forked from Azure/azure-sdk-for-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
enums.go
1775 lines (1555 loc) · 102 KB
/
enums.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package securityinsight
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for license information.
//
// Code generated by Microsoft (R) AutoRest Code Generator.
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
// ActionType enumerates the values for action type.
type ActionType string
const (
// ActionTypeAutomationRuleAction ...
ActionTypeAutomationRuleAction ActionType = "AutomationRuleAction"
// ActionTypeModifyProperties ...
ActionTypeModifyProperties ActionType = "ModifyProperties"
// ActionTypeRunPlaybook ...
ActionTypeRunPlaybook ActionType = "RunPlaybook"
)
// PossibleActionTypeValues returns an array of possible values for the ActionType const type.
func PossibleActionTypeValues() []ActionType {
return []ActionType{ActionTypeAutomationRuleAction, ActionTypeModifyProperties, ActionTypeRunPlaybook}
}
// AlertDetail enumerates the values for alert detail.
type AlertDetail string
const (
// AlertDetailDisplayName Alert display name
AlertDetailDisplayName AlertDetail = "DisplayName"
// AlertDetailSeverity Alert severity
AlertDetailSeverity AlertDetail = "Severity"
)
// PossibleAlertDetailValues returns an array of possible values for the AlertDetail const type.
func PossibleAlertDetailValues() []AlertDetail {
return []AlertDetail{AlertDetailDisplayName, AlertDetailSeverity}
}
// AlertRuleKind enumerates the values for alert rule kind.
type AlertRuleKind string
const (
// AlertRuleKindFusion ...
AlertRuleKindFusion AlertRuleKind = "Fusion"
// AlertRuleKindMicrosoftSecurityIncidentCreation ...
AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
// AlertRuleKindMLBehaviorAnalytics ...
AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics"
// AlertRuleKindNRT ...
AlertRuleKindNRT AlertRuleKind = "NRT"
// AlertRuleKindScheduled ...
AlertRuleKindScheduled AlertRuleKind = "Scheduled"
// AlertRuleKindThreatIntelligence ...
AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence"
)
// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.
func PossibleAlertRuleKindValues() []AlertRuleKind {
return []AlertRuleKind{AlertRuleKindFusion, AlertRuleKindMicrosoftSecurityIncidentCreation, AlertRuleKindMLBehaviorAnalytics, AlertRuleKindNRT, AlertRuleKindScheduled, AlertRuleKindThreatIntelligence}
}
// AlertSeverity enumerates the values for alert severity.
type AlertSeverity string
const (
// AlertSeverityHigh High severity
AlertSeverityHigh AlertSeverity = "High"
// AlertSeverityInformational Informational severity
AlertSeverityInformational AlertSeverity = "Informational"
// AlertSeverityLow Low severity
AlertSeverityLow AlertSeverity = "Low"
// AlertSeverityMedium Medium severity
AlertSeverityMedium AlertSeverity = "Medium"
)
// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.
func PossibleAlertSeverityValues() []AlertSeverity {
return []AlertSeverity{AlertSeverityHigh, AlertSeverityInformational, AlertSeverityLow, AlertSeverityMedium}
}
// AlertStatus enumerates the values for alert status.
type AlertStatus string
const (
// AlertStatusDismissed Alert dismissed as false positive
AlertStatusDismissed AlertStatus = "Dismissed"
// AlertStatusInProgress Alert is being handled
AlertStatusInProgress AlertStatus = "InProgress"
// AlertStatusNew New alert
AlertStatusNew AlertStatus = "New"
// AlertStatusResolved Alert closed after handling
AlertStatusResolved AlertStatus = "Resolved"
// AlertStatusUnknown Unknown value
AlertStatusUnknown AlertStatus = "Unknown"
)
// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.
func PossibleAlertStatusValues() []AlertStatus {
return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown}
}
// AntispamMailDirection enumerates the values for antispam mail direction.
type AntispamMailDirection string
const (
// AntispamMailDirectionInbound Inbound
AntispamMailDirectionInbound AntispamMailDirection = "Inbound"
// AntispamMailDirectionIntraorg Intraorg
AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg"
// AntispamMailDirectionOutbound Outbound
AntispamMailDirectionOutbound AntispamMailDirection = "Outbound"
// AntispamMailDirectionUnknown Unknown
AntispamMailDirectionUnknown AntispamMailDirection = "Unknown"
)
// PossibleAntispamMailDirectionValues returns an array of possible values for the AntispamMailDirection const type.
func PossibleAntispamMailDirectionValues() []AntispamMailDirection {
return []AntispamMailDirection{AntispamMailDirectionInbound, AntispamMailDirectionIntraorg, AntispamMailDirectionOutbound, AntispamMailDirectionUnknown}
}
// AttackTactic enumerates the values for attack tactic.
type AttackTactic string
const (
// AttackTacticCollection ...
AttackTacticCollection AttackTactic = "Collection"
// AttackTacticCommandAndControl ...
AttackTacticCommandAndControl AttackTactic = "CommandAndControl"
// AttackTacticCredentialAccess ...
AttackTacticCredentialAccess AttackTactic = "CredentialAccess"
// AttackTacticDefenseEvasion ...
AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion"
// AttackTacticDiscovery ...
AttackTacticDiscovery AttackTactic = "Discovery"
// AttackTacticExecution ...
