
  /** the tactics the resource covers */
  threatAnalysisTactics?: string[];
  /** the techniques the resource covers, these have to be aligned with the tactics being used */
  threatAnalysisTechniques?: string[];
  /** preview image file names. These will be taken from the solution artifacts */
  previewImages?: string[];
  /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
  previewImagesDark?: string[];
};

/** Sentinel onboarding state */
export type SentinelOnboardingState = ResourceWithEtag & {
  /** Flag that indicates the status of the CMK setting */
  customerManagedKey?: boolean;
};

/** The Setting. */
export type Settings = ResourceWithEtag & {
  /** The kind of the setting */
  kind: SettingKind;
};

/** Represents a SourceControl in Azure Security Insights. */
export type SourceControl = ResourceWithEtag & {
  /** The id (a Guid) of the source control */
  idPropertiesId?: string;
  /** The version number associated with the source control */
  version?: Version;
  /** The display name of the source control */
  displayName?: string;
  /** A description of the source control */
  description?: string;
  /** The repository type of the source control */
  repoType?: RepoType;
  /** Array of source control content types. */
  contentTypes?: ContentType[];
  /** Repository metadata. */
  repository?: Repository;
  /** Information regarding the resources created in user's repository. */
  repositoryResourceInfo?: RepositoryResourceInfo;
  /** Information regarding the latest deployment for the source control. */
  lastDeploymentInfo?: DeploymentInfo;
};

/** Threat intelligence information object. */
export type ThreatIntelligenceInformation = ResourceWithEtag & {
  /** The kind of the entity. */
  kind: ThreatIntelligenceResourceKindEnum;
};

/** Represents a Watchlist in Azure Security Insights. */
export type Watchlist = ResourceWithEtag & {
  /** The id (a Guid) of the watchlist */
  watchlistId?: string;
  /** The display name of the watchlist */
  displayName?: string;
  /** The provider of the watchlist */
  provider?: string;
  /** The filename of the watchlist, called 'source' */
  source?: string;
  /** The sourceType of the watchlist */
  sourceType?: SourceType;
  /** The time the watchlist was created */
  created?: Date;
  /** The last time the watchlist was updated */
  updated?: Date;
  /** Describes a user that created the watchlist */
  createdBy?: UserInfo;
  /** Describes a user that updated the watchlist */
  updatedBy?: UserInfo;
  /** A description of the watchlist */
  description?: string;
  /** The type of the watchlist */
  watchlistType?: string;
  /** The alias of the watchlist */
  watchlistAlias?: string;
  /** A flag that indicates if the watchlist is deleted or not */
  isDeleted?: boolean;
  /** List of labels relevant to this watchlist */
  labels?: string[];
  /** The default duration of a watchlist (in ISO 8601 duration format) */
  defaultDuration?: string;
  /** The tenantId where the watchlist belongs to */
  tenantId?: string;
  /** The number of lines in a csv/tsv content to skip before the header */
  numberOfLinesToSkip?: number;
  /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */
  rawContent?: string;
  /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */
  itemsSearchKey?: string;
  /** The content type of the raw content. Example : text/csv or text/tsv */
  contentType?: string;
  /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */
  uploadStatus?: string;
};

/** Represents a Watchlist item in Azure Security Insights. */
export type WatchlistItem = ResourceWithEtag & {
  /** The type of the watchlist item */
  watchlistItemType?: string;
  /** The id (a Guid) of the watchlist item */
  watchlistItemId?: string;
  /** The tenantId to which the watchlist item belongs to */
  tenantId?: string;
  /** A flag that indicates if the watchlist item is deleted or not */
  isDeleted?: boolean;
  /** The time the watchlist item was created */
  created?: Date;
  /** The last time the watchlist item was updated */
  updated?: Date;
  /** Describes a user that created the watchlist item */
  createdBy?: UserInfo;
  /** Describes a user that updated the watchlist item */
  updatedBy?: UserInfo;
  /** key-value pairs for a watchlist item */
  itemsKeyValue?: Record<string, unknown>;
  /** key-value pairs for a watchlist item entity mapping */
  entityMapping?: Record<string, unknown>;
};

/** Data connector */
export type DataConnector = ResourceWithEtag & {
  /** The data connector kind */
  kind: DataConnectorKind;
};

/** Represents MLBehaviorAnalytics alert rule template. */
export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The last time that this alert rule template has been updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data sources for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
};

/** Represents Fusion alert rule template. */
export type FusionAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /**
   * The time that this alert rule template was last updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data connectors for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The tactics of the alert rule template */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** All supported source signal configurations consumed in fusion detection. */
  sourceSettings?: FusionTemplateSourceSetting[];
};

/** Represents Threat Intelligence alert rule template. */
export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The last time that this alert rule template has been updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data sources for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
};

/** Represents MicrosoftSecurityIncidentCreation rule template. */
export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The last time that this alert rule template has been updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data sources for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** the alerts' displayNames on which the cases will be generated */
  displayNamesFilter?: string[];
  /** the alerts' displayNames on which the cases will not be generated */
  displayNamesExcludeFilter?: string[];
  /** The alerts' productName on which the cases will be generated */
  productFilter?: MicrosoftSecurityProductName;
  /** the alerts' severities on which the cases will be generated */
  severitiesFilter?: AlertSeverity[];
};

/** Represents scheduled alert rule template. */
export type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /**
   * The time that this alert rule template was last updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data connectors for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The frequency (in ISO 8601 duration format) for this alert rule to run. */
  queryFrequency?: string;
  /** The period (in ISO 8601 duration format) that this alert rule looks at. */
  queryPeriod?: string;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The operation against the threshold that triggers alert rule. */
  triggerOperator?: TriggerOperator;
  /** The threshold triggers this alert rule. */
  triggerThreshold?: number;
  /** The tactics of the alert rule template */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>. */
  version?: string;
  /** The event grouping settings. */
  eventGroupingSettings?: EventGroupingSettings;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
};

/** Represents NRT alert rule template. */
export type NrtAlertRuleTemplate = AlertRuleTemplate & {
  /** the number of alert rules that were created by this template */
  alertRulesCreatedByTemplateCount?: number;
  /**
   * The last time that this alert rule template has been updated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastUpdatedDateUTC?: Date;
  /**
   * The time that this alert rule template has been added.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdDateUTC?: Date;
  /** The description of the alert rule template. */
  description?: string;
  /** The display name for alert rule template. */
  displayName?: string;
  /** The required data sources for this template */
  requiredDataConnectors?: AlertRuleTemplateDataSource[];
  /** The alert rule template status. */
  status?: TemplateStatus;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>. */
  version?: string;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
};

/** Represents a security alert entity. */
export type SecurityAlert = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The display name of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertDisplayName?: string;
  /**
   * The type name of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertType?: string;
  /**
   * Display name of the main entity being reported on.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly compromisedEntity?: string;
  /**
   * The confidence level of this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceLevel?: ConfidenceLevel;
  /**
   * The confidence reasons
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[];
  /**
   * The confidence score of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceScore?: number;
  /**
   * The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly confidenceScoreStatus?: ConfidenceScoreStatus;
  /**
   * Alert description.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
  /**
   * The impact end time of the alert (the time of the last event contributing to the alert).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly endTimeUtc?: Date;
  /**
   * Holds the alert intent stage(s) mapping for this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly intent?: KillChainIntent;
  /**
   * The identifier of the alert inside the product which generated the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly providerAlertId?: string;
  /**
   * The time the alert was made available for consumption.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processingEndTime?: Date;
  /**
   * The name of a component inside the product which generated the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productComponentName?: string;
  /**
   * The name of the product which published this alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productName?: string;
  /**
   * The version of the product generating the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly productVersion?: string;
  /**
   * Manual action items to take to remediate the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly remediationSteps?: string[];
  /** The severity of the alert */
  severity?: AlertSeverity;
  /**
   * The impact start time of the alert (the time of the first event contributing to the alert).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly startTimeUtc?: Date;
  /**
   * The lifecycle status of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly status?: AlertStatus;
  /**
   * Holds the product identifier of the alert for the product.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly systemAlertId?: string;
  /**
   * The tactics of the alert
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The time the alert was generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly timeGenerated?: Date;
  /**
   * The name of the vendor that raise the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly vendorName?: string;
  /**
   * The uri link of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly alertLink?: string;
  /**
   * The list of resource identifiers of the alert.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly resourceIdentifiers?: Record<string, unknown>[];
};

/** Represents a Hunting bookmark entity. */
export type HuntingBookmark = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /** The time the bookmark was created */
  created?: Date;
  /** Describes a user that created the bookmark */
  createdBy?: UserInfo;
  /** The display name of the bookmark */
  displayName?: string;
  /** The time of the event */
  eventTime?: Date;
  /** List of labels relevant to this bookmark */
  labels?: string[];
  /** The notes of the bookmark */
  notes?: string;
  /** The query of the bookmark. */
  query?: string;
  /** The query result of the bookmark. */
  queryResult?: string;
  /** The last time the bookmark was updated */
  updated?: Date;
  /** Describes a user that updated the bookmark */
  updatedBy?: UserInfo;
  /** Describes an incident that relates to bookmark */
  incidentInfo?: IncidentInfo;
};

/** Represents an account entity. */
export type AccountEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The Azure Active Directory tenant id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly aadTenantId?: string;
  /**
   * The Azure Active Directory user id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly aadUserId?: string;
  /**
   * The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly accountName?: string;
  /**
   * The display name of the account.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /**
   * The Host entity id that contains the account in case it is a local account (not domain joined)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * Determines whether this is a domain account.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isDomainJoined?: boolean;
  /**
   * The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ntDomain?: string;
  /**
   * The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly objectGuid?: string;
  /**
   * The Azure Active Directory Passport User ID.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly puid?: string;
  /**
   * The account security identifier, e.g. S-1-5-18.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sid?: string;
  /**
   * The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly upnSuffix?: string;
  /**
   * The fully qualified domain DNS name.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsDomain?: string;
};

/** Represents an azure resource entity. */
export type AzureResourceEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The azure resource id of the resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly resourceId?: string;
  /**
   * The subscription id of the resource
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subscriptionId?: string;
};

/** Represents a cloud application entity. */
export type CloudApplicationEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The technical identifier of the application.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly appId?: number;
  /**
   * The name of the related cloud application.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly appName?: string;
  /**
   * The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly instanceName?: string;
};

/** Represents a dns entity. */
export type DnsEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * An ip entity id for the dns server resolving the request
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsServerIpEntityId?: string;
  /**
   * The name of the dns record associated with the alert
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly domainName?: string;
  /**
   * An ip entity id for the dns request client
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostIpAddressEntityId?: string;
  /**
   * Ip entity identifiers for the resolved ip address.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ipAddressEntityIds?: string[];
};

/** Represents a file entity. */
export type FileEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The full path to the file.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly directory?: string;
  /**
   * The file hash entity identifiers associated with this file
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileHashEntityIds?: string[];
  /**
   * The file name without path (some alerts might not include path).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileName?: string;
  /**
   * The Host entity id which the file belongs to
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
};

/** Represents a file hash entity. */
export type FileHashEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The hash algorithm type.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly algorithm?: FileHashAlgorithm;
  /**
   * The file hash value.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hashValue?: string;
};

/** Represents a host entity. */
export type HostEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The azure resource id of the VM.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly azureID?: string;
  /**
   * The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly dnsDomain?: string;
  /**
   * The hostname without the domain suffix.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostName?: string;
  /**
   * Determines whether this host belongs to a domain.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isDomainJoined?: boolean;
  /**
   * The host name (pre-windows2000).
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly netBiosName?: string;
  /**
   * The NT domain that this host belongs to.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ntDomain?: string;
  /**
   * The OMS agent id, if the host has OMS agent installed.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly omsAgentID?: string;
  /** The operating system type. */
  osFamily?: OSFamily;
  /**
   * A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly osVersion?: string;
};

/** Represents an IoT device entity. */
export type IoTDeviceEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The ID of the IoT Device in the IoT Hub
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceId?: string;
  /**
   * The friendly name of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceName?: string;
  /**
   * The source of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly source?: string;
  /**
   * The ID of the security agent running on the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly iotSecurityAgentId?: string;
  /**
   * The type of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly deviceType?: string;
  /**
   * The vendor of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly vendor?: string;
  /**
   * The ID of the edge device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly edgeId?: string;
  /**
   * The MAC address of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly macAddress?: string;
  /**
   * The model of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly model?: string;
  /**
   * The serial number of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly serialNumber?: string;
  /**
   * The firmware version of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly firmwareVersion?: string;
  /**
   * The operating system of the device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly operatingSystem?: string;
  /**
   * The AzureResource entity id of the IoT Hub
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly iotHubEntityId?: string;
  /**
   * The Host entity id of this device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * The IP entity if of this device
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly ipAddressEntityId?: string;
  /**
   * A list of TI contexts attached to the IoTDevice entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatIntelligence?: ThreatIntelligence[];
  /**
   * A list of protocols of the IoTDevice entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly protocols?: string[];
};

