/
index.ts
8684 lines (7946 loc) · 326 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
* Copyright (c) Microsoft Corporation.
* Licensed under the MIT License.
*
* Code generated by Microsoft (R) AutoRest Code Generator.
* Changes may cause incorrect behavior and will be lost if the code is regenerated.
*/
import * as coreClient from "@azure/core-client";
export type AutomationRuleConditionUnion =
| AutomationRuleCondition
| PropertyConditionProperties;
export type AutomationRuleActionUnion =
| AutomationRuleAction
| AutomationRuleModifyPropertiesAction
| AutomationRuleRunPlaybookAction;
export type EntityTimelineItemUnion =
| EntityTimelineItem
| ActivityTimelineItem
| BookmarkTimelineItem
| SecurityAlertTimelineItem;
export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem;
export type DataConnectorsCheckRequirementsUnion =
| DataConnectorsCheckRequirements
| AADCheckRequirements
| AatpCheckRequirements
| ASCCheckRequirements
| AwsCloudTrailCheckRequirements
| AwsS3CheckRequirements
| Dynamics365CheckRequirements
| McasCheckRequirements
| MdatpCheckRequirements
| MstiCheckRequirements
| MtpCheckRequirements
| OfficeATPCheckRequirements
| OfficeIRMCheckRequirements
| Office365ProjectCheckRequirements
| OfficePowerBICheckRequirements
| TICheckRequirements
| TiTaxiiCheckRequirements
| IoTCheckRequirements;
export type AlertRuleTemplateUnion =
| AlertRuleTemplate
| MLBehaviorAnalyticsAlertRuleTemplate
| FusionAlertRuleTemplate
| ThreatIntelligenceAlertRuleTemplate
| MicrosoftSecurityIncidentCreationAlertRuleTemplate
| ScheduledAlertRuleTemplate
| NrtAlertRuleTemplate;
export type EntityUnion =
| Entity
| SecurityAlert
| HuntingBookmark
| AccountEntity
| AzureResourceEntity
| CloudApplicationEntity
| DnsEntity
| FileEntity
| FileHashEntity
| HostEntity
| IoTDeviceEntity
| IpEntity
| MailboxEntity
| MailClusterEntity
| MailMessageEntity
| MalwareEntity
| ProcessEntity
| RegistryKeyEntity
| RegistryValueEntity
| SecurityGroupEntity
| SubmissionMailEntity
| UrlEntity;
export type EntityQueryTemplateUnion =
| EntityQueryTemplate
| ActivityEntityQueryTemplate;
export type AlertRuleUnion =
| AlertRule
| MLBehaviorAnalyticsAlertRule
| FusionAlertRule
| ThreatIntelligenceAlertRule
| MicrosoftSecurityIncidentCreationAlertRule
| ScheduledAlertRule
| NrtAlertRule;
export type EntityQueryUnion =
| EntityQuery
| ExpansionEntityQuery
| ActivityEntityQuery;
export type CustomEntityQueryUnion =
| CustomEntityQuery
| ActivityCustomEntityQuery;
export type SettingsUnion =
| Settings
| Anomalies
| EyesOn
| EntityAnalytics
| Ueba;
export type ThreatIntelligenceInformationUnion =
| ThreatIntelligenceInformation
| ThreatIntelligenceIndicatorModel;
export type DataConnectorUnion =
| DataConnector
| AADDataConnector
| MstiDataConnector
| MTPDataConnector
| AatpDataConnector
| ASCDataConnector
| AwsCloudTrailDataConnector
| AwsS3DataConnector
| McasDataConnector
| Dynamics365DataConnector
| OfficeATPDataConnector
| Office365ProjectDataConnector
| OfficePowerBIDataConnector
| OfficeIRMDataConnector
| MdatpDataConnector
| OfficeDataConnector
| TIDataConnector
| TiTaxiiDataConnector
| IoTDataConnector
| CodelessUiDataConnector
| CodelessApiPollingDataConnector;
/** List all the alert rules. */
export interface AlertRulesList {
/**
* URL to fetch the next set of alert rules.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of alert rules. */
value: AlertRuleUnion[];
}
/** Common fields that are returned in the response for all Azure Resource Manager resources */
export interface Resource {
/**
* Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly id?: string;
/**
* The name of the resource
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly name?: string;
/**
* The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly type?: string;
/**
* Azure Resource Manager metadata containing createdBy and modifiedBy information.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly systemData?: SystemData;
}
/** Metadata pertaining to creation and last modification of the resource. */
export interface SystemData {
/** The identity that created the resource. */
createdBy?: string;
/** The type of identity that created the resource. */
createdByType?: CreatedByType;
/** The timestamp of resource creation (UTC). */
createdAt?: Date;
/** The identity that last modified the resource. */
lastModifiedBy?: string;
/** The type of identity that last modified the resource. */
lastModifiedByType?: CreatedByType;
/** The timestamp of resource last modification (UTC) */
lastModifiedAt?: Date;
}
/** Error response structure. */
export interface CloudError {
/** Error data */
error?: CloudErrorBody;
}
/** Error details. */