AttackTacticExecution AttackTactic = "Execution"
// AttackTacticExfiltration ...
AttackTacticExfiltration AttackTactic = "Exfiltration"
// AttackTacticImpact ...
AttackTacticImpact AttackTactic = "Impact"
// AttackTacticInitialAccess ...
AttackTacticInitialAccess AttackTactic = "InitialAccess"
// AttackTacticLateralMovement ...
AttackTacticLateralMovement AttackTactic = "LateralMovement"
// AttackTacticPersistence ...
AttackTacticPersistence AttackTactic = "Persistence"
// AttackTacticPreAttack ...
AttackTacticPreAttack AttackTactic = "PreAttack"
// AttackTacticPrivilegeEscalation ...
AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)
// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.
func PossibleAttackTacticValues() []AttackTactic {
return []AttackTactic{AttackTacticCollection, AttackTacticCommandAndControl, AttackTacticCredentialAccess, AttackTacticDefenseEvasion, AttackTacticDiscovery, AttackTacticExecution, AttackTacticExfiltration, AttackTacticImpact, AttackTacticInitialAccess, AttackTacticLateralMovement, AttackTacticPersistence, AttackTacticPreAttack, AttackTacticPrivilegeEscalation}
}
// AutomationRulePropertyConditionSupportedOperator enumerates the values for automation rule property
// condition supported operator.
type AutomationRulePropertyConditionSupportedOperator string
const (
// AutomationRulePropertyConditionSupportedOperatorContains Evaluates if the property contains at least one
// of the condition values
AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains"
// AutomationRulePropertyConditionSupportedOperatorEndsWith Evaluates if the property ends with any of the
// condition values
AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith"
// AutomationRulePropertyConditionSupportedOperatorEquals Evaluates if the property equals at least one of
// the condition values
AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals"
// AutomationRulePropertyConditionSupportedOperatorNotContains Evaluates if the property does not contain
// any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains"
// AutomationRulePropertyConditionSupportedOperatorNotEndsWith Evaluates if the property does not end with
// any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith"
// AutomationRulePropertyConditionSupportedOperatorNotEquals Evaluates if the property does not equal any
// of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals"
// AutomationRulePropertyConditionSupportedOperatorNotStartsWith Evaluates if the property does not start
// with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith"
// AutomationRulePropertyConditionSupportedOperatorStartsWith Evaluates if the property starts with any of
// the condition values
AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith"
)
// PossibleAutomationRulePropertyConditionSupportedOperatorValues returns an array of possible values for the AutomationRulePropertyConditionSupportedOperator const type.
func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator {
return []AutomationRulePropertyConditionSupportedOperator{AutomationRulePropertyConditionSupportedOperatorContains, AutomationRulePropertyConditionSupportedOperatorEndsWith, AutomationRulePropertyConditionSupportedOperatorEquals, AutomationRulePropertyConditionSupportedOperatorNotContains, AutomationRulePropertyConditionSupportedOperatorNotEndsWith, AutomationRulePropertyConditionSupportedOperatorNotEquals, AutomationRulePropertyConditionSupportedOperatorNotStartsWith, AutomationRulePropertyConditionSupportedOperatorStartsWith}
}
// AutomationRulePropertyConditionSupportedProperty enumerates the values for automation rule property
// condition supported property.
type AutomationRulePropertyConditionSupportedProperty string
const (
// AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID The account Azure Active Directory
// tenant id
AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId"
// AutomationRulePropertyConditionSupportedPropertyAccountAadUserID The account Azure Active Directory user
// id.
AutomationRulePropertyConditionSupportedPropertyAccountAadUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId"
// AutomationRulePropertyConditionSupportedPropertyAccountName The account name
AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName"
// AutomationRulePropertyConditionSupportedPropertyAccountNTDomain The account NetBIOS domain name
AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain"
// AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID The account unique identifier
AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid"
// AutomationRulePropertyConditionSupportedPropertyAccountPUID The account Azure Active Directory Passport
// User ID
AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID"
// AutomationRulePropertyConditionSupportedPropertyAccountSid The account security identifier
AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid"
// AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix The account user principal name suffix
AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix"
// AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID The Azure resource id
AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId"
// AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID The Azure resource
// subscription id
AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId"
// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID The cloud application identifier
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId"
// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName The cloud application name
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName"
// AutomationRulePropertyConditionSupportedPropertyDNSDomainName The dns record domain name
AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName"
// AutomationRulePropertyConditionSupportedPropertyFileDirectory The file directory full path
AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory"
// AutomationRulePropertyConditionSupportedPropertyFileHashValue The file hash value
AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue"
// AutomationRulePropertyConditionSupportedPropertyFileName The file name without path
AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName"
// AutomationRulePropertyConditionSupportedPropertyHostAzureID The host Azure resource id
AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID"
// AutomationRulePropertyConditionSupportedPropertyHostName The host name without domain
AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName"
// AutomationRulePropertyConditionSupportedPropertyHostNetBiosName The host NetBIOS name
AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName"
// AutomationRulePropertyConditionSupportedPropertyHostNTDomain The host NT domain
AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain"
// AutomationRulePropertyConditionSupportedPropertyHostOSVersion The host operating system
AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion"
// AutomationRulePropertyConditionSupportedPropertyIncidentDescription The description of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription"
// AutomationRulePropertyConditionSupportedPropertyIncidentProviderName The provider name of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName"
// AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds The related Analytic rule
// ids of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds"
// AutomationRulePropertyConditionSupportedPropertyIncidentSeverity The severity of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity"
// AutomationRulePropertyConditionSupportedPropertyIncidentStatus The status of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus"
// AutomationRulePropertyConditionSupportedPropertyIncidentTactics The tactics of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics"
// AutomationRulePropertyConditionSupportedPropertyIncidentTitle The title of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceID The IoT device id
AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel The IoT device model
AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceName The IoT device name
AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem The IoT device operating system
AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceType The IoT device type
AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType"
// AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor The IoT device vendor
AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor"
// AutomationRulePropertyConditionSupportedPropertyIPAddress The IP address
AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress"
// AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName The mailbox display name
AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName"
// AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress The mailbox primary address
AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress"
// AutomationRulePropertyConditionSupportedPropertyMailboxUPN The mailbox user principal name
AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN"
// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction The mail message delivery
// action
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction"
// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation The mail message delivery
// location
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation"
// AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender The mail message P1 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender"
// AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender The mail message P2 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender"
// AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient The mail message recipient
AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient"
// AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP The mail message sender IP address
AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP"
// AutomationRulePropertyConditionSupportedPropertyMailMessageSubject The mail message subject
AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject"
// AutomationRulePropertyConditionSupportedPropertyMalwareCategory The malware category
AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory"
// AutomationRulePropertyConditionSupportedPropertyMalwareName The malware name
AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName"
// AutomationRulePropertyConditionSupportedPropertyProcessCommandLine The process execution command line
AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine"
// AutomationRulePropertyConditionSupportedPropertyProcessID The process id
AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId"
// AutomationRulePropertyConditionSupportedPropertyRegistryKey The registry key path
AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey"
// AutomationRulePropertyConditionSupportedPropertyRegistryValueData The registry key value in string
// formatted representation
AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData"
// AutomationRulePropertyConditionSupportedPropertyURL The url
AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url"
)
// PossibleAutomationRulePropertyConditionSupportedPropertyValues returns an array of possible values for the AutomationRulePropertyConditionSupportedProperty const type.
func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty {
return []AutomationRulePropertyConditionSupportedProperty{AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID, AutomationRulePropertyConditionSupportedPropertyAccountAadUserID, AutomationRulePropertyConditionSupportedPropertyAccountName, AutomationRulePropertyConditionSupportedPropertyAccountNTDomain, AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID, AutomationRulePropertyConditionSupportedPropertyAccountPUID, AutomationRulePropertyConditionSupportedPropertyAccountSid, AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix, AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID, AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName, AutomationRulePropertyConditionSupportedPropertyDNSDomainName, AutomationRulePropertyConditionSupportedPropertyFileDirectory, AutomationRulePropertyConditionSupportedPropertyFileHashValue, AutomationRulePropertyConditionSupportedPropertyFileName, AutomationRulePropertyConditionSupportedPropertyHostAzureID, AutomationRulePropertyConditionSupportedPropertyHostName, AutomationRulePropertyConditionSupportedPropertyHostNetBiosName, AutomationRulePropertyConditionSupportedPropertyHostNTDomain, AutomationRulePropertyConditionSupportedPropertyHostOSVersion, AutomationRulePropertyConditionSupportedPropertyIncidentDescription, AutomationRulePropertyConditionSupportedPropertyIncidentProviderName, AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds, AutomationRulePropertyConditionSupportedPropertyIncidentSeverity, AutomationRulePropertyConditionSupportedPropertyIncidentStatus, AutomationRulePropertyConditionSupportedPropertyIncidentTactics, AutomationRulePropertyConditionSupportedPropertyIncidentTitle, AutomationRulePropertyConditionSupportedPropertyIoTDeviceID, AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel, AutomationRulePropertyConditionSupportedPropertyIoTDeviceName, AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem, AutomationRulePropertyConditionSupportedPropertyIoTDeviceType, AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor, AutomationRulePropertyConditionSupportedPropertyIPAddress, AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName, AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress, AutomationRulePropertyConditionSupportedPropertyMailboxUPN, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation, AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient, AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP, AutomationRulePropertyConditionSupportedPropertyMailMessageSubject, AutomationRulePropertyConditionSupportedPropertyMalwareCategory, AutomationRulePropertyConditionSupportedPropertyMalwareName, AutomationRulePropertyConditionSupportedPropertyProcessCommandLine, AutomationRulePropertyConditionSupportedPropertyProcessID, AutomationRulePropertyConditionSupportedPropertyRegistryKey, AutomationRulePropertyConditionSupportedPropertyRegistryValueData, AutomationRulePropertyConditionSupportedPropertyURL}
}
// ConditionType enumerates the values for condition type.
type ConditionType string
const (
// ConditionTypeAutomationRuleCondition ...
ConditionTypeAutomationRuleCondition ConditionType = "AutomationRuleCondition"
// ConditionTypeProperty ...