/** Represents an ip entity. */
export type IpEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly address?: string;
  /**
   * The geo-location context attached to the ip entity
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly location?: GeoLocation;
  /**
   * A list of TI contexts attached to the ip entity.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatIntelligence?: ThreatIntelligence[];
};

/** Represents a mailbox entity. */
export type MailboxEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The mailbox's primary address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly mailboxPrimaryAddress?: string;
  /**
   * The mailbox's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /**
   * The mailbox's UPN
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly upn?: string;
  /**
   * The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly externalDirectoryObjectId?: string;
};

/** Represents a mail cluster entity. */
export type MailClusterEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The mail message IDs that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageIds?: string[];
  /**
   * Count of mail messages by DeliveryStatus string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByDeliveryStatus?: Record<string, unknown>;
  /**
   * Count of mail messages by ThreatType string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByThreatType?: Record<string, unknown>;
  /**
   * Count of mail messages by ProtectionStatus string representation
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly countByProtectionStatus?: Record<string, unknown>;
  /**
   * The threats of mail messages that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threats?: string[];
  /**
   * The query that was used to identify the messages of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly query?: string;
  /**
   * The query time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly queryTime?: Date;
  /**
   * The number of mail messages that are part of the mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly mailCount?: number;
  /**
   * Is this a volume anomaly mail cluster
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isVolumeAnomaly?: boolean;
  /**
   * The source of the mail cluster (default is 'O365 ATP')
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly source?: string;
  /**
   * The id of the cluster source
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterSourceIdentifier?: string;
  /**
   * The type of the cluster source
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterSourceType?: string;
  /**
   * The cluster query start time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterQueryStartTime?: Date;
  /**
   * The cluster query end time
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterQueryEndTime?: Date;
  /**
   * The cluster group
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly clusterGroup?: string;
};

/** Represents a mail message entity. */
export type MailMessageEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The File entity ids of this mail message's attachments
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileEntityIds?: string[];
  /**
   * The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly recipient?: string;
  /**
   * The Urls contained in this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly urls?: string[];
  /**
   * The threats of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threats?: string[];
  /**
   * The p1 sender's email address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1Sender?: string;
  /**
   * The p1 sender's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1SenderDisplayName?: string;
  /**
   * The p1 sender's domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p1SenderDomain?: string;
  /**
   * The sender's IP address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly senderIP?: string;
  /**
   * The p2 sender's email address
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2Sender?: string;
  /**
   * The p2 sender's display name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2SenderDisplayName?: string;
  /**
   * The p2 sender's domain
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly p2SenderDomain?: string;
  /**
   * The receive date of this message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly receiveDate?: Date;
  /**
   * The network message id of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageId?: string;
  /**
   * The internet message id of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly internetMessageId?: string;
  /**
   * The subject of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subject?: string;
  /**
   * The language of this mail message
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly language?: string;
  /**
   * The threat detection methods
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly threatDetectionMethods?: string[];
  /** The bodyFingerprintBin1 */
  bodyFingerprintBin1?: number;
  /** The bodyFingerprintBin2 */
  bodyFingerprintBin2?: number;
  /** The bodyFingerprintBin3 */
  bodyFingerprintBin3?: number;
  /** The bodyFingerprintBin4 */
  bodyFingerprintBin4?: number;
  /** The bodyFingerprintBin5 */
  bodyFingerprintBin5?: number;
  /** The directionality of this mail message */
  antispamDirection?: AntispamMailDirection;
  /** The delivery action of this mail message like Delivered, Blocked, Replaced etc */
  deliveryAction?: DeliveryAction;
  /** The delivery location of this mail message like Inbox, JunkFolder etc */
  deliveryLocation?: DeliveryLocation;
};

/** Represents a malware entity. */
export type MalwareEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The malware category by the vendor, e.g. Trojan
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly category?: string;
  /**
   * List of linked file entity identifiers on which the malware was found
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly fileEntityIds?: string[];
  /**
   * The malware name by the vendor, e.g. Win32/Toga!rfn
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly malwareName?: string;
  /**
   * List of linked process entity identifiers on which the malware was found.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processEntityIds?: string[];
};

/** Represents a process entity. */
export type ProcessEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The account entity id running the processes.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly accountEntityId?: string;
  /**
   * The command line used to create the process
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly commandLine?: string;
  /**
   * The time when the process started to run
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly creationTimeUtc?: Date;
  /** The elevation token associated with the process. */
  elevationToken?: ElevationToken;
  /**
   * The host entity id on which the process was running
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostEntityId?: string;
  /**
   * The session entity id in which the process was running
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hostLogonSessionEntityId?: string;
  /**
   * Image file entity id
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly imageFileEntityId?: string;
  /**
   * The parent process entity id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly parentProcessEntityId?: string;
  /**
   * The process ID
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly processId?: string;
};

/** Represents a registry key entity. */
export type RegistryKeyEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * the hive that holds the registry key.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly hive?: RegistryHive;
  /**
   * The registry key path.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly key?: string;
};

/** Represents a registry value entity. */
export type RegistryValueEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The registry key entity id.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly keyEntityId?: string;
  /**
   * String formatted representation of the value data.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueData?: string;
  /**
   * The registry value name.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueName?: string;
  /**
   * Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly valueType?: RegistryValueKind;
};

/** Represents a security group entity. */
export type SecurityGroupEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The group distinguished name
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly distinguishedName?: string;
  /**
   * A single-value attribute that is the unique identifier for the object, assigned by active directory.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly objectGuid?: string;
  /**
   * The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sid?: string;
};

/** Represents a submission mail entity. */
export type SubmissionMailEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * The network message id of email to which submission belongs
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly networkMessageId?: string;
  /**
   * The submission id
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submissionId?: string;
  /**
   * The submitter
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submitter?: string;
  /**
   * The submission date
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly submissionDate?: Date;
  /**
   * The Time stamp when the message is received (Mail)
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly timestamp?: Date;
  /**
   * The recipient of the mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly recipient?: string;
  /**
   * The sender of the mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly sender?: string;
  /**
   * The sender's IP
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly senderIp?: string;
  /**
   * The subject of submission mail
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly subject?: string;
  /**
   * The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly reportType?: string;
};

/** Represents a url entity. */
export type UrlEntity = Entity & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /**
   * A full URL the entity points to
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly url?: string;
};

/** Represents Activity entity query. */
export type ActivityEntityQueryTemplate = EntityQueryTemplate & {
  /** The entity query title */
  title?: string;
  /** The entity query content to display in timeline */
  content?: string;
  /** The entity query description */
  description?: string;
  /** The Activity query definitions */
  queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions;
  /** List of required data types for the given entity query template */
  dataTypes?: DataTypeDefinitions[];
  /** The type of the query's source entity */
  inputEntityType?: EntityType;
  /** List of the fields of the source entity that are required to run the query */
  requiredInputFieldsSets?: string[][];
  /** The query applied only to entities matching to all filters */
  entitiesFilter?: { [propertyName: string]: string[] };
};

/** MLBehaviorAnalytics alert rule template properties. */
export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
  /** The severity for alerts created by this alert rule. */
  severity: AlertSeverity;
};

/** Threat Intelligence alert rule template properties */
export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
  /** The severity for alerts created by this alert rule. */
  severity: AlertSeverity;
};

export type PermissionsCustomsItem = Customs & {};

/** Represents MLBehaviorAnalytics alert rule. */
export type MLBehaviorAnalyticsAlertRule = AlertRule & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /**
   * The description of the alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
  /**
   * The display name for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /**
   * The last time that this alert rule has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /**
   * The severity for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly severity?: AlertSeverity;
  /**
   * The tactics of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The techniques of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly techniques?: string[];
};

/** Represents Fusion alert rule. */
export type FusionAlertRule = AlertRule & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /**
   * The description of the alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
  /**
   * The display name for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /** Configuration for all supported source signals in fusion detection. */
  sourceSettings?: FusionSourceSettings[];
  /** Configuration to exclude scenarios in fusion detection. */
  scenarioExclusionPatterns?: FusionScenarioExclusionPattern[];
  /**
   * The last time that this alert has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /**
   * The severity for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly severity?: AlertSeverity;
  /**
   * The tactics of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The techniques of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly techniques?: string[];
};

/** Represents Threat Intelligence alert rule. */
export type ThreatIntelligenceAlertRule = AlertRule & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /**
   * The description of the alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly description?: string;
  /**
   * The display name for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /**
   * The last time that this alert has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /**
   * The severity for alerts created by this alert rule.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly severity?: AlertSeverity;
  /**
   * The tactics of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly tactics?: AttackTactic[];
  /**
   * The techniques of the alert rule
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly techniques?: string[];
};

/** Represents MicrosoftSecurityIncidentCreation rule. */
export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
  /** the alerts' displayNames on which the cases will be generated */
  displayNamesFilter?: string[];
  /** the alerts' displayNames on which the cases will not be generated */
  displayNamesExcludeFilter?: string[];
  /** The alerts' productName on which the cases will be generated */
  productFilter?: MicrosoftSecurityProductName;
  /** the alerts' severities on which the cases will be generated */
  severitiesFilter?: AlertSeverity[];
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /** The description of the alert rule. */
  description?: string;
  /** The display name for alerts created by this alert rule. */
  displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /**
   * The last time that this alert has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
};

/** Represents scheduled alert rule. */
export type ScheduledAlertRule = AlertRule & {
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The frequency (in ISO 8601 duration format) for this alert rule to run. */
  queryFrequency?: string;
  /** The period (in ISO 8601 duration format) that this alert rule looks at. */
  queryPeriod?: string;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The operation against the threshold that triggers alert rule. */
  triggerOperator?: TriggerOperator;
  /** The threshold triggers this alert rule. */
  triggerThreshold?: number;
  /** The event grouping settings. */
  eventGroupingSettings?: EventGroupingSettings;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
  templateVersion?: string;
  /** The description of the alert rule. */
  description?: string;
  /** The display name for alerts created by this alert rule. */
  displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /**
   * The last time that this alert rule has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */
  suppressionDuration?: string;
  /** Determines whether the suppression for this alert rule is enabled or disabled. */
  suppressionEnabled?: boolean;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The settings of the incidents that created from alerts triggered by this analytics rule */
  incidentConfiguration?: IncidentConfiguration;
};

/** Represents NRT alert rule. */
export type NrtAlertRule = AlertRule & {
  /** The Name of the alert rule template used to create this rule. */
  alertRuleTemplateName?: string;
  /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
  templateVersion?: string;
  /** The description of the alert rule. */
  description?: string;
  /** The query that creates alerts for this rule. */
  query?: string;
  /** The tactics of the alert rule */
  tactics?: AttackTactic[];
  /** The techniques of the alert rule */
  techniques?: string[];
  /** The display name for alerts created by this alert rule. */
  displayName?: string;
  /** Determines whether this alert rule is enabled or disabled. */
  enabled?: boolean;
  /**
   * The last time that this alert rule has been modified.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedUtc?: Date;
  /** The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. */
  suppressionDuration?: string;
  /** Determines whether the suppression for this alert rule is enabled or disabled. */
  suppressionEnabled?: boolean;
  /** The severity for alerts created by this alert rule. */
  severity?: AlertSeverity;
  /** The settings of the incidents that created from alerts triggered by this analytics rule */
  incidentConfiguration?: IncidentConfiguration;
  /** Dictionary of string key-value pairs of columns to be attached to the alert */
  customDetails?: { [propertyName: string]: string };
  /** Array of the entity mappings of the alert rule */
  entityMappings?: EntityMapping[];
  /** The alert details override settings */
  alertDetailsOverride?: AlertDetailsOverride;
};

/** Represents Expansion entity query. */
export type ExpansionEntityQuery = EntityQuery & {
  /** List of the data sources that are required to run the query */
  dataSources?: string[];
  /** The query display name */
  displayName?: string;
  /** The type of the query's source entity */
  inputEntityType?: EntityType;
  /** List of the fields of the source entity that are required to run the query */
  inputFields?: string[];
  /** List of the desired output types to be constructed from the result */
  outputEntityTypes?: EntityType[];
  /** The template query string to be parsed and formatted */
  queryTemplate?: string;
};

/** Represents Activity entity query. */
export type ActivityEntityQuery = EntityQuery & {
  /** The entity query title */
  title?: string;
  /** The entity query content to display in timeline */
  content?: string;
  /** The entity query description */
  description?: string;
  /** The Activity query definitions */
  queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
  /** The type of the query's source entity */
  inputEntityType?: EntityType;
  /** List of the fields of the source entity that are required to run the query */
  requiredInputFieldsSets?: string[][];
  /** The query applied only to entities matching to all filters */
  entitiesFilter?: { [propertyName: string]: string[] };
  /** The template id this activity was created from */
  templateName?: string;
  /** Determines whether this activity is enabled or disabled. */
  enabled?: boolean;
  /**
   * The time the activity was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdTimeUtc?: Date;
  /**
   * The last time the activity was updated
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedTimeUtc?: Date;
};