export interface CloudErrorBody {
/**
* An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly code?: string;
/**
* A message describing the error, intended to be suitable for display in a user interface.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly message?: string;
}
/** List all the actions. */
export interface ActionsList {
/**
* URL to fetch the next set of actions.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of actions. */
value: ActionResponse[];
}
/** Action property bag base. */
export interface ActionPropertiesBase {
/** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
logicAppResourceId: string;
}
/** List all the alert rule templates. */
export interface AlertRuleTemplatesList {
/**
* URL to fetch the next set of alert rule templates.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of alert rule templates. */
value: AlertRuleTemplateUnion[];
}
/** Describes automation rule triggering logic */
export interface AutomationRuleTriggeringLogic {
/** Determines whether the automation rule is enabled or disabled */
isEnabled: boolean;
/** Determines when the automation rule should automatically expire and be disabled. */
expirationTimeUtc?: Date;
triggersOn: TriggersOn;
triggersWhen: TriggersWhen;
/** The conditions to evaluate to determine if the automation rule should be triggered on a given object */
conditions?: AutomationRuleConditionUnion[];
}
/** Describes an automation rule condition */
export interface AutomationRuleCondition {
/** Polymorphic discriminator, which specifies the different types this object can be */
conditionType: "Property";
}
/** Describes an automation rule action */
export interface AutomationRuleAction {
/** Polymorphic discriminator, which specifies the different types this object can be */
actionType: "ModifyProperties" | "RunPlaybook";
order: number;
}
/** Information on the client (user or application) that made some action */
export interface ClientInfo {
/** The email of the client. */
email?: string;
/** The name of the client. */
name?: string;
/** The object id of the client. */
objectId?: string;
/** The user principal name of the client. */
userPrincipalName?: string;
}
export interface AutomationRulesList {
value?: AutomationRule[];
nextLink?: string;
}
export interface ManualTriggerRequestBody {
tenantId?: string;
logicAppsResourceId?: string;
}
/** List all the bookmarks. */
export interface BookmarkList {
/**
* URL to fetch the next set of bookmarks.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of bookmarks. */
value: Bookmark[];
}
/** User information that made some action */
export interface UserInfo {
/**
* The email of the user.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly email?: string;
/**
* The name of the user.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly name?: string;
/** The object id of the user. */
objectId?: string;
}
/** Describes related incident information for the bookmark */
export interface IncidentInfo {
/** Incident Id */
incidentId?: string;
/** The severity of the incident */
severity?: IncidentSeverity;
/** The title of the incident */
title?: string;
/** Relation Name */
relationName?: string;
}
/** Describes the entity mappings of a single entity */
export interface BookmarkEntityMappings {
/** The entity type */
entityType?: string;
/** Array of fields mapping for that entity type */
fieldMappings?: EntityFieldMapping[];
}
/** Map identifiers of a single entity */
export interface EntityFieldMapping {
/** Alert V3 identifier */
identifier?: string;
/** The value of the identifier */
value?: string;
}
/** List of relations. */
export interface RelationList {
/**
* URL to fetch the next set of relations.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of relations. */
value: Relation[];
}
/** The parameters required to execute an expand operation on the given bookmark. */
export interface BookmarkExpandParameters {
/** The end date filter, so the only expansion results returned are before this date. */
endTime?: Date;
/** The Id of the expansion to perform. */
expansionId?: string;
/** The start date filter, so the only expansion results returned are after this date. */
startTime?: Date;
}
/** The entity expansion result operation response. */
export interface BookmarkExpandResponse {
/** The metadata from the expansion operation results. */
metaData?: ExpansionResultsMetadata;
/** The expansion result values. */
value?: BookmarkExpandResponseValue;
}
/** Expansion result metadata. */
export interface ExpansionResultsMetadata {
/** Information of the aggregated nodes in the expansion result. */
aggregations?: ExpansionResultAggregation[];