ConditionTypeProperty ConditionType = "Property"
)
// PossibleConditionTypeValues returns an array of possible values for the ConditionType const type.
func PossibleConditionTypeValues() []ConditionType {
return []ConditionType{ConditionTypeAutomationRuleCondition, ConditionTypeProperty}
}
// ConfidenceLevel enumerates the values for confidence level.
type ConfidenceLevel string
const (
// ConfidenceLevelHigh High confidence that the alert is true positive malicious
ConfidenceLevelHigh ConfidenceLevel = "High"
// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
// attack
ConfidenceLevelLow ConfidenceLevel = "Low"
// ConfidenceLevelUnknown Unknown confidence, the is the default value
ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)
// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.
func PossibleConfidenceLevelValues() []ConfidenceLevel {
return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown}
}
// ConfidenceScoreStatus enumerates the values for confidence score status.
type ConfidenceScoreStatus string
const (
// ConfidenceScoreStatusFinal Final score was calculated and available
ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final"
// ConfidenceScoreStatusInProcess No score was set yet and calculation is in progress
ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess"
// ConfidenceScoreStatusNotApplicable Score will not be calculated for this alert as it is not supported by
// virtual analyst
ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
// ConfidenceScoreStatusNotFinal Score is calculated and shown as part of the alert, but may be updated
// again at a later time following the processing of additional data
ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal"
)
// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.
func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus {
return []ConfidenceScoreStatus{ConfidenceScoreStatusFinal, ConfidenceScoreStatusInProcess, ConfidenceScoreStatusNotApplicable, ConfidenceScoreStatusNotFinal}
}
// ConnectAuthKind enumerates the values for connect auth kind.
type ConnectAuthKind string
const (
// ConnectAuthKindAPIKey ...
ConnectAuthKindAPIKey ConnectAuthKind = "APIKey"
// ConnectAuthKindBasic ...
ConnectAuthKindBasic ConnectAuthKind = "Basic"
// ConnectAuthKindOAuth2 ...
ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2"
)
// PossibleConnectAuthKindValues returns an array of possible values for the ConnectAuthKind const type.
func PossibleConnectAuthKindValues() []ConnectAuthKind {
return []ConnectAuthKind{ConnectAuthKindAPIKey, ConnectAuthKindBasic, ConnectAuthKindOAuth2}
}
// ConnectivityType enumerates the values for connectivity type.
type ConnectivityType string
const (
// ConnectivityTypeIsConnectedQuery ...
ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery"
)
// PossibleConnectivityTypeValues returns an array of possible values for the ConnectivityType const type.
func PossibleConnectivityTypeValues() []ConnectivityType {
return []ConnectivityType{ConnectivityTypeIsConnectedQuery}
}
// ContentType enumerates the values for content type.
type ContentType string
const (
// ContentTypeAnalyticRule ...
ContentTypeAnalyticRule ContentType = "AnalyticRule"
// ContentTypeWorkbook ...
ContentTypeWorkbook ContentType = "Workbook"
)
// PossibleContentTypeValues returns an array of possible values for the ContentType const type.
func PossibleContentTypeValues() []ContentType {
return []ContentType{ContentTypeAnalyticRule, ContentTypeWorkbook}
}
// CreatedByType enumerates the values for created by type.
type CreatedByType string
const (
// CreatedByTypeApplication ...
CreatedByTypeApplication CreatedByType = "Application"
// CreatedByTypeKey ...
CreatedByTypeKey CreatedByType = "Key"
// CreatedByTypeManagedIdentity ...
CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
// CreatedByTypeUser ...
CreatedByTypeUser CreatedByType = "User"
)
// PossibleCreatedByTypeValues returns an array of possible values for the CreatedByType const type.
func PossibleCreatedByTypeValues() []CreatedByType {
return []CreatedByType{CreatedByTypeApplication, CreatedByTypeKey, CreatedByTypeManagedIdentity, CreatedByTypeUser}
}
// CustomEntityQueryKind enumerates the values for custom entity query kind.
type CustomEntityQueryKind string
const (
// CustomEntityQueryKindActivity ...
CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity"
)
// PossibleCustomEntityQueryKindValues returns an array of possible values for the CustomEntityQueryKind const type.
func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind {
return []CustomEntityQueryKind{CustomEntityQueryKindActivity}
}
// DataConnectorAuthorizationState enumerates the values for data connector authorization state.
type DataConnectorAuthorizationState string
const (
// DataConnectorAuthorizationStateInvalid ...
DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid"
// DataConnectorAuthorizationStateValid ...
DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid"
)
// PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.
func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState {
return []DataConnectorAuthorizationState{DataConnectorAuthorizationStateInvalid, DataConnectorAuthorizationStateValid}
}
// DataConnectorKind enumerates the values for data connector kind.
type DataConnectorKind string
const (
// DataConnectorKindAmazonWebServicesCloudTrail ...
DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
// DataConnectorKindAmazonWebServicesS3 ...
DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3"
// DataConnectorKindAPIPolling ...
DataConnectorKindAPIPolling DataConnectorKind = "APIPolling"
// DataConnectorKindAzureActiveDirectory ...
DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
// DataConnectorKindAzureAdvancedThreatProtection ...
DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
// DataConnectorKindAzureSecurityCenter ...
DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
// DataConnectorKindDynamics365 ...
DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365"
// DataConnectorKindGenericUI ...
DataConnectorKindGenericUI DataConnectorKind = "GenericUI"
// DataConnectorKindMicrosoftCloudAppSecurity ...
DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
// DataConnectorKindMicrosoftThreatIntelligence ...
DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence"
// DataConnectorKindMicrosoftThreatProtection ...
DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection"
// DataConnectorKindOffice365 ...
DataConnectorKindOffice365 DataConnectorKind = "Office365"
// DataConnectorKindOfficeATP ...
DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP"
// DataConnectorKindOfficeIRM ...
DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM"
// DataConnectorKindThreatIntelligence ...
DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
// DataConnectorKindThreatIntelligenceTaxii ...
DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii"
)
// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.
func PossibleDataConnectorKindValues() []DataConnectorKind {
return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAmazonWebServicesS3, DataConnectorKindAPIPolling, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindDynamics365, DataConnectorKindGenericUI, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindMicrosoftThreatIntelligence, DataConnectorKindMicrosoftThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindOfficeIRM, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii}
}
// DataConnectorLicenseState enumerates the values for data connector license state.
type DataConnectorLicenseState string
const (
// DataConnectorLicenseStateInvalid ...
DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
// DataConnectorLicenseStateUnknown ...
DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
// DataConnectorLicenseStateValid ...
DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid"
)
// PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.
func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState {
return []DataConnectorLicenseState{DataConnectorLicenseStateInvalid, DataConnectorLicenseStateUnknown, DataConnectorLicenseStateValid}
}
// DataTypeState enumerates the values for data type state.
type DataTypeState string
const (
// DataTypeStateDisabled ...
DataTypeStateDisabled DataTypeState = "Disabled"
// DataTypeStateEnabled ...
DataTypeStateEnabled DataTypeState = "Enabled"
)
// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.
func PossibleDataTypeStateValues() []DataTypeState {
return []DataTypeState{DataTypeStateDisabled, DataTypeStateEnabled}
}
// DeliveryAction enumerates the values for delivery action.
type DeliveryAction string
const (
// DeliveryActionBlocked Blocked
DeliveryActionBlocked DeliveryAction = "Blocked"
// DeliveryActionDelivered Delivered
DeliveryActionDelivered DeliveryAction = "Delivered"
// DeliveryActionDeliveredAsSpam DeliveredAsSpam
DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam"
// DeliveryActionReplaced Replaced
DeliveryActionReplaced DeliveryAction = "Replaced"
// DeliveryActionUnknown Unknown
DeliveryActionUnknown DeliveryAction = "Unknown"
)
// PossibleDeliveryActionValues returns an array of possible values for the DeliveryAction const type.
func PossibleDeliveryActionValues() []DeliveryAction {
return []DeliveryAction{DeliveryActionBlocked, DeliveryActionDelivered, DeliveryActionDeliveredAsSpam, DeliveryActionReplaced, DeliveryActionUnknown}
}
// DeliveryLocation enumerates the values for delivery location.
type DeliveryLocation string
const (
// DeliveryLocationDeletedFolder DeletedFolder
DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder"
// DeliveryLocationDropped Dropped
DeliveryLocationDropped DeliveryLocation = "Dropped"
// DeliveryLocationExternal External
DeliveryLocationExternal DeliveryLocation = "External"
// DeliveryLocationFailed Failed
DeliveryLocationFailed DeliveryLocation = "Failed"
// DeliveryLocationForwarded Forwarded
DeliveryLocationForwarded DeliveryLocation = "Forwarded"
// DeliveryLocationInbox Inbox
DeliveryLocationInbox DeliveryLocation = "Inbox"
// DeliveryLocationJunkFolder JunkFolder
DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder"
// DeliveryLocationQuarantine Quarantine
DeliveryLocationQuarantine DeliveryLocation = "Quarantine"
// DeliveryLocationUnknown Unknown
DeliveryLocationUnknown DeliveryLocation = "Unknown"
)
// PossibleDeliveryLocationValues returns an array of possible values for the DeliveryLocation const type.
func PossibleDeliveryLocationValues() []DeliveryLocation {
return []DeliveryLocation{DeliveryLocationDeletedFolder, DeliveryLocationDropped, DeliveryLocationExternal, DeliveryLocationFailed, DeliveryLocationForwarded, DeliveryLocationInbox, DeliveryLocationJunkFolder, DeliveryLocationQuarantine, DeliveryLocationUnknown}
}
// ElevationToken enumerates the values for elevation token.
type ElevationToken string
const (
// ElevationTokenDefault Default elevation token
ElevationTokenDefault ElevationToken = "Default"
// ElevationTokenFull Full elevation token
ElevationTokenFull ElevationToken = "Full"
// ElevationTokenLimited Limited elevation token
ElevationTokenLimited ElevationToken = "Limited"
)
// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.
func PossibleElevationTokenValues() []ElevationToken {
return []ElevationToken{ElevationTokenDefault, ElevationTokenFull, ElevationTokenLimited}
}
// EntityKind enumerates the values for entity kind.
type EntityKind string
const (
// EntityKindAccount Entity represents account in the system.
EntityKindAccount EntityKind = "Account"
// EntityKindAzureResource Entity represents azure resource in the system.
EntityKindAzureResource EntityKind = "AzureResource"
// EntityKindBookmark Entity represents bookmark in the system.
EntityKindBookmark EntityKind = "Bookmark"
// EntityKindCloudApplication Entity represents cloud application in the system.
EntityKindCloudApplication EntityKind = "CloudApplication"
// EntityKindDNSResolution Entity represents dns resolution in the system.