/** Represents Activity entity query. */
export type ActivityCustomEntityQuery = CustomEntityQuery & {
  /** The entity query title */
  title?: string;
  /** The entity query content to display in timeline */
  content?: string;
  /** The entity query description */
  description?: string;
  /** The Activity query definitions */
  queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
  /** The type of the query's source entity */
  inputEntityType?: EntityType;
  /** List of the fields of the source entity that are required to run the query */
  requiredInputFieldsSets?: string[][];
  /** The query applied only to entities matching to all filters */
  entitiesFilter?: { [propertyName: string]: string[] };
  /** The template id this activity was created from */
  templateName?: string;
  /** Determines whether this activity is enabled or disabled. */
  enabled?: boolean;
  /**
   * The time the activity was created
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly createdTimeUtc?: Date;
  /**
   * The last time the activity was updated
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly lastModifiedTimeUtc?: Date;
};

/** Settings with single toggle. */
export type Anomalies = Settings & {
  /**
   * Determines whether the setting is enable or disabled.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isEnabled?: boolean;
};

/** Settings with single toggle. */
export type EyesOn = Settings & {
  /**
   * Determines whether the setting is enable or disabled.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isEnabled?: boolean;
};

/** Settings with single toggle. */
export type EntityAnalytics = Settings & {
  /**
   * Determines whether the setting is enable or disabled.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly isEnabled?: boolean;
};

/** Settings with single toggle. */
export type Ueba = Settings & {
  /** The relevant data sources that enriched by ueba */
  dataSources?: UebaDataSources[];
};

/** Threat intelligence indicator entity. */
export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & {
  /**
   * A bag of custom fields that should be part of the entity and will be presented to the user.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
  /**
   * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
   * NOTE: This property will not be serialized. It can only be populated by the server.
   */
  readonly friendlyName?: string;
  /** List of tags */
  threatIntelligenceTags?: string[];
  /** Last updated time in UTC */
  lastUpdatedTimeUtc?: string;
  /** Source of a threat intelligence entity */
  source?: string;
  /** Display name of a threat intelligence entity */
  displayName?: string;
  /** Description of a threat intelligence entity */
  description?: string;
  /** Indicator types of threat intelligence entities */
  indicatorTypes?: string[];
  /** Pattern of a threat intelligence entity */
  pattern?: string;
  /** Pattern type of a threat intelligence entity */
  patternType?: string;
  /** Pattern version of a threat intelligence entity */
  patternVersion?: string;
  /** Kill chain phases */
  killChainPhases?: ThreatIntelligenceKillChainPhase[];
  /** Parsed patterns */
  parsedPattern?: ThreatIntelligenceParsedPattern[];
  /** External ID of threat intelligence entity */
  externalId?: string;
  /** Created by reference of threat intelligence entity */
  createdByRef?: string;
  /** Is threat intelligence entity defanged */
  defanged?: boolean;
  /** External last updated time in UTC */
  externalLastUpdatedTimeUtc?: string;
  /** External References */
  externalReferences?: ThreatIntelligenceExternalReference[];
  /** Granular Markings */
  granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
  /** Labels  of threat intelligence entity */
  labels?: string[];
  /** Is threat intelligence entity revoked */
  revoked?: boolean;
  /** Confidence of threat intelligence entity */
  confidence?: number;
  /** Threat intelligence entity object marking references */
  objectMarkingRefs?: string[];
  /** Language of threat intelligence entity */
  language?: string;
  /** Threat types */
  threatTypes?: string[];
  /** Valid from */
  validFrom?: string;
  /** Valid until */
  validUntil?: string;
  /** Created by */
  created?: string;
  /** Modified by */
  modified?: string;
  /** Extensions map */
  extensions?: { [propertyName: string]: any };
};

/** Represents AAD (Azure Active Directory) data connector. */
export type AADDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
};

/** Represents Microsoft Threat Intelligence data connector. */
export type MstiDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: MstiDataConnectorDataTypes;
};

/** Represents MTP (Microsoft Threat Protection) data connector. */
export type MTPDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: MTPDataConnectorDataTypes;
};

/** Represents AATP (Azure Advanced Threat Protection) data connector. */
export type AatpDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
};

/** Represents ASC (Azure Security Center) data connector. */
export type ASCDataConnector = DataConnector & {
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** Represents Amazon Web Services CloudTrail data connector. */
export type AwsCloudTrailDataConnector = DataConnector & {
  /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */
  awsRoleArn?: string;
  /** The available data types for the connector. */
  dataTypes?: AwsCloudTrailDataConnectorDataTypes;
};

/** Represents Amazon Web Services S3 data connector. */
export type AwsS3DataConnector = DataConnector & {
  /** The logs destination table name in LogAnalytics. */
  destinationTable?: string;
  /** The AWS sqs urls for the connector. */
  sqsUrls?: string[];
  /** The Aws Role Arn that is used to access the Aws account. */
  roleArn?: string;
  /** The available data types for the connector. */
  dataTypes?: AwsS3DataConnectorDataTypes;
};

/** Represents MCAS (Microsoft Cloud App Security) data connector. */
export type McasDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: McasDataConnectorDataTypes;
};

/** Represents Dynamics365 data connector. */
export type Dynamics365DataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: Dynamics365DataConnectorDataTypes;
};

/** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */
export type OfficeATPDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
};

/** Represents Office Microsoft Project data connector. */
export type Office365ProjectDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: Office365ProjectConnectorDataTypes;
};

/** Represents Office Microsoft PowerBI data connector. */
export type OfficePowerBIDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: OfficePowerBIConnectorDataTypes;
};

/** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */
export type OfficeIRMDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
};

/** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */
export type MdatpDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
};

/** Represents office data connector. */
export type OfficeDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The available data types for the connector. */
  dataTypes?: OfficeDataConnectorDataTypes;
};

/** Represents threat intelligence data connector. */
export type TIDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The lookback period for the feed to be imported. */
  tipLookbackPeriod?: Date;
  /** The available data types for the connector. */
  dataTypes?: TIDataConnectorDataTypes;
};

/** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */
export type TiTaxiiDataConnector = DataConnector & {
  /** The tenant id to connect to, and get the data from. */
  tenantId?: string;
  /** The workspace id. */
  workspaceId?: string;
  /** The friendly name for the TAXII server. */
  friendlyName?: string;
  /** The API root for the TAXII server. */
  taxiiServer?: string;
  /** The collection id of the TAXII server. */
  collectionId?: string;
  /** The userName for the TAXII server. */
  userName?: string;
  /** The password for the TAXII server. */
  password?: string;
  /** The lookback period for the TAXII server. */
  taxiiLookbackPeriod?: Date;
  /** The polling frequency for the TAXII server. */
  pollingFrequency?: PollingFrequency;
  /** The available data types for Threat Intelligence TAXII data connector. */
  dataTypes?: TiTaxiiDataConnectorDataTypes;
};

/** Represents IoT data connector. */
export type IoTDataConnector = DataConnector & {
  /** The available data types for the connector. */
  dataTypes?: AlertsDataTypeOfDataConnector;
  /** The subscription id to connect to, and get the data from. */
  subscriptionId?: string;
};

/** Represents Codeless UI data connector. */
export type CodelessUiDataConnector = DataConnector & {
  /** Config to describe the instructions blade */
  connectorUiConfig?: CodelessUiConnectorConfigProperties;
};

/** Represents Codeless API Polling data connector. */
export type CodelessApiPollingDataConnector = DataConnector & {
  /** Config to describe the instructions blade */
  connectorUiConfig?: CodelessUiConnectorConfigProperties;
  /** Config to describe the polling instructions */
  pollingConfig?: CodelessConnectorPollingConfigProperties;
};

/** Defines headers for Watchlists_delete operation. */
export interface WatchlistsDeleteHeaders {
  /** Contains the status URL on which clients are expected to poll the status of the delete operation. */
  azureAsyncOperation?: string;
}

/** Defines headers for Watchlists_createOrUpdate operation. */
export interface WatchlistsCreateOrUpdateHeaders {
  /** Contains the status URL on which clients are expected to poll the status of the operation. */
  azureAsyncOperation?: string;
}

/** Known values of {@link AlertRuleKind} that the service accepts. */
export enum KnownAlertRuleKind {
  Scheduled = "Scheduled",
  MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation",
  Fusion = "Fusion",
  MLBehaviorAnalytics = "MLBehaviorAnalytics",
  ThreatIntelligence = "ThreatIntelligence",
  NRT = "NRT"
}

/**
 * Defines values for AlertRuleKind. \
 * {@link KnownAlertRuleKind} can be used interchangeably with AlertRuleKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Scheduled** \
 * **MicrosoftSecurityIncidentCreation** \
 * **Fusion** \
 * **MLBehaviorAnalytics** \
 * **ThreatIntelligence** \
 * **NRT**
 */
export type AlertRuleKind = string;

/** Known values of {@link CreatedByType} that the service accepts. */
export enum KnownCreatedByType {
  User = "User",
  Application = "Application",
  ManagedIdentity = "ManagedIdentity",
  Key = "Key"
}

/**
 * Defines values for CreatedByType. \
 * {@link KnownCreatedByType} can be used interchangeably with CreatedByType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **User** \
 * **Application** \
 * **ManagedIdentity** \
 * **Key**
 */
export type CreatedByType = string;

/** Known values of {@link TriggersOn} that the service accepts. */
export enum KnownTriggersOn {
  /** Trigger on Incidents */
  Incidents = "Incidents"
}

/**
 * Defines values for TriggersOn. \
 * {@link KnownTriggersOn} can be used interchangeably with TriggersOn,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Incidents**: Trigger on Incidents
 */
export type TriggersOn = string;

/** Known values of {@link TriggersWhen} that the service accepts. */
export enum KnownTriggersWhen {
  /** Trigger on created objects */
  Created = "Created"
}

/**
 * Defines values for TriggersWhen. \
 * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Created**: Trigger on created objects
 */
export type TriggersWhen = string;

/** Known values of {@link ConditionType} that the service accepts. */
export enum KnownConditionType {
  /** Evaluate an object property value */
  Property = "Property"
}

/**
 * Defines values for ConditionType. \
 * {@link KnownConditionType} can be used interchangeably with ConditionType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Property**: Evaluate an object property value
 */
export type ConditionType = string;

/** Known values of {@link ActionType} that the service accepts. */
export enum KnownActionType {
  /** Modify an object's properties */
  ModifyProperties = "ModifyProperties",
  /** Run a playbook on an object */
  RunPlaybook = "RunPlaybook"
}

/**
 * Defines values for ActionType. \
 * {@link KnownActionType} can be used interchangeably with ActionType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **ModifyProperties**: Modify an object's properties \
 * **RunPlaybook**: Run a playbook on an object
 */
export type ActionType = string;

/** Known values of {@link IncidentSeverity} that the service accepts. */
export enum KnownIncidentSeverity {
  /** High severity */
  High = "High",
  /** Medium severity */
  Medium = "Medium",
  /** Low severity */
  Low = "Low",
  /** Informational severity */
  Informational = "Informational"
}

/**
 * Defines values for IncidentSeverity. \
 * {@link KnownIncidentSeverity} can be used interchangeably with IncidentSeverity,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **High**: High severity \
 * **Medium**: Medium severity \
 * **Low**: Low severity \
 * **Informational**: Informational severity
 */
export type IncidentSeverity = string;

/** Known values of {@link AttackTactic} that the service accepts. */
export enum KnownAttackTactic {
  Reconnaissance = "Reconnaissance",
  ResourceDevelopment = "ResourceDevelopment",
  InitialAccess = "InitialAccess",
  Execution = "Execution",
  Persistence = "Persistence",
  PrivilegeEscalation = "PrivilegeEscalation",
  DefenseEvasion = "DefenseEvasion",
  CredentialAccess = "CredentialAccess",
  Discovery = "Discovery",
  LateralMovement = "LateralMovement",
  Collection = "Collection",
  Exfiltration = "Exfiltration",
  CommandAndControl = "CommandAndControl",
  Impact = "Impact",
  PreAttack = "PreAttack",
  ImpairProcessControl = "ImpairProcessControl",
  InhibitResponseFunction = "InhibitResponseFunction"
}

/**
 * Defines values for AttackTactic. \
 * {@link KnownAttackTactic} can be used interchangeably with AttackTactic,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Reconnaissance** \
 * **ResourceDevelopment** \
 * **InitialAccess** \
 * **Execution** \
 * **Persistence** \
 * **PrivilegeEscalation** \
 * **DefenseEvasion** \
 * **CredentialAccess** \
 * **Discovery** \
 * **LateralMovement** \
 * **Collection** \
 * **Exfiltration** \
 * **CommandAndControl** \
 * **Impact** \
 * **PreAttack** \
 * **ImpairProcessControl** \
 * **InhibitResponseFunction**
 */
export type AttackTactic = string;