}
/** Information of a specific aggregation in the expansion result. */
export interface ExpansionResultAggregation {
/** The common type of the aggregation. (for e.g. entity field name) */
aggregationType?: string;
/** Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. */
count: number;
/** The display name of the aggregation by type. */
displayName?: string;
/** The kind of the aggregated entity. */
entityKind: EntityKind;
}
/** The expansion result values. */
export interface BookmarkExpandResponseValue {
/** Array of the expansion result entities. */
entities?: EntityUnion[];
/** Array of expansion result connected entities */
edges?: ConnectedEntity[];
}
/** Expansion result connected entities */
export interface ConnectedEntity {
/** Entity Id of the connected entity */
targetEntityId?: string;
/** key-value pairs for a connected entity mapping */
additionalData?: Record<string, unknown>;
}
/** Geodata information for a given IP address */
export interface EnrichmentIpGeodata {
/** The autonomous system number associated with this IP address */
asn?: string;
/** The name of the carrier for this IP address */
carrier?: string;
/** The city this IP address is located in */
city?: string;
/** A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 */
cityCf?: number;
/** The continent this IP address is located on */
continent?: string;
/** The county this IP address is located in */
country?: string;
/** A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 */
countryCf?: number;
/** The dotted-decimal or colon-separated string representation of the IP address */
ipAddr?: string;
/** A description of the connection type of this IP address */
ipRoutingType?: string;
/** The latitude of this IP address */
latitude?: string;
/** The longitude of this IP address */
longitude?: string;
/** The name of the organization for this IP address */
organization?: string;
/** The type of the organization for this IP address */
organizationType?: string;
/** The geographic region this IP address is located in */
region?: string;
/** The state this IP address is located in */
state?: string;
/** A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 */
stateCf?: number;
/** The abbreviated name for the state this IP address is located in */
stateCode?: string;
}
/** Whois information for a given domain and associated metadata */
export interface EnrichmentDomainWhois {
/** The domain for this whois record */
domain?: string;
/** The hostname of this registrar's whois server */
server?: string;
/** The timestamp at which this record was created */
created?: Date;
/** The timestamp at which this record was last updated */
updated?: Date;
/** The timestamp at which this record will expire */
expires?: Date;
/** The whois record for a given domain */
parsedWhois?: EnrichmentDomainWhoisDetails;
}
/** The whois record for a given domain */
export interface EnrichmentDomainWhoisDetails {
/** The registrar associated with this domain */
registrar?: EnrichmentDomainWhoisRegistrarDetails;
/** The set of contacts associated with this domain */
contacts?: EnrichmentDomainWhoisContacts;
/** A list of name servers associated with this domain */
nameServers?: string[];
/** The set of status flags for this whois record */
statuses?: string[];
}
/** The registrar associated with this domain */
export interface EnrichmentDomainWhoisRegistrarDetails {
/** The name of this registrar */
name?: string;
/** This registrar's abuse contact email */
abuseContactEmail?: string;
/** This registrar's abuse contact phone number */
abuseContactPhone?: string;
/** This registrar's Internet Assigned Numbers Authority id */
ianaId?: string;
/** This registrar's URL */
url?: string;
/** The hostname of this registrar's whois server */
whoisServer?: string;
}
/** The set of contacts associated with this domain */
export interface EnrichmentDomainWhoisContacts {
/** The admin contact for this whois record */
admin?: EnrichmentDomainWhoisContact;
/** The billing contact for this whois record */
billing?: EnrichmentDomainWhoisContact;
/** The registrant contact for this whois record */
registrant?: EnrichmentDomainWhoisContact;
/** The technical contact for this whois record */
tech?: EnrichmentDomainWhoisContact;
}
/** An individual contact associated with this domain */
export interface EnrichmentDomainWhoisContact {
/** The name of this contact */
name?: string;
/** The organization for this contact */
org?: string;
/** A list describing the street address for this contact */
street?: string[];
/** The city for this contact */
city?: string;
/** The state for this contact */
state?: string;
/** The postal code for this contact */