EntityKindDNSResolution EntityKind = "DnsResolution"
// EntityKindFile Entity represents file in the system.
EntityKindFile EntityKind = "File"
// EntityKindFileHash Entity represents file hash in the system.
EntityKindFileHash EntityKind = "FileHash"
// EntityKindHost Entity represents host in the system.
EntityKindHost EntityKind = "Host"
// EntityKindIoTDevice Entity represents IoT device in the system.
EntityKindIoTDevice EntityKind = "IoTDevice"
// EntityKindIP Entity represents ip in the system.
EntityKindIP EntityKind = "Ip"
// EntityKindMailbox Entity represents mailbox in the system.
EntityKindMailbox EntityKind = "Mailbox"
// EntityKindMailCluster Entity represents mail cluster in the system.
EntityKindMailCluster EntityKind = "MailCluster"
// EntityKindMailMessage Entity represents mail message in the system.
EntityKindMailMessage EntityKind = "MailMessage"
// EntityKindMalware Entity represents malware in the system.
EntityKindMalware EntityKind = "Malware"
// EntityKindProcess Entity represents process in the system.
EntityKindProcess EntityKind = "Process"
// EntityKindRegistryKey Entity represents registry key in the system.
EntityKindRegistryKey EntityKind = "RegistryKey"
// EntityKindRegistryValue Entity represents registry value in the system.
EntityKindRegistryValue EntityKind = "RegistryValue"
// EntityKindSecurityAlert Entity represents security alert in the system.
EntityKindSecurityAlert EntityKind = "SecurityAlert"
// EntityKindSecurityGroup Entity represents security group in the system.
EntityKindSecurityGroup EntityKind = "SecurityGroup"
// EntityKindSubmissionMail Entity represents submission mail in the system.
EntityKindSubmissionMail EntityKind = "SubmissionMail"
// EntityKindURL Entity represents url in the system.
EntityKindURL EntityKind = "Url"
)
// PossibleEntityKindValues returns an array of possible values for the EntityKind const type.
func PossibleEntityKindValues() []EntityKind {
return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIoTDevice, EntityKindIP, EntityKindMailbox, EntityKindMailCluster, EntityKindMailMessage, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindSubmissionMail, EntityKindURL}
}
// EntityMappingType enumerates the values for entity mapping type.
type EntityMappingType string
const (
// EntityMappingTypeAccount User account entity type
EntityMappingTypeAccount EntityMappingType = "Account"
// EntityMappingTypeAzureResource Azure resource entity type
EntityMappingTypeAzureResource EntityMappingType = "AzureResource"
// EntityMappingTypeCloudApplication Cloud app entity type
EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication"
// EntityMappingTypeDNS DNS entity type
EntityMappingTypeDNS EntityMappingType = "DNS"
// EntityMappingTypeFile System file entity type
EntityMappingTypeFile EntityMappingType = "File"
// EntityMappingTypeFileHash File-hash entity type
EntityMappingTypeFileHash EntityMappingType = "FileHash"
// EntityMappingTypeHost Host entity type
EntityMappingTypeHost EntityMappingType = "Host"
// EntityMappingTypeIP IP address entity type
EntityMappingTypeIP EntityMappingType = "IP"
// EntityMappingTypeMailbox Mailbox entity type
EntityMappingTypeMailbox EntityMappingType = "Mailbox"
// EntityMappingTypeMailCluster Mail cluster entity type
EntityMappingTypeMailCluster EntityMappingType = "MailCluster"
// EntityMappingTypeMailMessage Mail message entity type
EntityMappingTypeMailMessage EntityMappingType = "MailMessage"
// EntityMappingTypeMalware Malware entity type
EntityMappingTypeMalware EntityMappingType = "Malware"
// EntityMappingTypeProcess Process entity type
EntityMappingTypeProcess EntityMappingType = "Process"
// EntityMappingTypeRegistryKey Registry key entity type
EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey"
// EntityMappingTypeRegistryValue Registry value entity type
EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue"
// EntityMappingTypeSecurityGroup Security group entity type
EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup"
// EntityMappingTypeSubmissionMail Submission mail entity type
EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail"
// EntityMappingTypeURL URL entity type
EntityMappingTypeURL EntityMappingType = "URL"
)
// PossibleEntityMappingTypeValues returns an array of possible values for the EntityMappingType const type.
func PossibleEntityMappingTypeValues() []EntityMappingType {
return []EntityMappingType{EntityMappingTypeAccount, EntityMappingTypeAzureResource, EntityMappingTypeCloudApplication, EntityMappingTypeDNS, EntityMappingTypeFile, EntityMappingTypeFileHash, EntityMappingTypeHost, EntityMappingTypeIP, EntityMappingTypeMailbox, EntityMappingTypeMailCluster, EntityMappingTypeMailMessage, EntityMappingTypeMalware, EntityMappingTypeProcess, EntityMappingTypeRegistryKey, EntityMappingTypeRegistryValue, EntityMappingTypeSecurityGroup, EntityMappingTypeSubmissionMail, EntityMappingTypeURL}
}
// EntityQueryKind enumerates the values for entity query kind.
type EntityQueryKind string
const (
// EntityQueryKindActivity ...
EntityQueryKindActivity EntityQueryKind = "Activity"
// EntityQueryKindExpansion ...
EntityQueryKindExpansion EntityQueryKind = "Expansion"
// EntityQueryKindInsight ...