/** Known values of {@link EntityKind} that the service accepts. */
export enum KnownEntityKind {
  /** Entity represents account in the system. */
  Account = "Account",
  /** Entity represents host in the system. */
  Host = "Host",
  /** Entity represents file in the system. */
  File = "File",
  /** Entity represents azure resource in the system. */
  AzureResource = "AzureResource",
  /** Entity represents cloud application in the system. */
  CloudApplication = "CloudApplication",
  /** Entity represents dns resolution in the system. */
  DnsResolution = "DnsResolution",
  /** Entity represents file hash in the system. */
  FileHash = "FileHash",
  /** Entity represents ip in the system. */
  Ip = "Ip",
  /** Entity represents malware in the system. */
  Malware = "Malware",
  /** Entity represents process in the system. */
  Process = "Process",
  /** Entity represents registry key in the system. */
  RegistryKey = "RegistryKey",
  /** Entity represents registry value in the system. */
  RegistryValue = "RegistryValue",
  /** Entity represents security group in the system. */
  SecurityGroup = "SecurityGroup",
  /** Entity represents url in the system. */
  Url = "Url",
  /** Entity represents IoT device in the system. */
  IoTDevice = "IoTDevice",
  /** Entity represents security alert in the system. */
  SecurityAlert = "SecurityAlert",
  /** Entity represents bookmark in the system. */
  Bookmark = "Bookmark",
  /** Entity represents mail cluster in the system. */
  MailCluster = "MailCluster",
  /** Entity represents mail message in the system. */
  MailMessage = "MailMessage",
  /** Entity represents mailbox in the system. */
  Mailbox = "Mailbox",
  /** Entity represents submission mail in the system. */
  SubmissionMail = "SubmissionMail"
}

/**
 * Defines values for EntityKind. \
 * {@link KnownEntityKind} can be used interchangeably with EntityKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Account**: Entity represents account in the system. \
 * **Host**: Entity represents host in the system. \
 * **File**: Entity represents file in the system. \
 * **AzureResource**: Entity represents azure resource in the system. \
 * **CloudApplication**: Entity represents cloud application in the system. \
 * **DnsResolution**: Entity represents dns resolution in the system. \
 * **FileHash**: Entity represents file hash in the system. \
 * **Ip**: Entity represents ip in the system. \
 * **Malware**: Entity represents malware in the system. \
 * **Process**: Entity represents process in the system. \
 * **RegistryKey**: Entity represents registry key in the system. \
 * **RegistryValue**: Entity represents registry value in the system. \
 * **SecurityGroup**: Entity represents security group in the system. \
 * **Url**: Entity represents url in the system. \
 * **IoTDevice**: Entity represents IoT device in the system. \
 * **SecurityAlert**: Entity represents security alert in the system. \
 * **Bookmark**: Entity represents bookmark in the system. \
 * **MailCluster**: Entity represents mail cluster in the system. \
 * **MailMessage**: Entity represents mail message in the system. \
 * **Mailbox**: Entity represents mailbox in the system. \
 * **SubmissionMail**: Entity represents submission mail in the system.
 */
export type EntityKind = string;

/** Known values of {@link EntityTimelineKind} that the service accepts. */
export enum KnownEntityTimelineKind {
  /** activity */
  Activity = "Activity",
  /** bookmarks */
  Bookmark = "Bookmark",
  /** security alerts */
  SecurityAlert = "SecurityAlert"
}

/**
 * Defines values for EntityTimelineKind. \
 * {@link KnownEntityTimelineKind} can be used interchangeably with EntityTimelineKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Activity**: activity \
 * **Bookmark**: bookmarks \
 * **SecurityAlert**: security alerts
 */
export type EntityTimelineKind = string;

/** Known values of {@link EntityItemQueryKind} that the service accepts. */
export enum KnownEntityItemQueryKind {
  /** insight */
  Insight = "Insight"
}

/**
 * Defines values for EntityItemQueryKind. \
 * {@link KnownEntityItemQueryKind} can be used interchangeably with EntityItemQueryKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Insight**: insight
 */
export type EntityItemQueryKind = string;

/** Known values of {@link EntityQueryKind} that the service accepts. */
export enum KnownEntityQueryKind {
  Expansion = "Expansion",
  Insight = "Insight",
  Activity = "Activity"
}

/**
 * Defines values for EntityQueryKind. \
 * {@link KnownEntityQueryKind} can be used interchangeably with EntityQueryKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Expansion** \
 * **Insight** \
 * **Activity**
 */
export type EntityQueryKind = string;

/** Known values of {@link Enum12} that the service accepts. */
export enum KnownEnum12 {
  Expansion = "Expansion",
  Activity = "Activity"
}

/**
 * Defines values for Enum12. \
 * {@link KnownEnum12} can be used interchangeably with Enum12,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Expansion** \
 * **Activity**
 */
export type Enum12 = string;

/** Known values of {@link CustomEntityQueryKind} that the service accepts. */
export enum KnownCustomEntityQueryKind {
  Activity = "Activity"
}

/**
 * Defines values for CustomEntityQueryKind. \
 * {@link KnownCustomEntityQueryKind} can be used interchangeably with CustomEntityQueryKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Activity**
 */
export type CustomEntityQueryKind = string;

/** Known values of {@link EntityQueryTemplateKind} that the service accepts. */
export enum KnownEntityQueryTemplateKind {
  Activity = "Activity"
}

/**
 * Defines values for EntityQueryTemplateKind. \
 * {@link KnownEntityQueryTemplateKind} can be used interchangeably with EntityQueryTemplateKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Activity**
 */
export type EntityQueryTemplateKind = string;

/** Known values of {@link IncidentClassification} that the service accepts. */
export enum KnownIncidentClassification {
  /** Incident classification was undetermined */
  Undetermined = "Undetermined",
  /** Incident was true positive */
  TruePositive = "TruePositive",
  /** Incident was benign positive */
  BenignPositive = "BenignPositive",
  /** Incident was false positive */
  FalsePositive = "FalsePositive"
}

/**
 * Defines values for IncidentClassification. \
 * {@link KnownIncidentClassification} can be used interchangeably with IncidentClassification,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Undetermined**: Incident classification was undetermined \
 * **TruePositive**: Incident was true positive \
 * **BenignPositive**: Incident was benign positive \
 * **FalsePositive**: Incident was false positive
 */
export type IncidentClassification = string;

/** Known values of {@link IncidentClassificationReason} that the service accepts. */
export enum KnownIncidentClassificationReason {
  /** Classification reason was suspicious activity */
  SuspiciousActivity = "SuspiciousActivity",
  /** Classification reason was suspicious but expected */
  SuspiciousButExpected = "SuspiciousButExpected",
  /** Classification reason was incorrect alert logic */
  IncorrectAlertLogic = "IncorrectAlertLogic",
  /** Classification reason was inaccurate data */
  InaccurateData = "InaccurateData"
}

/**
 * Defines values for IncidentClassificationReason. \
 * {@link KnownIncidentClassificationReason} can be used interchangeably with IncidentClassificationReason,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **SuspiciousActivity**: Classification reason was suspicious activity \
 * **SuspiciousButExpected**: Classification reason was suspicious but expected \
 * **IncorrectAlertLogic**: Classification reason was incorrect alert logic \
 * **InaccurateData**: Classification reason was inaccurate data
 */
export type IncidentClassificationReason = string;

/** Known values of {@link IncidentLabelType} that the service accepts. */
export enum KnownIncidentLabelType {
  /** Label manually created by a user */
  User = "User",
  /** Label automatically created by the system */
  AutoAssigned = "AutoAssigned"
}

/**
 * Defines values for IncidentLabelType. \
 * {@link KnownIncidentLabelType} can be used interchangeably with IncidentLabelType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **User**: Label manually created by a user \
 * **AutoAssigned**: Label automatically created by the system
 */
export type IncidentLabelType = string;

/** Known values of {@link OwnerType} that the service accepts. */
export enum KnownOwnerType {
  /** The incident owner type is unknown */
  Unknown = "Unknown",
  /** The incident owner type is an AAD user */
  User = "User",
  /** The incident owner type is an AAD group */
  Group = "Group"
}

/**
 * Defines values for OwnerType. \
 * {@link KnownOwnerType} can be used interchangeably with OwnerType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: The incident owner type is unknown \
 * **User**: The incident owner type is an AAD user \
 * **Group**: The incident owner type is an AAD group
 */
export type OwnerType = string;

/** Known values of {@link IncidentStatus} that the service accepts. */
export enum KnownIncidentStatus {
  /** An active incident which isn't being handled currently */
  New = "New",
  /** An active incident which is being handled */
  Active = "Active",
  /** A non-active incident */
  Closed = "Closed"
}

/**
 * Defines values for IncidentStatus. \
 * {@link KnownIncidentStatus} can be used interchangeably with IncidentStatus,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **New**: An active incident which isn't being handled currently \
 * **Active**: An active incident which is being handled \
 * **Closed**: A non-active incident
 */
export type IncidentStatus = string;

/** Known values of {@link ConfidenceLevel} that the service accepts. */
export enum KnownConfidenceLevel {
  /** Unknown confidence, the is the default value */
  Unknown = "Unknown",
  /** Low confidence, meaning we have some doubts this is indeed malicious or part of an attack */
  Low = "Low",
  /** High confidence that the alert is true positive malicious */
  High = "High"
}

/**
 * Defines values for ConfidenceLevel. \
 * {@link KnownConfidenceLevel} can be used interchangeably with ConfidenceLevel,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: Unknown confidence, the is the default value \
 * **Low**: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack \
 * **High**: High confidence that the alert is true positive malicious
 */
export type ConfidenceLevel = string;

/** Known values of {@link ConfidenceScoreStatus} that the service accepts. */
export enum KnownConfidenceScoreStatus {
  /** Score will not be calculated for this alert as it is not supported by virtual analyst */
  NotApplicable = "NotApplicable",
  /** No score was set yet and calculation is in progress */
  InProcess = "InProcess",
  /** Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data */
  NotFinal = "NotFinal",
  /** Final score was calculated and available */
  Final = "Final"
}

/**
 * Defines values for ConfidenceScoreStatus. \
 * {@link KnownConfidenceScoreStatus} can be used interchangeably with ConfidenceScoreStatus,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **NotApplicable**: Score will not be calculated for this alert as it is not supported by virtual analyst \
 * **InProcess**: No score was set yet and calculation is in progress \
 * **NotFinal**: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data \
 * **Final**: Final score was calculated and available
 */
export type ConfidenceScoreStatus = string;

/** Known values of {@link KillChainIntent} that the service accepts. */
export enum KnownKillChainIntent {
  /** The default value. */
  Unknown = "Unknown",
  /** Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. */
  Probing = "Probing",
  /** Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. */
  Exploitation = "Exploitation",
  /** Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. */
  Persistence = "Persistence",
  /** Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. */
  PrivilegeEscalation = "PrivilegeEscalation",
  /** Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. */
  DefenseEvasion = "DefenseEvasion",
  /** Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. */
  CredentialAccess = "CredentialAccess",
  /** Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. */
  Discovery = "Discovery",
  /** Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. */
  LateralMovement = "LateralMovement",
  /** The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. */
  Execution = "Execution",
  /** Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */
  Collection = "Collection",
  /** Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. */
  Exfiltration = "Exfiltration",
  /** The command and control tactic represents how adversaries communicate with systems under their control within a target network. */
  CommandAndControl = "CommandAndControl",
  /** The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. */
  Impact = "Impact"
}

/**
 * Defines values for KillChainIntent. \
 * {@link KnownKillChainIntent} can be used interchangeably with KillChainIntent,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: The default value. \
 * **Probing**: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. \
 * **Exploitation**: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. \
 * **Persistence**: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. \
 * **PrivilegeEscalation**: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. \
 * **DefenseEvasion**: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation.  \
 * **CredentialAccess**: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. \
 * **Discovery**: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. \
 * **LateralMovement**: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. \
 * **Execution**: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. \
 * **Collection**: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \
 * **Exfiltration**: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. \
 * **CommandAndControl**: The command and control tactic represents how adversaries communicate with systems under their control within a target network. \
 * **Impact**: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.
 */
export type KillChainIntent = string;

/** Known values of {@link AlertSeverity} that the service accepts. */
export enum KnownAlertSeverity {
  /** High severity */
  High = "High",
  /** Medium severity */
  Medium = "Medium",
  /** Low severity */
  Low = "Low",
  /** Informational severity */
  Informational = "Informational"
}

/**
 * Defines values for AlertSeverity. \
 * {@link KnownAlertSeverity} can be used interchangeably with AlertSeverity,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **High**: High severity \
 * **Medium**: Medium severity \
 * **Low**: Low severity \
 * **Informational**: Informational severity
 */
export type AlertSeverity = string;