postal?: string;
/** The country for this contact */
country?: string;
/** The phone number for this contact */
phone?: string;
/** The fax number for this contact */
fax?: string;
/** The email address for this contact */
email?: string;
}
/** List of all the entities. */
export interface EntityList {
/**
* URL to fetch the next set of entities.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of entities. */
value: EntityUnion[];
}
/** The parameters required to execute an expand operation on the given entity. */
export interface EntityExpandParameters {
/** The end date filter, so the only expansion results returned are before this date. */
endTime?: Date;
/** The Id of the expansion to perform. */
expansionId?: string;
/** The start date filter, so the only expansion results returned are after this date. */
startTime?: Date;
}
/** The entity expansion result operation response. */
export interface EntityExpandResponse {
/** The metadata from the expansion operation results. */
metaData?: ExpansionResultsMetadata;
/** The expansion result values. */
value?: EntityExpandResponseValue;
}
/** The expansion result values. */
export interface EntityExpandResponseValue {
/** Array of the expansion result entities. */
entities?: EntityUnion[];
/** Array of edges that connects the entity to the list of entities. */
edges?: EntityEdges[];
}
/** The edge that connects the entity to the other entity. */
export interface EntityEdges {
/** The target entity Id. */
targetEntityId?: string;
/** A bag of custom fields that should be part of the entity and will be presented to the user. */
additionalData?: { [propertyName: string]: Record<string, unknown> };
}
/** The parameters required to execute s timeline operation on the given entity. */
export interface EntityTimelineParameters {
/** Array of timeline Item kinds. */
kinds?: EntityTimelineKind[];
/** The start timeline date, so the results returned are after this date. */
startTime: Date;
/** The end timeline date, so the results returned are before this date. */
endTime: Date;
/** The number of bucket for timeline queries aggregation. */
numberOfBucket?: number;
}
/** The entity timeline result operation response. */
export interface EntityTimelineResponse {
/** The metadata from the timeline operation results. */
metaData?: TimelineResultsMetadata;
/** The timeline result values. */
value?: EntityTimelineItemUnion[];
}
/** Expansion result metadata. */
export interface TimelineResultsMetadata {
/** the total items found for the timeline request */
totalCount: number;
/** timeline aggregation per kind */
aggregations: TimelineAggregation[];
/** information about the failure queries */
errors?: TimelineError[];
}
/** timeline aggregation information per kind */
export interface TimelineAggregation {
/** the total items found for a kind */
count: number;
/** the query kind */
kind: EntityTimelineKind;
}
/** Timeline Query Errors. */
export interface TimelineError {
/** the query kind */
kind: EntityTimelineKind;
/** the query id */
queryId?: string;
/** the error message */
errorMessage: string;
}
/** Entity timeline Item. */
export interface EntityTimelineItem {
/** Polymorphic discriminator, which specifies the different types this object can be */
kind: "Activity" | "Bookmark" | "SecurityAlert";
}
/** Retrieve queries for entity result operation response. */
export interface GetQueriesResponse {
/** The query result values. */
value?: EntityQueryItemUnion[];
}
/** An abstract Query item for entity */
export interface EntityQueryItem {
/** Polymorphic discriminator, which specifies the different types this object can be */
kind: "Insight";
/**
* Query Template ARM ID
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly id?: string;
/** Query Template ARM Name */
name?: string;
/** ARM Type */
type?: string;
}
/** The parameters required to execute insights operation on the given entity. */
export interface EntityGetInsightsParameters {
/** The start timeline date, so the results returned are after this date. */
startTime: Date;
/** The end timeline date, so the results returned are before this date. */
endTime: Date;
/** Indicates if query time range should be extended with default time range of the query. Default value is false */
addDefaultExtendedTimeRange?: boolean;
/** List of Insights Query Id. If empty, default value is all insights of this entity */
insightQueryIds?: string[];
}
/** The Get Insights result operation response. */
export interface EntityGetInsightsResponse {
/** The metadata from the get insights operation results. */
metaData?: GetInsightsResultsMetadata;
/** The insights result values. */