EntityQueryKindInsight EntityQueryKind = "Insight"
)
// PossibleEntityQueryKindValues returns an array of possible values for the EntityQueryKind const type.
func PossibleEntityQueryKindValues() []EntityQueryKind {
return []EntityQueryKind{EntityQueryKindActivity, EntityQueryKindExpansion, EntityQueryKindInsight}
}
// EntityQueryTemplateKind enumerates the values for entity query template kind.
type EntityQueryTemplateKind string
const (
// EntityQueryTemplateKindActivity ...
EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity"
)
// PossibleEntityQueryTemplateKindValues returns an array of possible values for the EntityQueryTemplateKind const type.
func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind {
return []EntityQueryTemplateKind{EntityQueryTemplateKindActivity}
}
// EntityTimelineKind enumerates the values for entity timeline kind.
type EntityTimelineKind string
const (
// EntityTimelineKindActivity activity
EntityTimelineKindActivity EntityTimelineKind = "Activity"
// EntityTimelineKindBookmark bookmarks
EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
// EntityTimelineKindSecurityAlert security alerts
EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)
// PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.
func PossibleEntityTimelineKindValues() []EntityTimelineKind {
return []EntityTimelineKind{EntityTimelineKindActivity, EntityTimelineKindBookmark, EntityTimelineKindSecurityAlert}
}
// EntityType enumerates the values for entity type.
type EntityType string
const (
// EntityTypeAccount Entity represents account in the system.
EntityTypeAccount EntityType = "Account"
// EntityTypeAzureResource Entity represents azure resource in the system.
EntityTypeAzureResource EntityType = "AzureResource"
// EntityTypeCloudApplication Entity represents cloud application in the system.
EntityTypeCloudApplication EntityType = "CloudApplication"
// EntityTypeDNS Entity represents dns in the system.
EntityTypeDNS EntityType = "DNS"
// EntityTypeFile Entity represents file in the system.
EntityTypeFile EntityType = "File"
// EntityTypeFileHash Entity represents file hash in the system.
EntityTypeFileHash EntityType = "FileHash"
// EntityTypeHost Entity represents host in the system.
EntityTypeHost EntityType = "Host"
// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
// EntityTypeIoTDevice Entity represents IoT device in the system.
EntityTypeIoTDevice EntityType = "IoTDevice"
// EntityTypeIP Entity represents ip in the system.
EntityTypeIP EntityType = "IP"
// EntityTypeMailbox Entity represents mailbox in the system.
EntityTypeMailbox EntityType = "Mailbox"
// EntityTypeMailCluster Entity represents mail cluster in the system.
EntityTypeMailCluster EntityType = "MailCluster"
// EntityTypeMailMessage Entity represents mail message in the system.
EntityTypeMailMessage EntityType = "MailMessage"
// EntityTypeMalware Entity represents malware in the system.
EntityTypeMalware EntityType = "Malware"
// EntityTypeProcess Entity represents process in the system.
EntityTypeProcess EntityType = "Process"
// EntityTypeRegistryKey Entity represents registry key in the system.
EntityTypeRegistryKey EntityType = "RegistryKey"
// EntityTypeRegistryValue Entity represents registry value in the system.
EntityTypeRegistryValue EntityType = "RegistryValue"
// EntityTypeSecurityAlert Entity represents security alert in the system.
EntityTypeSecurityAlert EntityType = "SecurityAlert"
// EntityTypeSecurityGroup Entity represents security group in the system.
EntityTypeSecurityGroup EntityType = "SecurityGroup"
// EntityTypeSubmissionMail Entity represents submission mail in the system.
EntityTypeSubmissionMail EntityType = "SubmissionMail"
// EntityTypeURL Entity represents url in the system.
EntityTypeURL EntityType = "URL"
)
// PossibleEntityTypeValues returns an array of possible values for the EntityType const type.
func PossibleEntityTypeValues() []EntityType {
return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMailbox, EntityTypeMailCluster, EntityTypeMailMessage, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeSubmissionMail, EntityTypeURL}
}
// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind.
type EventGroupingAggregationKind string
const (
// EventGroupingAggregationKindAlertPerResult ...
EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult"
// EventGroupingAggregationKindSingleAlert ...
EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert"
)
// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.
func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind {
return []EventGroupingAggregationKind{EventGroupingAggregationKindAlertPerResult, EventGroupingAggregationKindSingleAlert}
}
// FileHashAlgorithm enumerates the values for file hash algorithm.
type FileHashAlgorithm string
const (
// FileHashAlgorithmMD5 MD5 hash type
FileHashAlgorithmMD5 FileHashAlgorithm = "MD5"
// FileHashAlgorithmSHA1 SHA1 hash type
FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1"
// FileHashAlgorithmSHA256 SHA256 hash type
FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256"
// FileHashAlgorithmSHA256AC SHA256 Authenticode hash type
FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC"
// FileHashAlgorithmUnknown Unknown hash algorithm
FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown"
)
// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.
func PossibleFileHashAlgorithmValues() []FileHashAlgorithm {
return []FileHashAlgorithm{FileHashAlgorithmMD5, FileHashAlgorithmSHA1, FileHashAlgorithmSHA256, FileHashAlgorithmSHA256AC, FileHashAlgorithmUnknown}
}
// IncidentClassification enumerates the values for incident classification.