/** Known values of {@link AlertStatus} that the service accepts. */
export enum KnownAlertStatus {
  /** Unknown value */
  Unknown = "Unknown",
  /** New alert */
  New = "New",
  /** Alert closed after handling */
  Resolved = "Resolved",
  /** Alert dismissed as false positive */
  Dismissed = "Dismissed",
  /** Alert is being handled */
  InProgress = "InProgress"
}

/**
 * Defines values for AlertStatus. \
 * {@link KnownAlertStatus} can be used interchangeably with AlertStatus,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: Unknown value \
 * **New**: New alert \
 * **Resolved**: Alert closed after handling \
 * **Dismissed**: Alert dismissed as false positive \
 * **InProgress**: Alert is being handled
 */
export type AlertStatus = string;

/** Known values of {@link Kind} that the service accepts. */
export enum KnownKind {
  DataConnector = "DataConnector",
  DataType = "DataType",
  Workbook = "Workbook",
  WorkbookTemplate = "WorkbookTemplate",
  Playbook = "Playbook",
  PlaybookTemplate = "PlaybookTemplate",
  AnalyticsRuleTemplate = "AnalyticsRuleTemplate",
  AnalyticsRule = "AnalyticsRule",
  HuntingQuery = "HuntingQuery",
  InvestigationQuery = "InvestigationQuery",
  Parser = "Parser",
  Watchlist = "Watchlist",
  WatchlistTemplate = "WatchlistTemplate",
  Solution = "Solution",
  AzureFunction = "AzureFunction",
  LogicAppsCustomConnector = "LogicAppsCustomConnector",
  AutomationRule = "AutomationRule"
}

/**
 * Defines values for Kind. \
 * {@link KnownKind} can be used interchangeably with Kind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **DataConnector** \
 * **DataType** \
 * **Workbook** \
 * **WorkbookTemplate** \
 * **Playbook** \
 * **PlaybookTemplate** \
 * **AnalyticsRuleTemplate** \
 * **AnalyticsRule** \
 * **HuntingQuery** \
 * **InvestigationQuery** \
 * **Parser** \
 * **Watchlist** \
 * **WatchlistTemplate** \
 * **Solution** \
 * **AzureFunction** \
 * **LogicAppsCustomConnector** \
 * **AutomationRule**
 */
export type Kind = string;

/** Known values of {@link SourceKind} that the service accepts. */
export enum KnownSourceKind {
  LocalWorkspace = "LocalWorkspace",
  Community = "Community",
  Solution = "Solution",
  SourceRepository = "SourceRepository"
}

/**
 * Defines values for SourceKind. \
 * {@link KnownSourceKind} can be used interchangeably with SourceKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **LocalWorkspace** \
 * **Community** \
 * **Solution** \
 * **SourceRepository**
 */
export type SourceKind = string;

/** Known values of {@link SupportTier} that the service accepts. */
export enum KnownSupportTier {
  Microsoft = "Microsoft",
  Partner = "Partner",
  Community = "Community"
}

/**
 * Defines values for SupportTier. \
 * {@link KnownSupportTier} can be used interchangeably with SupportTier,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Microsoft** \
 * **Partner** \
 * **Community**
 */
export type SupportTier = string;

/** Known values of {@link Operator} that the service accepts. */
export enum KnownOperator {
  AND = "AND",
  OR = "OR"
}

/**
 * Defines values for Operator. \
 * {@link KnownOperator} can be used interchangeably with Operator,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **AND** \
 * **OR**
 */
export type Operator = string;

/** Known values of {@link SettingKind} that the service accepts. */
export enum KnownSettingKind {
  Anomalies = "Anomalies",
  EyesOn = "EyesOn",
  EntityAnalytics = "EntityAnalytics",
  Ueba = "Ueba"
}

/**
 * Defines values for SettingKind. \
 * {@link KnownSettingKind} can be used interchangeably with SettingKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Anomalies** \
 * **EyesOn** \
 * **EntityAnalytics** \
 * **Ueba**
 */
export type SettingKind = string;

/** Known values of {@link RepoType} that the service accepts. */
export enum KnownRepoType {
  Github = "Github",
  DevOps = "DevOps"
}

/**
 * Defines values for RepoType. \
 * {@link KnownRepoType} can be used interchangeably with RepoType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Github** \
 * **DevOps**
 */
export type RepoType = string;

/** Known values of {@link Version} that the service accepts. */
export enum KnownVersion {
  V1 = "V1",
  V2 = "V2"
}

/**
 * Defines values for Version. \
 * {@link KnownVersion} can be used interchangeably with Version,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **V1** \
 * **V2**
 */
export type Version = string;

/** Known values of {@link ContentType} that the service accepts. */
export enum KnownContentType {
  AnalyticRule = "AnalyticRule",
  Workbook = "Workbook"
}

/**
 * Defines values for ContentType. \
 * {@link KnownContentType} can be used interchangeably with ContentType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **AnalyticRule** \
 * **Workbook**
 */
export type ContentType = string;

/** Known values of {@link DeploymentFetchStatus} that the service accepts. */
export enum KnownDeploymentFetchStatus {
  Success = "Success",
  Unauthorized = "Unauthorized",
  NotFound = "NotFound"
}

/**
 * Defines values for DeploymentFetchStatus. \
 * {@link KnownDeploymentFetchStatus} can be used interchangeably with DeploymentFetchStatus,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Success** \
 * **Unauthorized** \
 * **NotFound**
 */
export type DeploymentFetchStatus = string;

/** Known values of {@link DeploymentState} that the service accepts. */
export enum KnownDeploymentState {
  InProgress = "In_Progress",
  Completed = "Completed",
  Queued = "Queued",
  Canceling = "Canceling"
}

/**
 * Defines values for DeploymentState. \
 * {@link KnownDeploymentState} can be used interchangeably with DeploymentState,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **In_Progress** \
 * **Completed** \
 * **Queued** \
 * **Canceling**
 */
export type DeploymentState = string;

/** Known values of {@link DeploymentResult} that the service accepts. */
export enum KnownDeploymentResult {
  Success = "Success",
  Canceled = "Canceled",
  Failed = "Failed"
}

/**
 * Defines values for DeploymentResult. \
 * {@link KnownDeploymentResult} can be used interchangeably with DeploymentResult,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Success** \
 * **Canceled** \
 * **Failed**
 */
export type DeploymentResult = string;

/** Known values of {@link ThreatIntelligenceResourceKindEnum} that the service accepts. */
export enum KnownThreatIntelligenceResourceKindEnum {
  /** Entity represents threat intelligence indicator in the system. */
  Indicator = "indicator"
}

/**
 * Defines values for ThreatIntelligenceResourceKindEnum. \
 * {@link KnownThreatIntelligenceResourceKindEnum} can be used interchangeably with ThreatIntelligenceResourceKindEnum,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **indicator**: Entity represents threat intelligence indicator in the system.
 */
export type ThreatIntelligenceResourceKindEnum = string;

/** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */
export enum KnownThreatIntelligenceSortingCriteriaEnum {
  Unsorted = "unsorted",
  Ascending = "ascending",
  Descending = "descending"
}

/**
 * Defines values for ThreatIntelligenceSortingCriteriaEnum. \
 * {@link KnownThreatIntelligenceSortingCriteriaEnum} can be used interchangeably with ThreatIntelligenceSortingCriteriaEnum,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **unsorted** \
 * **ascending** \
 * **descending**
 */
export type ThreatIntelligenceSortingCriteriaEnum = string;

/** Known values of {@link SourceType} that the service accepts. */
export enum KnownSourceType {
  LocalFile = "Local file",
  RemoteStorage = "Remote storage"
}

/**
 * Defines values for SourceType. \
 * {@link KnownSourceType} can be used interchangeably with SourceType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Local file** \
 * **Remote storage**
 */
export type SourceType = string;

/** Known values of {@link DataConnectorKind} that the service accepts. */
export enum KnownDataConnectorKind {
  AzureActiveDirectory = "AzureActiveDirectory",
  AzureSecurityCenter = "AzureSecurityCenter",
  MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity",
  ThreatIntelligence = "ThreatIntelligence",
  ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii",
  Office365 = "Office365",
  OfficeATP = "OfficeATP",
  OfficeIRM = "OfficeIRM",
  Office365Project = "Office365Project",
  OfficePowerBI = "OfficePowerBI",
  AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail",
  AmazonWebServicesS3 = "AmazonWebServicesS3",
  AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection",
  MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection",
  Dynamics365 = "Dynamics365",
  MicrosoftThreatProtection = "MicrosoftThreatProtection",
  MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence",
  GenericUI = "GenericUI",
  APIPolling = "APIPolling",
  IOT = "IOT"
}

/**
 * Defines values for DataConnectorKind. \
 * {@link KnownDataConnectorKind} can be used interchangeably with DataConnectorKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **AzureActiveDirectory** \
 * **AzureSecurityCenter** \
 * **MicrosoftCloudAppSecurity** \
 * **ThreatIntelligence** \
 * **ThreatIntelligenceTaxii** \
 * **Office365** \
 * **OfficeATP** \
 * **OfficeIRM** \
 * **Office365Project** \
 * **OfficePowerBI** \
 * **AmazonWebServicesCloudTrail** \
 * **AmazonWebServicesS3** \
 * **AzureAdvancedThreatProtection** \
 * **MicrosoftDefenderAdvancedThreatProtection** \
 * **Dynamics365** \
 * **MicrosoftThreatProtection** \
 * **MicrosoftThreatIntelligence** \
 * **GenericUI** \
 * **APIPolling** \
 * **IOT**
 */
export type DataConnectorKind = string;

/** Known values of {@link ConnectAuthKind} that the service accepts. */
export enum KnownConnectAuthKind {
  Basic = "Basic",
  OAuth2 = "OAuth2",
  APIKey = "APIKey"
}

/**
 * Defines values for ConnectAuthKind. \
 * {@link KnownConnectAuthKind} can be used interchangeably with ConnectAuthKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Basic** \
 * **OAuth2** \
 * **APIKey**
 */
export type ConnectAuthKind = string;

/** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */
export enum KnownDataConnectorAuthorizationState {
  Valid = "Valid",
  Invalid = "Invalid"
}

/**
 * Defines values for DataConnectorAuthorizationState. \
 * {@link KnownDataConnectorAuthorizationState} can be used interchangeably with DataConnectorAuthorizationState,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Valid** \
 * **Invalid**
 */
export type DataConnectorAuthorizationState = string;

/** Known values of {@link DataConnectorLicenseState} that the service accepts. */
export enum KnownDataConnectorLicenseState {
  Valid = "Valid",
  Invalid = "Invalid",
  Unknown = "Unknown"
}

/**
 * Defines values for DataConnectorLicenseState. \
 * {@link KnownDataConnectorLicenseState} can be used interchangeably with DataConnectorLicenseState,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Valid** \
 * **Invalid** \
 * **Unknown**
 */
export type DataConnectorLicenseState = string;

/** Known values of {@link TemplateStatus} that the service accepts. */
export enum KnownTemplateStatus {
  /** Alert rule template installed. and can not use more then once */
  Installed = "Installed",
  /** Alert rule template is available. */
  Available = "Available",
  /** Alert rule template is not available */
  NotAvailable = "NotAvailable"
}

/**
 * Defines values for TemplateStatus. \
 * {@link KnownTemplateStatus} can be used interchangeably with TemplateStatus,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Installed**: Alert rule template installed. and can not use more then once \
 * **Available**: Alert rule template is available. \
 * **NotAvailable**: Alert rule template is not available
 */
export type TemplateStatus = string;

/** Known values of {@link EntityMappingType} that the service accepts. */
export enum KnownEntityMappingType {
  /** User account entity type */
  Account = "Account",
  /** Host entity type */
  Host = "Host",
  /** IP address entity type */
  IP = "IP",
  /** Malware entity type */
  Malware = "Malware",
  /** System file entity type */
  File = "File",
  /** Process entity type */
  Process = "Process",
  /** Cloud app entity type */
  CloudApplication = "CloudApplication",
  /** DNS entity type */
  DNS = "DNS",
  /** Azure resource entity type */
  AzureResource = "AzureResource",
  /** File-hash entity type */
  FileHash = "FileHash",
  /** Registry key entity type */
  RegistryKey = "RegistryKey",
  /** Registry value entity type */
  RegistryValue = "RegistryValue",
  /** Security group entity type */
  SecurityGroup = "SecurityGroup",
  /** URL entity type */
  URL = "URL",
  /** Mailbox entity type */
  Mailbox = "Mailbox",
  /** Mail cluster entity type */
  MailCluster = "MailCluster",
  /** Mail message entity type */
  MailMessage = "MailMessage",
  /** Submission mail entity type */
  SubmissionMail = "SubmissionMail"
}