value?: EntityInsightItem[];
}
/** Get Insights result metadata. */
export interface GetInsightsResultsMetadata {
/** the total items found for the insights request */
totalCount: number;
/** information about the failed queries */
errors?: GetInsightsError[];
}
/** GetInsights Query Errors. */
export interface GetInsightsError {
/** the query kind */
kind: "Insight";
/** the query id */
queryId?: string;
/** the error message */
errorMessage: string;
}
/** Entity insight Item. */
export interface EntityInsightItem {
/** The query id of the insight */
queryId?: string;
/** The Time interval that the query actually executed on. */
queryTimeInterval?: EntityInsightItemQueryTimeInterval;
/** Query results for table insights query. */
tableQueryResults?: InsightsTableResult;
/** Query results for table insights query. */
chartQueryResults?: InsightsTableResult[];
}
/** The Time interval that the query actually executed on. */
export interface EntityInsightItemQueryTimeInterval {
/** Insight query start time */
startTime?: Date;
/** Insight query end time */
endTime?: Date;
}
/** Query results for table insights query. */
export interface InsightsTableResult {
/** Columns Metadata of the table */
columns?: InsightsTableResultColumnsItem[];
/** Rows data of the table */
rows?: string[][];
}
export interface InsightsTableResultColumnsItem {
/** the type of the colum */
type?: string;
/** the name of the colum */
name?: string;
}
/** List of all the entity queries. */
export interface EntityQueryList {
/**
* URL to fetch the next set of entity queries.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of entity queries. */
value: EntityQueryUnion[];
}
/** List of all the entity query templates. */
export interface EntityQueryTemplateList {
/**
* URL to fetch the next set of entity query templates.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of entity query templates. */
value: EntityQueryTemplateUnion[];
}
/** List all the incidents. */
export interface IncidentList {
/**
* URL to fetch the next set of incidents.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of incidents. */
value: Incident[];
}
/** Incident additional data property bag. */
export interface IncidentAdditionalData {
/**
* The number of alerts in the incident
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly alertsCount?: number;
/**
* The number of bookmarks in the incident
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly bookmarksCount?: number;
/**
* The number of comments in the incident
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly commentsCount?: number;
/**
* List of product names of alerts in the incident
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly alertProductNames?: string[];
/**
* The provider incident url to the incident in Microsoft 365 Defender portal
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly providerIncidentUrl?: string;
/**
* The tactics associated with incident
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly tactics?: AttackTactic[];
/**
* The techniques associated with incident's tactics'
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly techniques?: string[];
}
/** Represents an incident label */
export interface IncidentLabel {
/** The name of the label */
labelName: string;
/**
* The type of the label
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly labelType?: IncidentLabelType;
}
/** Information on the user an incident is assigned to */
export interface IncidentOwnerInfo {
/** The email of the user the incident is assigned to. */
email?: string;
/** The name of the user the incident is assigned to. */
assignedTo?: string;
/** The object id of the user the incident is assigned to. */
objectId?: string;
/** The user principal name of the user the incident is assigned to. */
userPrincipalName?: string;
/**
* The type of the owner the incident is assigned to.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly ownerType?: OwnerType;
}
/** Describes team information */
export interface TeamInformation {
/**
* Team ID
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly teamId?: string;
/**
* The primary channel URL of the team
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly primaryChannelUrl?: string;
/**
* The time the team was created
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly teamCreationTimeUtc?: Date;
/**
* The name of the team
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly name?: string;
/**
* The description of the team
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly description?: string;
}
/** Describes team properties */
export interface TeamProperties {
/** The name of the team */