type IncidentClassification string
const (
// IncidentClassificationBenignPositive Incident was benign positive
IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
// IncidentClassificationFalsePositive Incident was false positive
IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
// IncidentClassificationTruePositive Incident was true positive
IncidentClassificationTruePositive IncidentClassification = "TruePositive"
// IncidentClassificationUndetermined Incident classification was undetermined
IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)
// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.
func PossibleIncidentClassificationValues() []IncidentClassification {
return []IncidentClassification{IncidentClassificationBenignPositive, IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUndetermined}
}
// IncidentClassificationReason enumerates the values for incident classification reason.
type IncidentClassificationReason string
const (
// IncidentClassificationReasonInaccurateData Classification reason was inaccurate data
IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData"
// IncidentClassificationReasonIncorrectAlertLogic Classification reason was incorrect alert logic
IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
// IncidentClassificationReasonSuspiciousActivity Classification reason was suspicious activity
IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
// IncidentClassificationReasonSuspiciousButExpected Classification reason was suspicious but expected
IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)
// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.
func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason {
return []IncidentClassificationReason{IncidentClassificationReasonInaccurateData, IncidentClassificationReasonIncorrectAlertLogic, IncidentClassificationReasonSuspiciousActivity, IncidentClassificationReasonSuspiciousButExpected}
}
// IncidentLabelType enumerates the values for incident label type.
type IncidentLabelType string
const (
// IncidentLabelTypeSystem Label automatically created by the system
IncidentLabelTypeSystem IncidentLabelType = "System"
// IncidentLabelTypeUser Label manually created by a user
IncidentLabelTypeUser IncidentLabelType = "User"
)
// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.
func PossibleIncidentLabelTypeValues() []IncidentLabelType {
return []IncidentLabelType{IncidentLabelTypeSystem, IncidentLabelTypeUser}
}
// IncidentSeverity enumerates the values for incident severity.
type IncidentSeverity string
const (
// IncidentSeverityHigh High severity
IncidentSeverityHigh IncidentSeverity = "High"
// IncidentSeverityInformational Informational severity
IncidentSeverityInformational IncidentSeverity = "Informational"
// IncidentSeverityLow Low severity
IncidentSeverityLow IncidentSeverity = "Low"
// IncidentSeverityMedium Medium severity
IncidentSeverityMedium IncidentSeverity = "Medium"
)
// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.
func PossibleIncidentSeverityValues() []IncidentSeverity {
return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium}
}
// IncidentStatus enumerates the values for incident status.
type IncidentStatus string
const (
// IncidentStatusActive An active incident which is being handled
IncidentStatusActive IncidentStatus = "Active"
// IncidentStatusClosed A non-active incident
IncidentStatusClosed IncidentStatus = "Closed"
// IncidentStatusNew An active incident which isn't being handled currently
IncidentStatusNew IncidentStatus = "New"
)
// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.
func PossibleIncidentStatusValues() []IncidentStatus {
return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew}
}
// KillChainIntent enumerates the values for kill chain intent.
type KillChainIntent string
const (
// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
// such as sensitive files, from a target network prior to exfiltration. This category also covers
// locations on a system or network where the adversary may look for information to exfiltrate.
KillChainIntentCollection KillChainIntent = "Collection"
// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
// with systems under their control within a target network.
KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
// control over system, domain, or service credentials that are used within an enterprise environment.
// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
// (local system administrator or domain users with administrator access) to use within the network. With
// sufficient access within a network, an adversary can create accounts for later use within the
// environment.
KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
// in other categories that have the added benefit of subverting a particular defense or mitigation.
KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
// about the system and internal network. When adversaries gain access to a new system, they must orient
// themselves to what they now have control of and what benefits operating from that system give to their
// current objective or overall goals during the intrusion. The operating system provides many native tools
// that aid in this post-compromise information-gathering phase.
KillChainIntentDiscovery KillChainIntent = "Discovery"
// KillChainIntentExecution The execution tactic represents techniques that result in execution of
// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
// lateral movement to expand access to remote systems on a network.
KillChainIntentExecution KillChainIntent = "Execution"
// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
// adversary removing files and information from a target network. This category also covers locations on a
// system or network where the adversary may look for information to exfiltrate.
KillChainIntentExfiltration KillChainIntent = "Exfiltration"
// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
// user accounts, certificates etc. Adversaries will often be able to control the resource after this
// stage.
KillChainIntentExploitation KillChainIntent = "Exploitation"
// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
// integrity of a system, service, or network; including manipulation of data to impact a business or
// operational process. This would often refer to techniques such as ransom-ware, defacement, data
// manipulation and others.
KillChainIntentImpact KillChainIntent = "Impact"
// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
// access and control remote systems on a network and could, but does not necessarily, include execution of
// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
// from a system without needing additional tools, such as a remote access tool. An adversary can use
// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
// access to specific information or files, access to additional credentials, or to cause an effect.
KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
// to systems through interruptions such as system restarts, loss of credentials, or other failures that
// would require a remote access tool to restart or alternate backdoor for them to regain access.
KillChainIntentPersistence KillChainIntent = "Persistence"
// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
// higher level of privilege to work and are likely necessary at many points throughout an operation. User
// accounts with permissions to access specific systems or perform specific functions necessary for
// adversaries to achieve their objective may also be considered an escalation of privilege.
KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
// malicious intent or a failed attempt to gain access to a target system to gather information prior to