/**
 * Defines values for EntityMappingType. \
 * {@link KnownEntityMappingType} can be used interchangeably with EntityMappingType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Account**: User account entity type \
 * **Host**: Host entity type \
 * **IP**: IP address entity type \
 * **Malware**: Malware entity type \
 * **File**: System file entity type \
 * **Process**: Process entity type \
 * **CloudApplication**: Cloud app entity type \
 * **DNS**: DNS entity type \
 * **AzureResource**: Azure resource entity type \
 * **FileHash**: File-hash entity type \
 * **RegistryKey**: Registry key entity type \
 * **RegistryValue**: Registry value entity type \
 * **SecurityGroup**: Security group entity type \
 * **URL**: URL entity type \
 * **Mailbox**: Mailbox entity type \
 * **MailCluster**: Mail cluster entity type \
 * **MailMessage**: Mail message entity type \
 * **SubmissionMail**: Submission mail entity type
 */
export type EntityMappingType = string;

/** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */
export enum KnownMicrosoftSecurityProductName {
  MicrosoftCloudAppSecurity = "Microsoft Cloud App Security",
  AzureSecurityCenter = "Azure Security Center",
  AzureAdvancedThreatProtection = "Azure Advanced Threat Protection",
  AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection",
  AzureSecurityCenterForIoT = "Azure Security Center for IoT",
  Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection",
  MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection"
}

/**
 * Defines values for MicrosoftSecurityProductName. \
 * {@link KnownMicrosoftSecurityProductName} can be used interchangeably with MicrosoftSecurityProductName,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Microsoft Cloud App Security** \
 * **Azure Security Center** \
 * **Azure Advanced Threat Protection** \
 * **Azure Active Directory Identity Protection** \
 * **Azure Security Center for IoT** \
 * **Office 365 Advanced Threat Protection** \
 * **Microsoft Defender Advanced Threat Protection**
 */
export type MicrosoftSecurityProductName = string;

/** Known values of {@link MatchingMethod} that the service accepts. */
export enum KnownMatchingMethod {
  /** Grouping alerts into a single incident if all the entities match */
  AllEntities = "AllEntities",
  /** Grouping any alerts triggered by this rule into a single incident */
  AnyAlert = "AnyAlert",
  /** Grouping alerts into a single incident if the selected entities, custom details and alert details match */
  Selected = "Selected"
}

/**
 * Defines values for MatchingMethod. \
 * {@link KnownMatchingMethod} can be used interchangeably with MatchingMethod,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **AllEntities**: Grouping alerts into a single incident if all the entities match \
 * **AnyAlert**: Grouping any alerts triggered by this rule into a single incident \
 * **Selected**: Grouping alerts into a single incident if the selected entities, custom details and alert details match
 */
export type MatchingMethod = string;

/** Known values of {@link AlertDetail} that the service accepts. */
export enum KnownAlertDetail {
  /** Alert display name */
  DisplayName = "DisplayName",
  /** Alert severity */
  Severity = "Severity"
}

/**
 * Defines values for AlertDetail. \
 * {@link KnownAlertDetail} can be used interchangeably with AlertDetail,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **DisplayName**: Alert display name \
 * **Severity**: Alert severity
 */
export type AlertDetail = string;

/** Known values of {@link EventGroupingAggregationKind} that the service accepts. */
export enum KnownEventGroupingAggregationKind {
  SingleAlert = "SingleAlert",
  AlertPerResult = "AlertPerResult"
}

/**
 * Defines values for EventGroupingAggregationKind. \
 * {@link KnownEventGroupingAggregationKind} can be used interchangeably with EventGroupingAggregationKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **SingleAlert** \
 * **AlertPerResult**
 */
export type EventGroupingAggregationKind = string;

/** Known values of {@link AutomationRulePropertyConditionSupportedProperty} that the service accepts. */
export enum KnownAutomationRulePropertyConditionSupportedProperty {
  /** The title of the incident */
  IncidentTitle = "IncidentTitle",
  /** The description of the incident */
  IncidentDescription = "IncidentDescription",
  /** The severity of the incident */
  IncidentSeverity = "IncidentSeverity",
  /** The status of the incident */
  IncidentStatus = "IncidentStatus",
  /** The related Analytic rule ids of the incident */
  IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds",
  /** The tactics of the incident */
  IncidentTactics = "IncidentTactics",
  /** The labels of the incident */
  IncidentLabel = "IncidentLabel",
  /** The provider name of the incident */
  IncidentProviderName = "IncidentProviderName",
  /** The account Azure Active Directory tenant id */
  AccountAadTenantId = "AccountAadTenantId",
  /** The account Azure Active Directory user id */
  AccountAadUserId = "AccountAadUserId",
  /** The account name */
  AccountName = "AccountName",
  /** The account NetBIOS domain name */
  AccountNTDomain = "AccountNTDomain",
  /** The account Azure Active Directory Passport User ID */
  AccountPuid = "AccountPUID",
  /** The account security identifier */
  AccountSid = "AccountSid",
  /** The account unique identifier */
  AccountObjectGuid = "AccountObjectGuid",
  /** The account user principal name suffix */
  AccountUPNSuffix = "AccountUPNSuffix",
  /** The name of the product of the alert */
  AlertProductNames = "AlertProductNames",
  /** The Azure resource id */
  AzureResourceResourceId = "AzureResourceResourceId",
  /** The Azure resource subscription id */
  AzureResourceSubscriptionId = "AzureResourceSubscriptionId",
  /** The cloud application identifier */
  CloudApplicationAppId = "CloudApplicationAppId",
  /** The cloud application name */
  CloudApplicationAppName = "CloudApplicationAppName",
  /** The dns record domain name */
  DNSDomainName = "DNSDomainName",
  /** The file directory full path */
  FileDirectory = "FileDirectory",
  /** The file name without path */
  FileName = "FileName",
  /** The file hash value */
  FileHashValue = "FileHashValue",
  /** The host Azure resource id */
  HostAzureID = "HostAzureID",
  /** The host name without domain */
  HostName = "HostName",
  /** The host NetBIOS name */
  HostNetBiosName = "HostNetBiosName",
  /** The host NT domain */
  HostNTDomain = "HostNTDomain",
  /** The host operating system */
  HostOSVersion = "HostOSVersion",
  /** "The IoT device id */
  IoTDeviceId = "IoTDeviceId",
  /** The IoT device name */
  IoTDeviceName = "IoTDeviceName",
  /** The IoT device type */
  IoTDeviceType = "IoTDeviceType",
  /** The IoT device vendor */
  IoTDeviceVendor = "IoTDeviceVendor",
  /** The IoT device model */
  IoTDeviceModel = "IoTDeviceModel",
  /** The IoT device operating system */
  IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem",
  /** The IP address */
  IPAddress = "IPAddress",
  /** The mailbox display name */
  MailboxDisplayName = "MailboxDisplayName",
  /** The mailbox primary address */
  MailboxPrimaryAddress = "MailboxPrimaryAddress",
  /** The mailbox user principal name */
  MailboxUPN = "MailboxUPN",
  /** The mail message delivery action */
  MailMessageDeliveryAction = "MailMessageDeliveryAction",
  /** The mail message delivery location */
  MailMessageDeliveryLocation = "MailMessageDeliveryLocation",
  /** The mail message recipient */
  MailMessageRecipient = "MailMessageRecipient",
  /** The mail message sender IP address */
  MailMessageSenderIP = "MailMessageSenderIP",
  /** The mail message subject */
  MailMessageSubject = "MailMessageSubject",
  /** The mail message P1 sender */
  MailMessageP1Sender = "MailMessageP1Sender",
  /** The mail message P2 sender */
  MailMessageP2Sender = "MailMessageP2Sender",
  /** The malware category */
  MalwareCategory = "MalwareCategory",
  /** The malware name */
  MalwareName = "MalwareName",
  /** The process execution command line */
  ProcessCommandLine = "ProcessCommandLine",
  /** The process id */
  ProcessId = "ProcessId",
  /** The registry key path */
  RegistryKey = "RegistryKey",
  /** The registry key value in string formatted representation */
  RegistryValueData = "RegistryValueData",
  /** The url */
  Url = "Url"
}

/**
 * Defines values for AutomationRulePropertyConditionSupportedProperty. \
 * {@link KnownAutomationRulePropertyConditionSupportedProperty} can be used interchangeably with AutomationRulePropertyConditionSupportedProperty,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **IncidentTitle**: The title of the incident \
 * **IncidentDescription**: The description of the incident \
 * **IncidentSeverity**: The severity of the incident \
 * **IncidentStatus**: The status of the incident \
 * **IncidentRelatedAnalyticRuleIds**: The related Analytic rule ids of the incident \
 * **IncidentTactics**: The tactics of the incident \
 * **IncidentLabel**: The labels of the incident \
 * **IncidentProviderName**: The provider name of the incident \
 * **AccountAadTenantId**: The account Azure Active Directory tenant id \
 * **AccountAadUserId**: The account Azure Active Directory user id \
 * **AccountName**: The account name \
 * **AccountNTDomain**: The account NetBIOS domain name \
 * **AccountPUID**: The account Azure Active Directory Passport User ID \
 * **AccountSid**: The account security identifier \
 * **AccountObjectGuid**: The account unique identifier \
 * **AccountUPNSuffix**: The account user principal name suffix \
 * **AlertProductNames**: The name of the product of the alert \
 * **AzureResourceResourceId**: The Azure resource id \
 * **AzureResourceSubscriptionId**: The Azure resource subscription id \
 * **CloudApplicationAppId**: The cloud application identifier \
 * **CloudApplicationAppName**: The cloud application name \
 * **DNSDomainName**: The dns record domain name \
 * **FileDirectory**: The file directory full path \
 * **FileName**: The file name without path \
 * **FileHashValue**: The file hash value \
 * **HostAzureID**: The host Azure resource id \
 * **HostName**: The host name without domain \
 * **HostNetBiosName**: The host NetBIOS name \
 * **HostNTDomain**: The host NT domain \
 * **HostOSVersion**: The host operating system \
 * **IoTDeviceId**: "The IoT device id \
 * **IoTDeviceName**: The IoT device name \
 * **IoTDeviceType**: The IoT device type \
 * **IoTDeviceVendor**: The IoT device vendor \
 * **IoTDeviceModel**: The IoT device model \
 * **IoTDeviceOperatingSystem**: The IoT device operating system \
 * **IPAddress**: The IP address \
 * **MailboxDisplayName**: The mailbox display name \
 * **MailboxPrimaryAddress**: The mailbox primary address \
 * **MailboxUPN**: The mailbox user principal name \
 * **MailMessageDeliveryAction**: The mail message delivery action \
 * **MailMessageDeliveryLocation**: The mail message delivery location \
 * **MailMessageRecipient**: The mail message recipient \
 * **MailMessageSenderIP**: The mail message sender IP address \
 * **MailMessageSubject**: The mail message subject \
 * **MailMessageP1Sender**: The mail message P1 sender \
 * **MailMessageP2Sender**: The mail message P2 sender \
 * **MalwareCategory**: The malware category \
 * **MalwareName**: The malware name \
 * **ProcessCommandLine**: The process execution command line \
 * **ProcessId**: The process id \
 * **RegistryKey**: The registry key path \
 * **RegistryValueData**: The registry key value in string formatted representation \
 * **Url**: The url
 */
export type AutomationRulePropertyConditionSupportedProperty = string;

/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */
export enum KnownAutomationRulePropertyConditionSupportedOperator {
  /** Evaluates if the property equals at least one of the condition values */
  Equals = "Equals",
  /** Evaluates if the property does not equal any of the condition values */
  NotEquals = "NotEquals",
  /** Evaluates if the property contains at least one of the condition values */
  Contains = "Contains",
  /** Evaluates if the property does not contain any of the condition values */
  NotContains = "NotContains",
  /** Evaluates if the property starts with any of the condition values */
  StartsWith = "StartsWith",
  /** Evaluates if the property does not start with any of the condition values */
  NotStartsWith = "NotStartsWith",
  /** Evaluates if the property ends with any of the condition values */
  EndsWith = "EndsWith",
  /** Evaluates if the property does not end with any of the condition values */
  NotEndsWith = "NotEndsWith"
}

/**
 * Defines values for AutomationRulePropertyConditionSupportedOperator. \
 * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Equals**: Evaluates if the property equals at least one of the condition values \
 * **NotEquals**: Evaluates if the property does not equal any of the condition values \
 * **Contains**: Evaluates if the property contains at least one of the condition values \
 * **NotContains**: Evaluates if the property does not contain any of the condition values \
 * **StartsWith**: Evaluates if the property starts with any of the condition values \
 * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \
 * **EndsWith**: Evaluates if the property ends with any of the condition values \
 * **NotEndsWith**: Evaluates if the property does not end with any of the condition values
 */
export type AutomationRulePropertyConditionSupportedOperator = string;