teamName: string;
/** The description of the team */
teamDescription?: string;
/** List of member IDs to add to the team */
memberIds?: string[];
/** List of group IDs to add their members to the team */
groupIds?: string[];
}
/** List of incident alerts. */
export interface IncidentAlertList {
/** Array of incident alerts. */
value: SecurityAlert[];
}
/** confidence reason item */
export interface SecurityAlertPropertiesConfidenceReasonsItem {
/**
* The reason's description
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly reason?: string;
/**
* The type (category) of the reason
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly reasonType?: string;
}
/** Entity common property bag. */
export interface EntityCommonProperties {
/**
* A bag of custom fields that should be part of the entity and will be presented to the user.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly additionalData?: { [propertyName: string]: Record<string, unknown> };
/**
* The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly friendlyName?: string;
}
/** List of incident bookmarks. */
export interface IncidentBookmarkList {
/** Array of incident bookmarks. */
value: HuntingBookmark[];
}
/** List of incident comments. */
export interface IncidentCommentList {
/**
* URL to fetch the next set of comments.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of comments. */
value: IncidentComment[];
}
/** The incident related entities response. */
export interface IncidentEntitiesResponse {
/** Array of the incident related entities. */
entities?: EntityUnion[];
/** The metadata from the incident related entities results. */
metaData?: IncidentEntitiesResultsMetadata[];
}
/** Information of a specific aggregation in the incident related entities result. */
export interface IncidentEntitiesResultsMetadata {
/** Total number of aggregations of the given kind in the incident related entities result. */
count: number;
/** The kind of the aggregated entity. */
entityKind: EntityKind;
}
/** List of all the metadata. */
export interface MetadataList {
/** Array of metadata. */
value: MetadataModel[];
/**
* URL to fetch the next page of metadata.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
}
/** The original source of the content item, where it comes from. */
export interface MetadataSource {
/** Source type of the content */
kind: SourceKind;
/** Name of the content source. The repo name, solution name, LA workspace name etc. */
name?: string;
/** ID of the content source. The solution ID, workspace ID, etc */
sourceId?: string;
}
/** Publisher or creator of the content item. */
export interface MetadataAuthor {
/** Name of the author. Company or person. */
name?: string;
/** Email of author contact */
email?: string;
/** Link for author/vendor page */
link?: string;
}
/** Support information for the content item. */
export interface MetadataSupport {
/** Type of support for content item */
tier: SupportTier;
/** Name of the support contact. Company or person. */
name?: string;
/** Email of support contact */
email?: string;
/** Link for support help, like to support page to open a ticket etc. */
link?: string;
}
/** Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. */
export interface MetadataDependencies {
/** Id of the content item we depend on */
contentId?: string;
/** Type of the content item we depend on */
kind?: Kind;
/** Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. */
version?: string;
/** Name of the content item */
name?: string;
/** Operator used for list of dependencies in criteria array. */
operator?: Operator;
/** This is the list of dependencies we must fulfill, according to the AND/OR operator */
criteria?: MetadataDependencies[];
}
/** ies for the solution content item */
export interface MetadataCategories {
/** domain for the solution content item */
domains?: string[];
/** Industry verticals for the solution content item */
verticals?: string[];
}
/** List of all the office365 consents. */
export interface OfficeConsentList {
/**
* URL to fetch the next set of office consents.
* NOTE: This property will not be serialized. It can only be populated by the server.
*/
readonly nextLink?: string;
/** Array of the consents. */
value: OfficeConsent[];
}
/** List of the Sentinel onboarding states */
export interface SentinelOnboardingStatesList {
/** Array of Sentinel onboarding states */
value: SentinelOnboardingState[];
}
/** List of all the settings. */
export interface SettingList {
/** Array of settings. */
value: SettingsUnion[];
}
/** List all the source controls. */
export interface RepoList {
/**
* URL to fetch the next set of repositories.