-
Notifications
You must be signed in to change notification settings - Fork 11
/
GetAlertRuleTemplateById.go
67 lines (64 loc) · 4.28 KB
/
GetAlertRuleTemplateById.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package armsecurityinsights_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json
func ExampleAlertRuleTemplatesClient_Get() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRuleTemplatesClient().Get(ctx, "myRg", "myWorkspace", "65360bb0-8986-4ade-a89d-af3cf44d28aa", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRuleTemplatesClientGetResponse{
// AlertRuleTemplateClassification: &armsecurityinsights.ScheduledAlertRuleTemplate{
// Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"),
// Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
// ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"),
// Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
// Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{
// Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"),
// AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
// CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00Z"); return t}()),
// DisplayName: to.Ptr("Changes to Amazon VPC settings"),
// EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// },
// LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00Z"); return t}()),
// Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"),
// QueryFrequency: to.Ptr("P1D"),
// QueryPeriod: to.Ptr("P1D"),
// RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{
// {
// ConnectorID: to.Ptr("AWS"),
// DataTypes: []*string{
// to.Ptr("AWSCloudTrail")},
// }},
// Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
// Tactics: []*armsecurityinsights.AttackTactic{
// to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation),
// to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// Techniques: []*string{
// to.Ptr("T1037"),
// to.Ptr("T1021")},
// TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
// TriggerThreshold: to.Ptr[int32](0),
// Version: to.Ptr("1.0.2"),
// },
// },
// }
}