/** Known values of {@link EntityType} that the service accepts. */
export enum KnownEntityType {
  /** Entity represents account in the system. */
  Account = "Account",
  /** Entity represents host in the system. */
  Host = "Host",
  /** Entity represents file in the system. */
  File = "File",
  /** Entity represents azure resource in the system. */
  AzureResource = "AzureResource",
  /** Entity represents cloud application in the system. */
  CloudApplication = "CloudApplication",
  /** Entity represents dns in the system. */
  DNS = "DNS",
  /** Entity represents file hash in the system. */
  FileHash = "FileHash",
  /** Entity represents ip in the system. */
  IP = "IP",
  /** Entity represents malware in the system. */
  Malware = "Malware",
  /** Entity represents process in the system. */
  Process = "Process",
  /** Entity represents registry key in the system. */
  RegistryKey = "RegistryKey",
  /** Entity represents registry value in the system. */
  RegistryValue = "RegistryValue",
  /** Entity represents security group in the system. */
  SecurityGroup = "SecurityGroup",
  /** Entity represents url in the system. */
  URL = "URL",
  /** Entity represents IoT device in the system. */
  IoTDevice = "IoTDevice",
  /** Entity represents security alert in the system. */
  SecurityAlert = "SecurityAlert",
  /** Entity represents HuntingBookmark in the system. */
  HuntingBookmark = "HuntingBookmark",
  /** Entity represents mail cluster in the system. */
  MailCluster = "MailCluster",
  /** Entity represents mail message in the system. */
  MailMessage = "MailMessage",
  /** Entity represents mailbox in the system. */
  Mailbox = "Mailbox",
  /** Entity represents submission mail in the system. */
  SubmissionMail = "SubmissionMail"
}

/**
 * Defines values for EntityType. \
 * {@link KnownEntityType} can be used interchangeably with EntityType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Account**: Entity represents account in the system. \
 * **Host**: Entity represents host in the system. \
 * **File**: Entity represents file in the system. \
 * **AzureResource**: Entity represents azure resource in the system. \
 * **CloudApplication**: Entity represents cloud application in the system. \
 * **DNS**: Entity represents dns in the system. \
 * **FileHash**: Entity represents file hash in the system. \
 * **IP**: Entity represents ip in the system. \
 * **Malware**: Entity represents malware in the system. \
 * **Process**: Entity represents process in the system. \
 * **RegistryKey**: Entity represents registry key in the system. \
 * **RegistryValue**: Entity represents registry value in the system. \
 * **SecurityGroup**: Entity represents security group in the system. \
 * **URL**: Entity represents url in the system. \
 * **IoTDevice**: Entity represents IoT device in the system. \
 * **SecurityAlert**: Entity represents security alert in the system. \
 * **HuntingBookmark**: Entity represents HuntingBookmark in the system. \
 * **MailCluster**: Entity represents mail cluster in the system. \
 * **MailMessage**: Entity represents mail message in the system. \
 * **Mailbox**: Entity represents mailbox in the system. \
 * **SubmissionMail**: Entity represents submission mail in the system.
 */
export type EntityType = string;

/** Known values of {@link OutputType} that the service accepts. */
export enum KnownOutputType {
  Number = "Number",
  String = "String",
  Date = "Date",
  Entity = "Entity"
}

/**
 * Defines values for OutputType. \
 * {@link KnownOutputType} can be used interchangeably with OutputType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Number** \
 * **String** \
 * **Date** \
 * **Entity**
 */
export type OutputType = string;

/** Known values of {@link UebaDataSources} that the service accepts. */
export enum KnownUebaDataSources {
  AuditLogs = "AuditLogs",
  AzureActivity = "AzureActivity",
  SecurityEvent = "SecurityEvent",
  SigninLogs = "SigninLogs"
}

/**
 * Defines values for UebaDataSources. \
 * {@link KnownUebaDataSources} can be used interchangeably with UebaDataSources,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **AuditLogs** \
 * **AzureActivity** \
 * **SecurityEvent** \
 * **SigninLogs**
 */
export type UebaDataSources = string;

/** Known values of {@link SkuKind} that the service accepts. */
export enum KnownSkuKind {
  PerGB = "PerGB",
  CapacityReservation = "CapacityReservation"
}

/**
 * Defines values for SkuKind. \
 * {@link KnownSkuKind} can be used interchangeably with SkuKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **PerGB** \
 * **CapacityReservation**
 */
export type SkuKind = string;

/** Known values of {@link DataTypeState} that the service accepts. */
export enum KnownDataTypeState {
  Enabled = "Enabled",
  Disabled = "Disabled"
}

/**
 * Defines values for DataTypeState. \
 * {@link KnownDataTypeState} can be used interchangeably with DataTypeState,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Enabled** \
 * **Disabled**
 */
export type DataTypeState = string;

/** Known values of {@link PollingFrequency} that the service accepts. */
export enum KnownPollingFrequency {
  /** Once a minute */
  OnceAMinute = "OnceAMinute",
  /** Once an hour */
  OnceAnHour = "OnceAnHour",
  /** Once a day */
  OnceADay = "OnceADay"
}

/**
 * Defines values for PollingFrequency. \
 * {@link KnownPollingFrequency} can be used interchangeably with PollingFrequency,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **OnceAMinute**: Once a minute \
 * **OnceAnHour**: Once an hour \
 * **OnceADay**: Once a day
 */
export type PollingFrequency = string;

/** Known values of {@link ConnectivityType} that the service accepts. */
export enum KnownConnectivityType {
  IsConnectedQuery = "IsConnectedQuery"
}

/**
 * Defines values for ConnectivityType. \
 * {@link KnownConnectivityType} can be used interchangeably with ConnectivityType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **IsConnectedQuery**
 */
export type ConnectivityType = string;

/** Known values of {@link ProviderName} that the service accepts. */
export enum KnownProviderName {
  MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions",
  MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces",
  MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources",
  MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings",
  MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys",
  MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments"
}

/**
 * Defines values for ProviderName. \
 * {@link KnownProviderName} can be used interchangeably with ProviderName,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Microsoft.OperationalInsights\/solutions** \
 * **Microsoft.OperationalInsights\/workspaces** \
 * **Microsoft.OperationalInsights\/workspaces\/datasources** \
 * **microsoft.aadiam\/diagnosticSettings** \
 * **Microsoft.OperationalInsights\/workspaces\/sharedKeys** \
 * **Microsoft.Authorization\/policyAssignments**
 */
export type ProviderName = string;

/** Known values of {@link PermissionProviderScope} that the service accepts. */
export enum KnownPermissionProviderScope {
  ResourceGroup = "ResourceGroup",
  Subscription = "Subscription",
  Workspace = "Workspace"
}

/**
 * Defines values for PermissionProviderScope. \
 * {@link KnownPermissionProviderScope} can be used interchangeably with PermissionProviderScope,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **ResourceGroup** \
 * **Subscription** \
 * **Workspace**
 */
export type PermissionProviderScope = string;

/** Known values of {@link SettingType} that the service accepts. */
export enum KnownSettingType {
  CopyableLabel = "CopyableLabel",
  InstructionStepsGroup = "InstructionStepsGroup",
  InfoMessage = "InfoMessage"
}

/**
 * Defines values for SettingType. \
 * {@link KnownSettingType} can be used interchangeably with SettingType,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **CopyableLabel** \
 * **InstructionStepsGroup** \
 * **InfoMessage**
 */
export type SettingType = string;

/** Known values of {@link FileHashAlgorithm} that the service accepts. */
export enum KnownFileHashAlgorithm {
  /** Unknown hash algorithm */
  Unknown = "Unknown",
  /** MD5 hash type */
  MD5 = "MD5",
  /** SHA1 hash type */
  SHA1 = "SHA1",
  /** SHA256 hash type */
  SHA256 = "SHA256",
  /** SHA256 Authenticode hash type */
  SHA256AC = "SHA256AC"
}

/**
 * Defines values for FileHashAlgorithm. \
 * {@link KnownFileHashAlgorithm} can be used interchangeably with FileHashAlgorithm,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: Unknown hash algorithm \
 * **MD5**: MD5 hash type \
 * **SHA1**: SHA1 hash type \
 * **SHA256**: SHA256 hash type \
 * **SHA256AC**: SHA256 Authenticode hash type
 */
export type FileHashAlgorithm = string;

/** Known values of {@link AntispamMailDirection} that the service accepts. */
export enum KnownAntispamMailDirection {
  /** Unknown */
  Unknown = "Unknown",
  /** Inbound */
  Inbound = "Inbound",
  /** Outbound */
  Outbound = "Outbound",
  /** Intraorg */
  Intraorg = "Intraorg"
}

/**
 * Defines values for AntispamMailDirection. \
 * {@link KnownAntispamMailDirection} can be used interchangeably with AntispamMailDirection,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **Unknown**: Unknown \
 * **Inbound**: Inbound \
 * **Outbound**: Outbound \
 * **Intraorg**: Intraorg
 */
export type AntispamMailDirection = string;

/** Known values of {@link RegistryHive} that the service accepts. */
export enum KnownRegistryHive {
  /** HKEY_LOCAL_MACHINE */
  HkeyLocalMachine = "HKEY_LOCAL_MACHINE",
  /** HKEY_CLASSES_ROOT */
  HkeyClassesRoot = "HKEY_CLASSES_ROOT",
  /** HKEY_CURRENT_CONFIG */
  HkeyCurrentConfig = "HKEY_CURRENT_CONFIG",
  /** HKEY_USERS */
  HkeyUsers = "HKEY_USERS",
  /** HKEY_CURRENT_USER_LOCAL_SETTINGS */
  HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS",
  /** HKEY_PERFORMANCE_DATA */
  HkeyPerformanceData = "HKEY_PERFORMANCE_DATA",
  /** HKEY_PERFORMANCE_NLSTEXT */
  HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT",
  /** HKEY_PERFORMANCE_TEXT */
  HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT",
  /** HKEY_A */
  HkeyA = "HKEY_A",
  /** HKEY_CURRENT_USER */
  HkeyCurrentUser = "HKEY_CURRENT_USER"
}

/**
 * Defines values for RegistryHive. \
 * {@link KnownRegistryHive} can be used interchangeably with RegistryHive,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **HKEY_LOCAL_MACHINE**: HKEY_LOCAL_MACHINE \
 * **HKEY_CLASSES_ROOT**: HKEY_CLASSES_ROOT \
 * **HKEY_CURRENT_CONFIG**: HKEY_CURRENT_CONFIG \
 * **HKEY_USERS**: HKEY_USERS \
 * **HKEY_CURRENT_USER_LOCAL_SETTINGS**: HKEY_CURRENT_USER_LOCAL_SETTINGS \
 * **HKEY_PERFORMANCE_DATA**: HKEY_PERFORMANCE_DATA \
 * **HKEY_PERFORMANCE_NLSTEXT**: HKEY_PERFORMANCE_NLSTEXT \
 * **HKEY_PERFORMANCE_TEXT**: HKEY_PERFORMANCE_TEXT \
 * **HKEY_A**: HKEY_A \
 * **HKEY_CURRENT_USER**: HKEY_CURRENT_USER
 */
export type RegistryHive = string;

/** Known values of {@link RegistryValueKind} that the service accepts. */
export enum KnownRegistryValueKind {
  /** None */
  None = "None",
  /** Unknown value type */
  Unknown = "Unknown",
  /** String value type */
  String = "String",
  /** ExpandString value type */
  ExpandString = "ExpandString",
  /** Binary value type */
  Binary = "Binary",
  /** DWord value type */
  DWord = "DWord",
  /** MultiString value type */
  MultiString = "MultiString",
  /** QWord value type */
  QWord = "QWord"
}

/**
 * Defines values for RegistryValueKind. \
 * {@link KnownRegistryValueKind} can be used interchangeably with RegistryValueKind,
 *  this enum contains the known values that the service supports.
 * ### Known values supported by the service
 * **None**: None \
 * **Unknown**: Unknown value type \
 * **String**: String value type \
 * **ExpandString**: ExpandString value type \
 * **Binary**: Binary value type \
 * **DWord**: DWord value type \
 * **MultiString**: MultiString value type \
 * **QWord**: QWord value type
 */
export type RegistryValueKind = string;
/** Defines values for TriggerOperator. */
export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual";
/** Defines values for OSFamily. */
export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown";
/** Defines values for DeliveryAction. */
export type DeliveryAction =
  | "Unknown"
  | "DeliveredAsSpam"
  | "Delivered"
  | "Blocked"
  | "Replaced";
/** Defines values for DeliveryLocation. */
export type DeliveryLocation =
  | "Unknown"
  | "Inbox"
  | "JunkFolder"
  | "DeletedFolder"
  | "Quarantine"
  | "External"
  | "Failed"
  | "Dropped"
  | "Forwarded";
/** Defines values for ElevationToken. */
export type ElevationToken = "Default" | "Full" | "Limited";

/** Optional parameters. */
export interface AlertRulesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type AlertRulesListResponse = AlertRulesList;

/** Optional parameters. */
export interface AlertRulesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type AlertRulesGetResponse = AlertRuleUnion;

/** Optional parameters. */
export interface AlertRulesCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion;

/** Optional parameters. */
export interface AlertRulesDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface AlertRulesListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type AlertRulesListNextResponse = AlertRulesList;

/** Optional parameters. */
export interface ActionsListByAlertRuleOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listByAlertRule operation. */
export type ActionsListByAlertRuleResponse = ActionsList;

/** Optional parameters. */
export interface ActionsGetOptionalParams extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type ActionsGetResponse = ActionResponse;

/** Optional parameters. */
export interface ActionsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type ActionsCreateOrUpdateResponse = ActionResponse;

/** Optional parameters. */
export interface ActionsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface ActionsListByAlertRuleNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listByAlertRuleNext operation. */
export type ActionsListByAlertRuleNextResponse = ActionsList;

/** Optional parameters. */
export interface AlertRuleTemplatesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList;

/** Optional parameters. */
export interface AlertRuleTemplatesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion;

/** Optional parameters. */
export interface AlertRuleTemplatesListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList;

/** Optional parameters. */
export interface AutomationRulesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type AutomationRulesGetResponse = AutomationRule;

/** Optional parameters. */
export interface AutomationRulesCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {
  /** The automation rule */
  automationRuleToUpsert?: AutomationRule;
}

/** Contains response data for the createOrUpdate operation. */
export type AutomationRulesCreateOrUpdateResponse = AutomationRule;

/** Optional parameters. */
export interface AutomationRulesDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the delete operation. */
export type AutomationRulesDeleteResponse = Record<string, unknown>;

/** Optional parameters. */
export interface AutomationRulesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type AutomationRulesListResponse = AutomationRulesList;

/** Optional parameters. */
export interface AutomationRulesListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type AutomationRulesListNextResponse = AutomationRulesList;

/** Optional parameters. */
export interface IncidentsRunPlaybookOptionalParams
  extends coreClient.OperationOptions {
  requestBody?: ManualTriggerRequestBody;
}

/** Contains response data for the runPlaybook operation. */
export type IncidentsRunPlaybookResponse = Record<string, unknown>;

/** Optional parameters. */
export interface IncidentsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type IncidentsListResponse = IncidentList;

/** Optional parameters. */
export interface IncidentsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type IncidentsGetResponse = Incident;

/** Optional parameters. */
export interface IncidentsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type IncidentsCreateOrUpdateResponse = Incident;

/** Optional parameters. */
export interface IncidentsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface IncidentsCreateTeamOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createTeam operation. */
export type IncidentsCreateTeamResponse = TeamInformation;

/** Optional parameters. */
export interface IncidentsListAlertsOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listAlerts operation. */
export type IncidentsListAlertsResponse = IncidentAlertList;

/** Optional parameters. */
export interface IncidentsListBookmarksOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listBookmarks operation. */
export type IncidentsListBookmarksResponse = IncidentBookmarkList;

/** Optional parameters. */
export interface IncidentsListEntitiesOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listEntities operation. */
export type IncidentsListEntitiesResponse = IncidentEntitiesResponse;

/** Optional parameters. */
export interface IncidentsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type IncidentsListNextResponse = IncidentList;

/** Optional parameters. */
export interface BookmarksListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type BookmarksListResponse = BookmarkList;

/** Optional parameters. */
export interface BookmarksGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type BookmarksGetResponse = Bookmark;

/** Optional parameters. */
export interface BookmarksCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type BookmarksCreateOrUpdateResponse = Bookmark;

/** Optional parameters. */
export interface BookmarksDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface BookmarksListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type BookmarksListNextResponse = BookmarkList;

/** Optional parameters. */
export interface BookmarkRelationsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type BookmarkRelationsListResponse = RelationList;

/** Optional parameters. */
export interface BookmarkRelationsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type BookmarkRelationsGetResponse = Relation;

/** Optional parameters. */
export interface BookmarkRelationsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type BookmarkRelationsCreateOrUpdateResponse = Relation;

/** Optional parameters. */
export interface BookmarkRelationsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface BookmarkRelationsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type BookmarkRelationsListNextResponse = RelationList;

/** Optional parameters. */
export interface BookmarkExpandOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the expand operation. */
export type BookmarkExpandOperationResponse = BookmarkExpandResponse;

/** Optional parameters. */
export interface IPGeodataGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type IPGeodataGetResponse = EnrichmentIpGeodata;

/** Optional parameters. */
export interface DomainWhoisGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type DomainWhoisGetResponse = EnrichmentDomainWhois;

/** Optional parameters. */
export interface EntitiesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type EntitiesListResponse = EntityList;

/** Optional parameters. */
export interface EntitiesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type EntitiesGetResponse = EntityUnion;

/** Optional parameters. */
export interface EntitiesExpandOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the expand operation. */
export type EntitiesExpandResponse = EntityExpandResponse;

/** Optional parameters. */
export interface EntitiesQueriesOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the queries operation. */
export type EntitiesQueriesResponse = GetQueriesResponse;

/** Optional parameters. */
export interface EntitiesGetInsightsOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the getInsights operation. */
export type EntitiesGetInsightsResponse = EntityGetInsightsResponse;

/** Optional parameters. */
export interface EntitiesListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type EntitiesListNextResponse = EntityList;

/** Optional parameters. */
export interface EntitiesGetTimelineListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type EntitiesGetTimelineListResponse = EntityTimelineResponse;

/** Optional parameters. */
export interface EntitiesRelationsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type EntitiesRelationsListResponse = RelationList;

/** Optional parameters. */
export interface EntitiesRelationsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type EntitiesRelationsListNextResponse = RelationList;

/** Optional parameters. */
export interface EntityRelationsGetRelationOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the getRelation operation. */
export type EntityRelationsGetRelationResponse = Relation;

/** Optional parameters. */
export interface EntityQueriesListOptionalParams
  extends coreClient.OperationOptions {
  /** The entity query kind we want to fetch */
  kind?: Enum12;
}

/** Contains response data for the list operation. */
export type EntityQueriesListResponse = EntityQueryList;

/** Optional parameters. */
export interface EntityQueriesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type EntityQueriesGetResponse = EntityQueryUnion;

/** Optional parameters. */
export interface EntityQueriesCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion;

/** Optional parameters. */
export interface EntityQueriesDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface EntityQueriesListNextOptionalParams
  extends coreClient.OperationOptions {
  /** The entity query kind we want to fetch */
  kind?: Enum12;
}

/** Contains response data for the listNext operation. */
export type EntityQueriesListNextResponse = EntityQueryList;

/** Optional parameters. */
export interface EntityQueryTemplatesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type EntityQueryTemplatesListResponse = EntityQueryTemplateList;

/** Optional parameters. */
export interface EntityQueryTemplatesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion;

/** Optional parameters. */
export interface EntityQueryTemplatesListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList;

/** Optional parameters. */
export interface IncidentCommentsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type IncidentCommentsListResponse = IncidentCommentList;

/** Optional parameters. */
export interface IncidentCommentsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type IncidentCommentsGetResponse = IncidentComment;

/** Optional parameters. */
export interface IncidentCommentsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type IncidentCommentsCreateOrUpdateResponse = IncidentComment;

/** Optional parameters. */
export interface IncidentCommentsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface IncidentCommentsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type IncidentCommentsListNextResponse = IncidentCommentList;

/** Optional parameters. */
export interface IncidentRelationsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type IncidentRelationsListResponse = RelationList;

/** Optional parameters. */
export interface IncidentRelationsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type IncidentRelationsGetResponse = Relation;

/** Optional parameters. */
export interface IncidentRelationsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type IncidentRelationsCreateOrUpdateResponse = Relation;

/** Optional parameters. */
export interface IncidentRelationsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface IncidentRelationsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type IncidentRelationsListNextResponse = RelationList;

/** Optional parameters. */
export interface MetadataListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */
  skip?: number;
}

/** Contains response data for the list operation. */
export type MetadataListResponse = MetadataList;

/** Optional parameters. */
export interface MetadataGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type MetadataGetResponse = MetadataModel;

/** Optional parameters. */
export interface MetadataDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface MetadataCreateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the create operation. */
export type MetadataCreateResponse = MetadataModel;

/** Optional parameters. */
export interface MetadataUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the update operation. */
export type MetadataUpdateResponse = MetadataModel;

/** Optional parameters. */
export interface MetadataListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. */
  skip?: number;
}

/** Contains response data for the listNext operation. */
export type MetadataListNextResponse = MetadataList;

/** Optional parameters. */
export interface OfficeConsentsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type OfficeConsentsListResponse = OfficeConsentList;

/** Optional parameters. */
export interface OfficeConsentsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type OfficeConsentsGetResponse = OfficeConsent;

/** Optional parameters. */
export interface OfficeConsentsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface OfficeConsentsListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type OfficeConsentsListNextResponse = OfficeConsentList;

/** Optional parameters. */
export interface SentinelOnboardingStatesGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState;

/** Optional parameters. */
export interface SentinelOnboardingStatesCreateOptionalParams
  extends coreClient.OperationOptions {
  /** The Sentinel onboarding state parameter */
  sentinelOnboardingStateParameter?: SentinelOnboardingState;
}

/** Contains response data for the create operation. */
export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState;

/** Optional parameters. */
export interface SentinelOnboardingStatesDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface SentinelOnboardingStatesListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList;

/** Optional parameters. */
export interface ProductSettingsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type ProductSettingsListResponse = SettingList;

/** Optional parameters. */
export interface ProductSettingsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type ProductSettingsGetResponse = SettingsUnion;

/** Optional parameters. */
export interface ProductSettingsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface ProductSettingsUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the update operation. */
export type ProductSettingsUpdateResponse = SettingsUnion;

/** Optional parameters. */
export interface SourceControlListRepositoriesOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listRepositories operation. */
export type SourceControlListRepositoriesResponse = RepoList;

/** Optional parameters. */
export interface SourceControlListRepositoriesNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listRepositoriesNext operation. */
export type SourceControlListRepositoriesNextResponse = RepoList;

/** Optional parameters. */
export interface SourceControlsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type SourceControlsListResponse = SourceControlList;

/** Optional parameters. */
export interface SourceControlsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type SourceControlsGetResponse = SourceControl;

/** Optional parameters. */
export interface SourceControlsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface SourceControlsCreateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the create operation. */
export type SourceControlsCreateResponse = SourceControl;

/** Optional parameters. */
export interface SourceControlsListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type SourceControlsListNextResponse = SourceControlList;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createIndicator operation. */
export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorCreateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the create operation. */
export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the queryIndicators operation. */
export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the replaceTags operation. */
export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the queryIndicatorsNext operation. */
export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorsListOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Filters the results, based on a Boolean condition. Optional. */
  filter?: string;
  /** Sorts the results. Optional. */
  orderby?: string;
  /** Returns only the first n results. Optional. */
  top?: number;
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList;

/** Optional parameters. */
export interface ThreatIntelligenceIndicatorMetricsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList;

/** Optional parameters. */
export interface WatchlistsListOptionalParams
  extends coreClient.OperationOptions {
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type WatchlistsListResponse = WatchlistList;

/** Optional parameters. */
export interface WatchlistsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type WatchlistsGetResponse = Watchlist;

/** Optional parameters. */
export interface WatchlistsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the delete operation. */
export type WatchlistsDeleteResponse = WatchlistsDeleteHeaders;

/** Optional parameters. */
export interface WatchlistsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type WatchlistsCreateOrUpdateResponse = Watchlist;

/** Optional parameters. */
export interface WatchlistsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type WatchlistsListNextResponse = WatchlistList;

/** Optional parameters. */
export interface WatchlistItemsListOptionalParams
  extends coreClient.OperationOptions {
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the list operation. */
export type WatchlistItemsListResponse = WatchlistItemList;

/** Optional parameters. */
export interface WatchlistItemsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type WatchlistItemsGetResponse = WatchlistItem;

/** Optional parameters. */
export interface WatchlistItemsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface WatchlistItemsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem;

/** Optional parameters. */
export interface WatchlistItemsListNextOptionalParams
  extends coreClient.OperationOptions {
  /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
  skipToken?: string;
}

/** Contains response data for the listNext operation. */
export type WatchlistItemsListNextResponse = WatchlistItemList;

/** Optional parameters. */
export interface DataConnectorsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type DataConnectorsListResponse = DataConnectorList;

/** Optional parameters. */
export interface DataConnectorsGetOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the get operation. */
export type DataConnectorsGetResponse = DataConnectorUnion;

/** Optional parameters. */
export interface DataConnectorsCreateOrUpdateOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the createOrUpdate operation. */
export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion;

/** Optional parameters. */
export interface DataConnectorsDeleteOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface DataConnectorsConnectOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface DataConnectorsDisconnectOptionalParams
  extends coreClient.OperationOptions {}

/** Optional parameters. */
export interface DataConnectorsListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type DataConnectorsListNextResponse = DataConnectorList;

/** Optional parameters. */
export interface DataConnectorsCheckRequirementsPostOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the post operation. */
export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState;

/** Optional parameters. */
export interface OperationsListOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the list operation. */
export type OperationsListResponse = OperationsList;

/** Optional parameters. */
export interface OperationsListNextOptionalParams
  extends coreClient.OperationOptions {}

/** Contains response data for the listNext operation. */
export type OperationsListNextResponse = OperationsList;

/** Optional parameters. */
export interface SecurityInsightsOptionalParams
  extends coreClient.ServiceClientOptions {
  /** server parameter */
  $host?: string;
  /** Api Version */
  apiVersion?: string;
  /** Overrides client endpoint. */
  endpoint?: string;
}